There’s an interesting DNS misconfiguration for korfilm.com.kp, the website for the Korea Film Export & Import Corporation. It appears that someone made a typo when configuring the DNS records leading to one of the entries pointing to an Apple owned IP instead of a North Korean one.
This is the current A record for korfim.com.kp:
$ dig korfilm.com.kp a
; <<>> DiG 9.10.6 <<>> korfilm.com.kp a
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20685
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;korfilm.com.kp. IN A
;; ANSWER SECTION:
korfilm.com.kp. 27819 IN A 175.45.176.81
korfilm.com.kp. 27819 IN A 17.45.177.11
Querying the DNS servers directly confirms that both are showing the misconfiguration.
$ dig @ns1.korfilm.com.kp korfilm.com.kp a +short
175.45.176.81
17.45.177.11
$ dig @ns2.korfilm.com.kp korfilm.com.kp a +short
175.45.176.81
17.45.177.11
Obviously not a great mistake as this can cause traffic meant for the domain to be routed to Apple’s IP. The earliest evidence that I can find shows this misconfiguration has been in place since June 2024
Thanks to marco@marcopisco.com for the tip about the misconfiguration