This is a great article and thanks for creating this series of posts.
One more thing that all the browser support ( think all) is they validate the SSL certificate associated with the DNS. if response is coming from another malicious IP they wont have the correct certificate and browser will highlight that. But for that you need to make sure that you access and trust only HTTPS websites.