A benefit to password managers, at least some of them, is that they can look at the URL and only use autotype/autofill when on the correct site, which can help prevent pharming since if instead of https://www.example.com/ you go to examp1e dot com it won't autofill your credentials. What I want to know, and can't find anywhere, is whether DNS hijacking or poisoning, when taking you to a different site, will show to the browser, the user, and the password manager as the site you meant to go to or the fake one. That is, if you actually type example.com, and the browser thinks you're going to example.com because it's following the malicious DNS to maliciouswebsite dot com, does it show where it thinks you are or is it somehow able to resolve the actual URL and show that? I realize this is a very unlikely possibility, but I'm curious if the password manager would try to autofill on the malicious site because instead of example.com being resolved as x.x.x.x it's resolved as y.y.y.y, but as far as the browser and password manager know it's still example.com, or if it would go to y.y.y.y but since the actual URL for that is maliciouswebsite dot com that's what would ultimately be shown.
As a secondary, related question, if a public wifi router has been compromised for DNS poisoning, how and when does this affect your device when connecting to it, i.e. poisoning your DNS cache? Does it happen immediately upon connecting, or only for each query/entry as it's made?