FIOS DNS Hack Directed to unallocated.barefruit.co.uk92.242.140.21
ndccpf1
Enthusiast - Level 1

For the past 3 days the DNS for me (and people I know from work that have FIOS) has been correupted by what appears to be a DNS hack / re-direct to barefruit.co.uk92.242.140.21. This is causing super slow resolve times for websites, super SLOW connection times for the office VPN and lack of DNS at home to reach machines via their hostnames (IP address works).

I logged a ticket two days ago to Verizon but this is still an issue. Can the real network (not voice) engineers at Verizon resolve this ?

Example: (code1.emi.philips.com appends from our office naming convention)

nslookup www.cnn.com
Server:  Wireless_Broadband_Router.home
Address:  192.168.1.1

Non-authoritative answer:
Name:    www.cnn.com.code1.emi.philips.com
Address:  92.242.140.21

General IP Information
IP: 92.242.140.21
Decimal: 1559399445
Hostname: unallocated.barefruit.co.uk
ISP: Barefruit Ltd.
Organization: Barefruit Ltd.
Services: None detected
Type: 
Assignment: Static IP

1 Solution
djjsin1
Enthusiast - Level 2

I got a response from Verizon today about this.

"This is expected bahavior.  The Verizon Online DNS resolvers have NXDOMAIN redirection services that redirect any unknown host to a sponsored search page.  You can opt out of this by changing your resolver from .12 to .14."

View solution in original post

17 Replies
viafax999
Community Leader
Community Leader

This is a peer support group.  We are users just like you.

You need to contact tech support if it is still an issue.

0 Likes
Reply
smith6612
Community Leader
Community Leader

This might be the result of Verizon's DNS redirection on nxdomain responses. It's possible Verizon's DNS is yet again broken.

If you want to use Verizon's DNS services instead of servers like OpenDNS, do this. Take the IP addresses of the DNS Servers your router shows, and change the last digit from 12 to 14. This will give you proper DNS. If changing the DNS Sever doesn't fix the problem, let us know.

Hubrisnxs
Legend

Good option, also try emailing that kind of issue to DNS@verizon.com and see if they can help.

0 Likes
Reply
Hubrisnxs
Legend

if it's a dns hack, changing your dns would fix it.

if that doesn't fix it, you might have a different problem, in that case post a traceroute

0 Likes
Reply
de7054814
Newbie

Monday August 4th 6AM EST

I noticed this address as well. Outgoing excerpt from my router log '92.242.140.21:427'.

Who is results . . .

[Querying whois.arin.net]
[Redirected to whois.ripe.net:43]
[Querying whois.ripe.net]
[whois.ripe.net]
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '92.242.140.0 - 92.242.140.255'

% Abuse contact for '92.242.140.0 - 92.242.140.255' is 'abuse@barefruit.co.uk'

inetnum:        92.242.140.0 - 92.242.140.255
netname:        BAREFRUIT-ERRORHANDLING
descr:          BAREFRUIT-US-ANYCAST-A
country:        GB
org:            ORG-BL53-RIPE
admin-c:        PR42-RIPE
tech-c:         PR42-RIPE
status:         ASSIGNED PA
mnt-by:         CATALYST2-MNT
source:         RIPE # Filtered

{Edited to comply with guidelines}

mnt-by: CATALYST2-MNT source: RIPE # Filtered nic-hdl: PR42-RIPE % Information related to '92.242.140.0/24AS45028' route: 92.242.140.0/24 descr: BF-MC-1 origin: AS45028 mnt-by: CATALYST2-MNT source: RIPE # Filtered
0 Likes
Reply
Elysiom
Enthusiast - Level 1
I work as a System Admin in the Northeast for a mid sized company, we started seeing this last week on Wednesday (July 30th)

VPN'd users on FiOS are having all sorts of name resolution issues, everything resolves to this address even if it doesn't exist (should return NXDOMAIN), as soon as we change the user's local DNS from Verizon to Google / Open DNS etc. everything starts working again.

This is extremely frustrating (I'm a FiOS customer as well) I opened a ticket and they denied any issues with their DNS and to top it off the network technician refused to talk to me on the phone and rather suggesting it's all "on our end".... The issue was swept under the rug instead of being seriously dealt with.
jeckard
Enthusiast - Level 1

This problem caused havoc with our VPN as well which is how we discovered it.  Switching DNS severs fixed the problem.

djjsin1
Enthusiast - Level 2

I'm having this same issue.  this has broken my companies VPN system.  Nothign resolved properly anymore on a fios connection.

djjsin1
Enthusiast - Level 2

I got a response from Verizon today about this.

"This is expected bahavior.  The Verizon Online DNS resolvers have NXDOMAIN redirection services that redirect any unknown host to a sponsored search page.  You can opt out of this by changing your resolver from .12 to .14."

mnemanov
Enthusiast - Level 2

I also noticed this issue recently.

I noticed a DNS Suffix of SME on my IP configuration, which may (or may not) be related to this.

I changed my IP Configuration to remove this DNS Suffix and it seems to have resolved my VPN issues.

I can't find any info on this dns suffix in google searches.

mn

rhulse1
Enthusiast - Level 1

This is still an issue months after Verizon was made aware that their DNS was redirecting customers incorrectly.  Now when this hapens, FiOS routers are creating port forwarding rules for this ip address and company Barefruit without the knowledge of their customers.  How is an everyday user to know that this is going on as they have no idea how to log into the web interface of a router?!  First level tech support at Verizon act like they have never heard of this issue when you call, it was only after they put me on the phone with Actiontech that it was immediately addressed.

tns2
Community Leader
Community Leader

Issue?  its fully explained behavior.  If you use the default Verizon DNS server and give it a invalid url name, instead of just giving an invalid name they will give you one with a did you mean type message and ads.

Don't like it.  Manually set your DNS servner addresses from xxx.xxx.xxx.12 to xxx.xxx.xxx.14.

0 Likes
Reply
mnemanov
Enthusiast - Level 2

Just a quick follow up.

it seems my problem is not solved by removing the SME dns suffix.

mn

0 Likes
Reply
jdcircuit
Enthusiast - Level 1

I found my router has been hacked as well... the remote admin port was set open and there were QOS additions made to my setting.  This is very concerning... and wonder what Verizon is doing to address this?

I googled this ip address and found this discussion in this forum. 

image

CLTPA56
Enthusiast - Level 1

This started happening on 9/9/15 to my Citrix receiver sessions where Verizon DNS server would  not resolve to the proper  IP address. Malwarebytes caught and prevented the outbound connection.  I fixed it by changing the DNS settings (Internet Protocol Version 4 (TCP/IPv4) properties) to either Google or OpenDNS (I went with Google). Google is 8.8.8.8 or 8.8.4.4.

Ned2
Enthusiast - Level 2

Barefruit redirects by an ISP suck plain and simple.

0 Likes
Reply
LawrenceC
Moderator Emeritus

As this thread is now over two years old, it will be locked in order to keep discussions current. If you have the same or a similar question/issue we invite you to start a new thread on the topic.

0 Likes
Reply