Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Primary DNS server address changes on its own


  • Please log in to reply
16 replies to this topic

#1 mamerala

mamerala

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:42 AM

Posted 28 October 2016 - 12:21 PM

Recently I noticed my primary dns server address in router page change on its own whenever I try to add normal primary dns. It used to change to ip start with 5.3 then now change to 188.165.81.240

What might be causing this issue?

 

 

Also another issue that has been happening, my connection go off (I get the yellow triangle and message like the device couldn't communicate with dns server) usually around same time almost everyday.


Edited by mamerala, 28 October 2016 - 12:23 PM.


BC AdBot (Login to Remove)

 


#2 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,130 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:09:42 PM

Posted 28 October 2016 - 01:27 PM

That IP is from OVH a service provider in France. You likely have a dynamic IP from your Internet provider. The DNS will be updated whenever the ISP assigns a new IP.

Edit: You can change the dhcp options in the lan settings to assign a specific IP.

Edited by Sneakycyber, 28 October 2016 - 01:29 PM.

Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +

#3 mamerala

mamerala
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:42 AM

Posted 28 October 2016 - 01:56 PM

That IP is from OVH a service provider in France. You likely have a dynamic IP from your Internet provider. The DNS will be updated whenever the ISP assigns a new IP.

Edit: You can change the dhcp options in the lan settings to assign a specific IP.

wouldnt IP from France sound strange since my connection in Egypt?

 

i changed many times but it goes back to different one, so far didnt sometimes it takes hours or 1 day before changing.

and would that effect my connection because i disconnect a lot recently while playing mmorpg



#4 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 28 October 2016 - 02:35 PM

5.3 wouldn't be right as that is Russia and most likely a sign you have been hacked

https://www.countryipblocks.net/view_location_details.php?ip=5.3.8.18

 

These are the valid blocks for Egypt

http://www.nirsoft.net/countryip/eg.html

 

Make sure your routers firmware is up-to-date

 

Who is your isp?



#5 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,130 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:09:42 PM

Posted 28 October 2016 - 03:17 PM

I checked that IP again, it's geolocation still reports France same as the "Whois" information. Yes that would be weird given your in Egypt (at least in the US. its weird).


Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +

#6 mamerala

mamerala
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:42 AM

Posted 28 October 2016 - 04:28 PM

5.3 wouldn't be right as that is Russia and most likely a sign you have been hacked

https://www.countryipblocks.net/view_location_details.php?ip=5.3.8.18

 

These are the valid blocks for Egypt

http://www.nirsoft.net/countryip/eg.html

 

Make sure your routers firmware is up-to-date

 

Who is your isp?

yes exactly

i will try to see how to check routers firmware as i've never done before

 

my isp te data



#7 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 28 October 2016 - 05:30 PM

Here are valid te data dns servers

 

http://public-dns.info/nameserver/eg.html



#8 mamerala

mamerala
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:42 AM

Posted 29 October 2016 - 02:42 AM

Here are valid te data dns servers

 

http://public-dns.info/nameserver/eg.html

i did a full reset and firmware change i will see what will happen now



#9 Ahmedbeeh

Ahmedbeeh

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Egypt
  • Local time:03:42 AM

Posted 29 October 2016 - 08:00 AM

I'm From Egypt too and strangely my DNS automatically changes to 188.165.81.240 
2 days ago i noticed Adfly popups and linkbucks redirect webpages , was thinking it was malware and after some digging i reset the router and the ads and popups are gone for roughly one day and now it's back so i checked the router CP and found that DNS "188.165.81.240" and a google search brought me here

i got the same case with her the internet goes off alot of times with this DNS  and the ads and adfly skips
 

So what's causing this even after i reset the router ? malware on pc connected to the network OR ISP(te-data) problem ?


Edited by Ahmedbeeh, 29 October 2016 - 08:07 AM.


#10 Ahmedbeeh

Ahmedbeeh

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Egypt
  • Local time:03:42 AM

Posted 29 October 2016 - 08:28 AM

Also as seen on the attachment the lease duration is set to 8 Sec , i don't remember changing that so is this what causes the connection off "yellow triangle" ? 

And is there a malware that can access the router cp ? anyway i changed the router default account passwords "admin:admin , user:user"  and will see if this will prevent the changing

Attached Files

  • Attached File  ooo.PNG   8.93KB   0 downloads

Edited by Ahmedbeeh, 29 October 2016 - 09:03 AM.


#11 mamerala

mamerala
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:42 AM

Posted 29 October 2016 - 08:57 AM

I'm From Egypt too and strangely my DNS automatically changes to 188.165.81.240 
2 days ago i noticed Adfly popups and linkbucks redirect webpages , was thinking it was malware and after some digging i reset the router and the ads and popups are gone for roughly one day and now it's back so i checked the router CP and found that DNS "188.165.81.240" and a google search brought me here

i got the same case with her the internet goes off alot of times with this DNS  and the ads and adfly skips
 

So what's causing this even after i reset the router ? malware on pc connected to the network OR ISP(te-data) problem ?

exactly i get redirects to Adfly. i had this issue months ago in kinda different way i did post about it here http://www.bleepingcomputer.com/forums/t/608169/getting-directed-to-ad-sites-while-browsing/#entry3958762 i thought it was my fault but maybe it wasn't

 

few days ago it came back. if there's more having same issue then i think there's something wrong with te data? i will try to ask them and see if its not fixed yet

 

im not sure about lease duration


Edited by mamerala, 29 October 2016 - 09:27 AM.


#12 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 29 October 2016 - 09:32 AM

lease duration shouldn't be any less than 24 hours imo. 8 seconds means in 4 seconds dhcp server /pc communication is going to broadcasts to renew the lease.  At that time interval you have no internet.

 

Do you both have the same router?  Sounds like its a model that is vulnerable to hacking.



#13 mamerala

mamerala
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:42 AM

Posted 29 October 2016 - 10:04 AM

lease duration shouldn't be any less than 24 hours imo. 8 seconds means in 4 seconds dhcp server /pc communication is going to broadcasts to renew the lease.  At that time interval you have no internet.

 

Do you both have the same router?  Sounds like its a model that is vulnerable to hacking.

ok i will change lease then

 

my router is huawei hg532n

 

btw i never had this issue with this specific router which i had for few years so far, only during this year this issue started


Edited by mamerala, 29 October 2016 - 12:41 PM.


#14 Ahmedbeeh

Ahmedbeeh

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Egypt
  • Local time:03:42 AM

Posted 29 October 2016 - 11:57 AM

mine is hg532n



#15 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:06:42 PM

Posted 29 October 2016 - 11:58 PM

same router for both of you.  my best guess is in this order; hardware failure, firmware failure, intrusion.

 

firmware update may solve the issue. if not equipment related to MTBF [mean time before failure] would indicate that the both of you have a model that has reached that MTBF.  less possible but probable is the router has a weakness that hackers are exploiting .


Edited by Wand3r3r, 30 October 2016 - 12:02 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users