Hi,
On my computer when nslookup for “bbc.co.uk ” with 1.1.1.1, I got a response with an invalid A record , while no issue with 8.8.8.8. Probably an interception by ISP?
C:\Users2020>nslookup www.bbc.co.uk 1.1.1.1
Server: one.one.one.one
Address: 1.1.1.1
Non-authoritative answer:
Name: www.bbc.co.uk
Address: 31.13.78.65
C:\Users2020>nslookup www.bbc.co.uk 1.0.0.1
Server: one.one.one.one
Address: 1.0.0.1
Non-authoritative answer:
Name: www.bbc.co.uk
Address: 31.13.78.65
C:\Users2020>nslookup www.bbc.co.uk 8.8.8.8
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
Name: www.bbc.net.uk
Addresses: 212.58.244.70
212.58.249.212
Aliases: www.bbc.co.uk
1.1.1.1 — the Internet’s Fastest, Privacy-First DNS Resolver
Thank you
sandro
March 19, 2019, 8:31am
2
The BBC does appear to return different records, probably based on the client’s subnet. However in your case it seems to be a Facebook address, which probably is not right.
Considering you are on Windows, could you run the following command in a PowerShell console and post the output here?
(Invoke-WebRequest -Uri 'https://1.1.1.1/dns-query?ct=application/dns-json&name=www.bbc.co.uk').RawContent
1 Like
This is the output from PowerShell:
HTTP/1.1 200 OK
Connection: keep-alive
Access-Control-Allow-Origin: *
Expect-CT: max-age=604800, report-uri=“https://report-uri.Cloudflare.com/cdn-cgi/beacon/expect-ct ”
CF-RAY: 4b9e338c2b2fc8dd-BKK
Content-Length: 209
Cache-Control: max-age=197
Content-Type: application/dns-json
Date: Tue, 19 Mar 2019 08:50:53 GMT
Server: Cloudflare
{“Status”: 0,“TC”: false,“RD”: true, “RA”: true, “AD”: false,“CD”: false,“Question”:[{“name”: “www.bbc.co.uk .”, “type”:
1}],“Answer”:[{“name”: “www.bbc.co.uk .”, “type”: 1, “TTL”: 197, “data”: “69.63.176.59”}]}
sandro
March 19, 2019, 8:55am
4
This also appears to be a Facebook address.
I somewhat doubt the BBC hosts with Facebook but on the other hand this response should really not have been tampered with.
Tagging @cs-cf
1 Like
So glad to know that there’s no interception by the ISP!
I can’t access “www.bbc.co.uk ” for many weeks. The site can access normally while I use 8.8.8.8 as a resolver.
This should be an issue from a Cloudflare 1.1.1.1 resolver.
cs-cf
March 19, 2019, 3:13pm
6
Thanks for reporting our DNS team is investigating.
1 Like
@cs-cf
Any update for this issue? Thanks.
cs-cf
March 26, 2019, 12:51pm
8
The query was indeed being intercepted, the network provider and the BBC have both been notified.
1 Like
sandro
March 26, 2019, 12:53pm
9
By whom? DoH also returned a seemingly incorrect value.
Judge
March 26, 2019, 4:47pm
10
I believe DoH is just HTTPS from the client to the RR. A regular DNS query is made from the RR to the authoritative dns.
sandro
March 26, 2019, 4:59pm
11
Are you suggesting the connection between Cloudflare and the authoritative nameserver was hijacked? I understood @cs-cf ’s response as if the connection between the user and Cloudflare was intercepted.
Judge
March 26, 2019, 5:07pm
12
Just based on DoH providing the same wrong IP I would guess it’s an intermittent edns issue, but that does conflict with his response. /shrug
sandro
March 26, 2019, 5:16pm
13
“Same, wrong” or “same wrong”?
The former is true, the latter not, as the IP actually was different from the regular DNS request, even though it still pointed to Facebook . Hence my plea for clarification to @cs-cf
1 Like