Databox and the Virgin Media Hub and Super Hub

[Toshbrown]

Some time ago @jpszjac reported that he could not get databox to work at home. After trying to debug the issue we could not find the root cause. I have recently experienced the same issue while working at a house with Virgin Media.

This problem is caused by Virgin Medias use of Barefruit (http://barefruit.co.uk/)

Barefruit generates highly targeted traffic for ISPs by replacing DNS and HTTP errors with relevant advertising.

This means that any DNS error resolves to 92.242.132.24 see below:

dig arbiter

; <<>> DiG 9.10.6 <<>> arbiter
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50599
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;arbiter.           IN  A

;; ANSWER SECTION:
arbiter.        0   IN  A   92.242.132.24

;; Query time: 20 msec
;; SERVER: 194.168.4.100#53(194.168.4.100)
;; WHEN: Thu Jun 28 00:37:14 BST 2018
;; MSG SIZE  rcvd: 52

This causes the core network to resolve the arbiter to 92.242.132.24:

018-06-27 23:18:47 +00:00: INF [core] starting interface monitor...
2018-06-27 23:18:47 +00:00: INF [core] starting junction...
2018-06-27 23:18:47 +00:00: INF [policy] allow privileged hostname: arbiter
2018-06-27 23:18:49 +00:00: INF [policy] allow privileged network: 10.0.0.0/24
2018-06-27 23:18:49 +00:00: INF [junction] register intf eth0 10.0.0.3 10.0.0.0/24
2018-06-27 23:18:49 +00:00: INF [junction] start local service on eth0...
2018-06-27 23:18:49 +00:00: INF [junction] set gateway for eth1(172.18.0.0/16) to 172.18.0.1
2018-06-27 23:18:49 +00:00: INF [junction] register intf eth1 172.18.0.3 172.18.0.0/16
2018-06-27 23:18:56 +00:00: INF [policy] Policy.connect_for_privileged 10.0.0.4 <> arbiter
2018-06-27 23:18:56 +00:00: INF [dns] try to resolve arbiter...
2018-06-27 23:18:56 +00:00: INF [dns] resolved: arbiter 92.242.132.24
2018-06-27 23:18:56 +00:00: ERR [interfaces] from_same_network: interface not found for 92.242.132.24

This leaves databox in a nonworking state :-(

@sevenEng @mor1 looks like the core network will need some tweaking to resolve this issue before we get caught out by this in deployments.

[LukeShirnia]

Hi. I appreciate this issue was raised quite a while ago but I had the same issue recently with an unrelated docker stack and it was driving me insane. Virgin media caused the issue and you can opt out from this DNS service as described here:

https://community.virginmedia.com/t5/Networking-and-WiFi/DNS-hijacking-how-to-disable-opt-out/m-p/4145614

Hope this update can be a time saving for anyone else experiencing this silly Virgin Media specific issue.

[haddadi]

many thanks for this report!

[deep42Thought]

92.242.132.24 issue has occurred with our customers. Our firewall has firewalled out this IP address as part of a range because of spam and also being blacklist on spam monitors This causes Blackfruit DNS server search not to see our IP address because it is firewalled out - so it assumes that we do not exist. It then tries to redirect our customer access (eg to our websites including sfmes.co.uk) to their own IP address. But our DNS is tighjtly configured to insist on https and- so any decent browser will bounce the diversion. The net result is no advertising for Blackfruit and our customers advised to change their DNS to google 8.8.8.8/8.8.4.4