DNS hijack?

• Previous message (by thread): DNS hijack?
• Next message (by thread): DNS hijack?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Date: Thursday, November 11, 2021 13:28:07 -0800
> From: Jeff Shultz <jeffshultz at sctcweb.com>
>
> Okay, so this is anecdotal, but since the domain belongs to me it's
> more than a little annoying.
> 
> I got some calls that one of my domains, 2dpnr.org was going to a
> page that said it was Network Solutions and that my domain was
> available for renew or purchase.
> 
> I hit my registrar, DirectNic, and found I'm good through 2023.
> They pulled up DNS checker and found that a bunch of DNS servers
> were showing 208.91.197.132 as the IP for the domain. It's actually
> in 64.130.197.x .

You have two nameservers listed:

  Domain Name: 2DPNR.ORG

  Name Server: GATEWAY.WVI.COM
  Name Server: VOYAGER.VISER.NET


The second of these is returning the 208.nnn IPnumber for your
a-record:

   dig @VOYAGER.VISER.NET 2dpnr.org

   2dpnr.org. 300 IN A 208.91.197.132

The other one is returning the 64.nnn number.

So, the issue is somewhere in your dns.

• Previous message (by thread): DNS hijack?
• Next message (by thread): DNS hijack?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]