website pool broken

Posted: 2018-04-24 09:30:10 by Alasdair Keyes

Direct Link | RSS feed

Until recently, the GnuPG section of my site which lists my GPG fingerprint had a link to for visitors to make some verification of my key.

I accidentally clicked this link a few days ago and noticed that I was redirected to instead of the expected website. I checked with Mike and he was seeing the correct site.

This looked interesting, it could be some misconfiguration or potentially something more nefarious like a DNS poisoning.

I dug into it a little and it looks like operates a round-robin DNS setup for it's web server cluster with 9 hosts.

$ host -t A is an alias for has address has address has address has address has address has address has address has address has address

I wrote a small script to query each individual IP for the website, the result was

  1. Redirects to
  2. No response
  3. Redirects to
  4. No response
  5. No response
  6. No response
  7. No response
  8. ****: No response
  9. No response

On the plus side, it doesn't look to be anything nefarious, just lack of maintenance and competence. It looks as though the GnuPG keys webs server setup is really broken, I have no idea how long this has been broken in this way, but it doesn't scream 'secure'.

As such, I've removed the link from my site and I now just use and I suggest you stop using it too.

If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz

© Alasdair Keyes

IT Consultancy Services

I'm now available for IT consultancy and software development services - Cloudee LTD.

Happy user of Digital Ocean (Affiliate link)


Validate HTML 5