Tuesday, 7 February 2023

Virgin Media  DNS hijacking 

Having own DNS servers is a good practice, rather than letting your ISP to direct traffic to their liking. Virgin Media's stupid landing page for unresolved DNS was driving me nuts. Even after running my own bind9 I noticed that the DNS queries  are still being hijacked by VirginMedia and reroute via their garbage .   The simple test to prove this  is dnsleak
 
The ISP column will have a Virgin Media entry.

Lets see how we can work around this . 
  • setup a £5/month VPS &  run bind9 on it
  •  link the home gateway & VPS via wireguard  & point all DNS upstream to this VPS
  • add iptables rule to PREROUTE   plus usual masquarding rules on wireguard interface
iptables -t nat -A PREROUTING -p udp --dport 53 -j DNAT --to 192.168.6.1:53
 
where 192.168.6.1 is the VPS  

  • run dnsleak test again
 

yay ! its the cloud provider's DNS - which I dont mind. 
 
a few days later I get a letter in the post ...  
 

 According these wankers my router is "misconfigured" -  ODNSR  vulnerability my arse !
 
 
 
 

No comments:

Post a Comment