Does Host

by | Aug 29, 2020 | Security

This post is a sidebar on an deep dive into domain redirects as it relates to redirecting to If you haven’t already done so, please read the post titled Antifa Redirects to Joe Biden for context on why this part of the test was necessary and important.

There is a meme going around right now that says to type in and see what happens. Spoiler: antifa redirects to Joe Biden.  That is redirects to

The political right says this shows Biden’s support for antifa.  The political left is claiming it’s just some prankster pointing a domain to a server to make a presidential candidate look bad.

Let’s avoid the politics and break it down technically and see what’s going on.

Associating a website with a domain

When a domain is registered, it has the option of having a website associated with it.  To assign a website, the domain administrator must do three things:

  1. Establish a hosting platform somewhere
  2. Obtain an IP address for the server
  3. Associate the domain name with the IP address.

When a user requests a website, the domain name server (DNS) converts the website URL into a numerical address (the IP address) and then looks for the website at the server, retrieves the files, and displays the website.

When a web server responds to the request, it actually looks at the combination of host-header name (the URL) and the IP address to make sure that it’s serving the correct website.  This allows multiple websites to be hosted on the same IP address.  It is, however, possible to configure a server to respond to any domain requests with the files of the primary domain on that server.  There are good reasons to do this and there are bad reasons to do this.  And sometimes it misconfigured this way and nobody notices it until it’s too late.

Pointing a rogue domain to a server

Lets see what happens if we assign a domain name to the server that runs when that server is not accepting traffic for another domain.   If the server accepts the domain request and redirects to, we’ll know that the redirection is open and it’s possible that any domain pointed to this server will redirect to  This would leave open the possibility that the antifa redirect is a prank or a malicious attempt to influence the election.

We’ll use our own domain name as test knowing for 100% sure that the domain and server are not affiliated in any way.

Pointing the unauthorized domain to the server

By quickly modifying the local hosts file, we can override the DNS cache and to set IP address for to that of  This will point our local requests for to the server running

Now for the big test.  If we try to load, it’ll reference the server that hosts  We’ll either get a redirect to, we’ll get the address bar saying but showing us, or we’ll get an error.

Fastly error: unknown domain: Please check that this domain has been added to a service.

Details: cache-ewr18154-EWR


It didn’t accept the domain. In fact, it threw an explicit error that the domain has not been added to a service, meaning that this site will not serve up files for any domain that is not preconfigured on the site.

That confirms that the Fastly server will not respond to requests for, but it doesn’t indicate one way the other what would happen if is pointed to that server.

Let’s Try

Using the same local DNS trick, we can see if the server hosting will accept requests for  

As we anticipated, it will not. The Fastly server hosting is not hosting and will not respond to requests for

But is still redirecting to  Read the Antifa Redirects to Joe Biden post for more information on how this is happening and what it all means.



Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.