Virgin Media, why are you manipulating my traffic?

This post is very old now and the information below may well be inaccurate.
6th April 2014: TalkTalk appear to be doing something similar
7th April 2014: Plusnet are doing it too. The responses to my post have hightlighted that using DNSCrypt + OpenDNS doesn’t allow you to opt out of this behaviour which suggests a deal between the ISPs, Google and OpenDNS has been made.

Virgin Media why does resolve to What a funny name for a PTR record, but seriously, why are you manipulating my traffic?

I was testing something only to find that, both resolve to an IP address owned by Virgin Media.

PING ( 56 data bytes 64 bytes from icmp_seq=0 ttl=58 time=17.569 ms

nslookup Server: Address: Non-authoritative answer: Name: Address:

host domain name pointer

Performing a dig a +trace fools me into thinking that is dishing out these Virgin owned IPs, yet a query from elsewhere tells me otherwise.

Using Virgin Media

dig a
;; ANSWER SECTION: 300 IN A 300 IN A 300 IN A 300 IN A 300 IN A 300 IN A 300 IN A 300 IN A 300 IN A 300 IN A 300 IN A 300 IN A 300 IN A 300 IN A 300 IN A 300 IN A

Another ISP

dig a
;; ANSWER SECTION: 300 IN A 300 IN A 300 IN A 300 IN A 300 IN A 300 IN A

Most odd. Especially seeing as I do not use Virgin Media’s DNS resolvers, I use to be exact, according to OpenDNS’ cache check matches my other ISP, a whole bunch of IPs none of which are anywhere near this we’re seeing from Virgin Media.

So for some reason Virgin Media someone is manipulating the DNS response I recieve from OpenDNS’, for, and possibly other domains. They’re also proxying to me as loading in a web browser shows me Google’s home page, creepy. Ok so where does a traceroute take me?

traceroute: Warning: has multiple addresses; using traceroute to (, 64 hops max, 52 byte packets
  • 1 ( 4.610 ms 4.257 ms 34.474 ms
  • 2 ( 22.904 ms 79.800 ms 14.122 ms
  • 3 ( 13.692 ms 12.621 ms 11.575 ms
  • 4 ( 33.107 ms 16.609 ms 27.541 ms
  • 5 ( 28.404 ms ( 15.146 ms 25.651 ms
  • 6 ( 14.849 ms 16.701 ms 16.381 ms
  • 7 * * *
  • 8 * * *

Most interesting that it stops here: (

haye-icdn-1, what do you do? A quick google (ironic) reveals this thread titled ‘Virgin hijacking’. One user suggests:

Content Distribution Network ran by Virgin to try and speed things up. It’s not really hijacking, per-se and if it worked, it would actually be a good thing. The problem is, it’s heavily congested so has the opposite effect.


I have no idea why Virgin and OpenDNS feel the need to proxy or CDN for me. The ping response time to one of Google’s actual IPs is 20.049 ms. From now on I will encrypt my DNS traffic to OpenDNS using DNSCrypt and one of the suggested DNS providers, it takes 5 seconds to install their app.

Ahh, that’s better :-)

Some Notes

  • My Virgin SuperHub is in modem mode
  • It’s entirely possible Virgin Media has struck a deal with OpenDNS however I couldn’t find mention of that anywhere and it seems unlikely. The responses to this post have led me to believe some deal has been made.

Discuss at HN:

Jack Pearce

Jack Pearce

Hi, I'm Jack, working as a Solutions Architect