Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Changing DNS


  • Please log in to reply
5 replies to this topic

#1 billh01

billh01

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 21 January 2011 - 11:35 PM

Fenzodahl512 sent me here to see if anyone can help resolve a dns address change problem. He helped resolve a rootkit issue, http://www.bleepingcomputer.com/forums/topic374414.html/page__gopid__2104143, but one of the original problems remains unsolved.

The machine's DNS servers keep changing. If I use DHCP to get an IP address the DNS servers will start at Road Runner's but change to some other values. If I define a static LAN address and define the DNS servers they still change. In both cases they always change to the same servers.

Any suggestions why this is happening and how to cure it?

BC AdBot (Login to Remove)

 


#2 Baltboy

Baltboy

    Bleepin' Flame Head


  • Members
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:09:30 PM

Posted 22 January 2011 - 07:11 AM

I doubt this is the work of any system setup. I would down load and run Spybot search and destroy which can be downloaded here: http://www.safer-networking.org/en/download/.



Edit: can you give the IP of the DNS server it keeps changing to?

Edited by Baltboy, 22 January 2011 - 07:14 AM.

Get your facts first, then you can distort them as you please.
Mark Twain

#3 Baltboy

Baltboy

    Bleepin' Flame Head


  • Members
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:09:30 PM

Posted 22 January 2011 - 07:32 AM

Also what is the setup of the network you are on. Are other computers attached? Are you using a router? Directly connected to a modem? and so forth and so on.....
Get your facts first, then you can distort them as you please.
Mark Twain

#4 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:30 PM

Posted 22 January 2011 - 07:48 AM

Hi Billh01.

My first thought would have been infection. But since you have gotten the all clear from the Removal Crew the only other thought that comes to mind is the program you mention in the other posting. DynDNS.

Perhaps a call to their support desk is in order. Since this appears to be in a business environment and your company has probably paid a lic. fee I would take full advantage of that fee.

dynDNS Support page

Edited by ThunderZ, 22 January 2011 - 07:55 AM.


#5 billh01

billh01
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 22 January 2011 - 08:32 AM

Bingo. Whois says addresses they change to, 216.146.35.35 & 216.146.36.36, belong to Dynamic Network Services, aka DynDNS. I'll contact them to find out why this is happening.

So there were 2 apparently discrete incidents: the original rootkit and the dns change. Thanks to all who helped me with this.

If anyone is interested I'll post the results of my inquiry to DynDNS.

#6 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:30 PM

Posted 22 January 2011 - 09:19 AM

Always interested when ever a problem is solved. Never know when a similar problem my arise and the info may be of help in solving the problem.

Please do post back what you find out. :thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users