Printable Version of Topic

Click here to view this topic in its original format

Linuxhelp _ Technical Support _ DNS Hijacked on Ubuntu?

Posted by: JasonInUSA Jul 20 2014, 08:55 AM

Ubuntu 11.04

If I try to resolve a host name to IP of domains that don't exist, my box always resolves to 54.183.116.245.

Example:
root@system:~# ping fifcnrizzzzzzzzzzzzzz.com
PING fifcnrizzzzzzzzzzzzzz.com.com (54.183.116.245) 56(84) bytes of data.
^C

root@system:~# cat /etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4

root@system:~# cat /etc/hosts
127.0.0.1 localhost

# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Seems like a hijack of my DNS resolution. Not sure what to check for this. Any suggestions? Thanks.

Posted by: Robert83 Aug 21 2014, 03:22 AM

Hi,

it could be possible that DNS queries are redirected ...

the Ubuntu machine is probably connected to a Router , I would check this Router and see what entries it has for DNS
Resolution and if it has iptables port forwarding for port 53 TCP and UDP .

Greetings
Robert

Powered by Invision Power Board (http://www.invisionboard.com)
© Invision Power Services (http://www.invisionpower.com)