Back to Help and Support
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
1

Ask

2

Reply

3

Solution

Vodafone poisoning DNS and injecting SSL cert when browsing imgur.com

Go to solution
yvshmr
2: Seeker
2: Seeker

‎28-12-2017 12:13 PM - edited ‎28-12-2017 12:38 PM

I've got all content filtering turned off, yet Vodafone is still injecting an SSL certificate from contentcontrol.vodafone.co.uk when I browse imgur.com.

 

I've seen other solutions to switch my DNS server away from Vodafone, but this isn't really a reasonable solution for mobile phones.

 

Any word on getting this fixed so that turning content control off means it's actually off?

 

Configuration:

Screen Shot 2017-12-28 at 12.06.13 PM.png

 

Chrome screenshot:

Screenshot_20171228-121003.jpg

0 Thanks
1 ACCEPTED SOLUTION

Go to solution
yvshmr
2: Seeker
2: Seeker

‎28-12-2017 12:37 PM - edited ‎28-12-2017 12:52 PM

This is a problem with the Vodafone DNS server - when I do a DNS lookup on imgur.com against Vodafone's DNS server, it comes back with a Vodafone IP but when I use a public DNS server like Google's, it points at the correct IP.

 

I've resolved this by logging in to the router and changing its DNS settings to point to Google's DNS servers so that all connected devices work automatically. Hopefully this helps the next person to experience this issue. 

 

 

~ $ dig @192.168.1.1 imgur.com

; <<>> DiG 9.8.3-P1 <<>> @192.168.1.1 imgur.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31403
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;imgur.com.			IN	A

;; ANSWER SECTION:
imgur.com.		300	IN	A	90.255.255.1

;; Query time: 19 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Thu Dec 28 12:32:41 2017
;; MSG SIZE  rcvd: 43

~ $ dig @8.8.8.8 imgur.com

; <<>> DiG 9.8.3-P1 <<>> @8.8.8.8 imgur.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18115
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;imgur.com.			IN	A

;; ANSWER SECTION:
imgur.com.		2582	IN	A	151.101.16.193

;; Query time: 9 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Dec 28 12:32:47 2017
;; MSG SIZE  rcvd: 43

 

View solution in original position

0 Thanks
4 REPLIES 4

Go to solution
yvshmr
2: Seeker
2: Seeker

‎28-12-2017 12:37 PM - edited ‎28-12-2017 12:52 PM

This is a problem with the Vodafone DNS server - when I do a DNS lookup on imgur.com against Vodafone's DNS server, it comes back with a Vodafone IP but when I use a public DNS server like Google's, it points at the correct IP.

 

I've resolved this by logging in to the router and changing its DNS settings to point to Google's DNS servers so that all connected devices work automatically. Hopefully this helps the next person to experience this issue. 

 

 

~ $ dig @192.168.1.1 imgur.com

; <<>> DiG 9.8.3-P1 <<>> @192.168.1.1 imgur.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31403
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;imgur.com.			IN	A

;; ANSWER SECTION:
imgur.com.		300	IN	A	90.255.255.1

;; Query time: 19 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Thu Dec 28 12:32:41 2017
;; MSG SIZE  rcvd: 43

~ $ dig @8.8.8.8 imgur.com

; <<>> DiG 9.8.3-P1 <<>> @8.8.8.8 imgur.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18115
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;imgur.com.			IN	A

;; ANSWER SECTION:
imgur.com.		2582	IN	A	151.101.16.193

;; Query time: 9 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Dec 28 12:32:47 2017
;; MSG SIZE  rcvd: 43

 

0 Thanks

Go to solution
Mark
Community Manager
Community Manager

‎01-01-2018 08:56 AM - edited ‎01-01-2018 08:58 AM

@yvshmr As we'll need access to your account to look into this for you, please get in touch with our Broadband Live Chat team.

0 Thanks

Go to solution
Soofla
10: Established
10: Established
In response to Mark

‎02-01-2018 11:00 AM

You really don't need to look into his account for this issue at all - there isn't a Vodafone customer who isn't having this problem.

The Vodafone DNS is broken on this site and many more. The ONLY way Vodafone braodband customers can have reliable DNS lookup responses is if they change away from the Vodafone servers and use some of the large, public ones instead (Google being a favourite for many).

As soon as people do this, ALL of the DNS issues go away - so a very good indication where the problem is. This leaves two unfortunate problems:

1. Many of your customers don't know how to fix this issue

2. Your technical support "script readers" also won't know how to fix this and will certainly not talk a customer through changing DNS servers or offer to escalate this to 2nd line support

Don't waste time asking for the user's account details - instead contact your 2nd line and infrastructure support teams and ask them when they are going to fix the issue.

Go to solution
michaelcj
3: Seeker
3: Seeker
In response to Soofla

‎03-01-2018 07:39 PM

My broadband is working yet (probably an Openreach issue that I documented in too muchdetail further up the board) but good to know this once it does spring into life.

I guess its entirely possible (and reasonable?) that an isp would route certain traffic through its own proxy servers for caching and maybe filtering?

By the way, had I known there were a few other technical folk on the board, I would have given a bit more technical detail into my problem (no service at all). Even if I can't solve the problem I'd love to know in a bit more detail what the situation is and not just "....openreach didn't finish and will give an update soon...". It would be interesting to know what they need to do etc? Anyway, don't want to hijack your thread - perhaps I should update my own?

 

0 Thanks