Re: DNS pointing to porn site

"GJB" <gjb@xxxxxxx> wrote in message
news:uwZiVSQIGHA.3460@xxxxxxxxxxxxxxxxxxxxxxx
> Herb,
>
> Thank for the reply. I can rule out 1 and 2, and have spoken to the
> Manager of the DNS servers we forward to and they aren't compromised, so I
> gues it is "out there" in the wider web-world. I am surprised that there
> is nothing on the grapevine about it if that is the case.
>

It is almost certainly coming from some local or internal
problem in your systems -- either client side or DNS Server
side.

If you are taking the "Manager of DNS"s word then you haven't
tested it yourself.

Use NSLookup and other tools to find out WHERE the answer
is originating.

Based on what you have said, I doubt you have even eliminated
the client side.

Have you explicitly tried pings vs. nslookup (to see if you get
the same answers)? A hosts file won't be used by NSlookup.
Also, using explicit DNS servers (working through EACH that
can be involved) until you locate which one(s) return the wrong
info.

You can use (sparingly and politely) 4.2.2.1 and my own
68.178.144.60 as public DNS servers (for comparison) or
to get ROOT server and COM (etc) server addresses for
direct query (to see if you internal servers used the same
server sets etc.)

Remember to be gentle when you use someone else's servers
for such testing.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

> Gerry.
>
>
> "Herb Martin" <news@xxxxxxxxxxxxxx> wrote in message
> news:%23AfWZ$PIGHA.604@xxxxxxxxxxxxxxxxxxxxxxx
>> "GJB" <gjb@xxxxxxx> wrote in message
>> news:%23dPe0qPIGHA.648@xxxxxxxxxxxxxxxxxxxxxxx
>>> Hi,
>>>
>>> For a day or so we have been having an intermittent problem where users
>>> attempting to access "normal" web site e.g My Ebay, Firstchoice, AOL,
>>> BBC etc have been directed to a porn site www.rug-munchers.com.
>>> Has anyone seen this or anything info related to it?
>>>
>>
>> Well, "seen it"? In a way, it means your clients are using
>> a DNS server that resolves it that way either directly or
>> indirectory (unless this is due to some local virus/trojan
>> on the clients, including a modification of the hosts files.)
>>
>> The key is to find WHERE the incorrect data is originating:
>>
>> 1) Clients
>> 2) Local DNS server
>> 3) Forwarder
>> 4) etc.
>>
>>
>> --
>> Herb Martin, MCSE, MVP
>> Accelerated MCSE
>> http://www.LearnQuick.Com
>> [phone number on web site]
>>
>>
>
>


.

Relevant Pages

  • Re: Nslookups work, pings fail?
    ... Multiple DNS servers can get used RANDOMLY, ... Herb Martin, MCSE, MVP ... >> Many anti-malware programs will build a HOSTS file just ... >> If ping fails by address then it can be blocked by any intervening ...
    (microsoft.public.windows.server.dns)
  • Re: Router pointing to Windows DNS Server: OK?
    ... > I tried your recommendations on my own home network and I think I did ... > resolve Internet queries, without me having to do anything. ... > router, or change each client ... Having "fault tolerance" for AD means to list multiple DNS servers that ONLY ...
    (microsoft.public.windows.server.dns)
  • Re: Assign Domain Security Policy/Manage remote computer
    ... I do indeed have other DNS servers listed on my client - I ... I rebooted, ran ipconfig /registerdns, dc list still failed. ... still have an entry for the client in the forward DNS zone, ...
    (microsoft.public.win2000.security)
  • Re: Clients not registering in AD integrated DNS
    ... Also I'd like to thanks Herb Martin for his great help and suggestions ... Microsoft Global Technical Support Center ... | You can NEVER DEPEND on the order of DNS servers on the client -- ...
    (microsoft.public.windows.server.dns)
  • Re: Private DNS across a VPN..
    ... doubt it is going to help you too much getting the VPN setup. ... I was going to mess with OpenVPN. ... Then make sure that your private DNS servers' IP addresses also get ... pushed to the client when the OpenVPN client connects (that is one of the ...
    (comp.os.linux.networking)