On 9/16/17 12:00 PM, [email protected] wrote: > Where does DNS poisoning occur? Since it was just local to my machine (no > general complaints noticed), then something local must have been hacked. > This could have been either my router or my modem, since my laptop > connecting via wireless to the router also had the problem. The modem was > reset a few times during my contact with Comcast's technician, so it could > have been the modem if reset clears the cache. > > This whole thing is above my pay grade. Bottom line, if it recurs, what > should I do to find out what is happening?
DNS poisoning initially occurs at the DNS server. An untrusted fake name record is introduced and then is cached in the DNS server and served to any unwitting entity that makes a DNS A record lookup for a hostname/fqdn. This is unlikely to be of a nefarious nature and far more likely to be caused by crappy code in the airRouter. I did tech. support work for a local manufacturer of lower-end APs that ran open source based software. Oh, the DNS & DHCP nightmare problems I could tell you about. I did a quick Google on this and found that people experienced similar problems with the Cisco RV130. If I recall the fix was a config change. I don't know if the Comcast modems run a DNS caching server. I doubt it, but maybe. I've been using a dns caching server on my linux boxen for many years. Now many linux distros come with dnsmasq installed and it runs at startup by default. I think modern versions of MS Win also do this. So, what you do if this happens again? Here's what I would do. 1. Flush the dns cache on your computer and then try again. Here's how to do it on all OSs. https://www.techiecorner.com/35/how-to-flush-dns-cache-in-linux-windows-mac/ 2. If problem persists, plug directly into the modem and try it again. 3. If problem persists, edit the /etc/resolv.conf file, add the Google nameserver addresses and try again. nameserver 8.8.8.8 nameserver 8.8.4.4 *NOTE: This is only temporary and will be overwritten upon the next DHCP renewal unless you edit the dhcp config file so that it doesn't request DNS entries or disable DNS on the Comcast modem. 4. If problem still persists, which I suspect is highly unlikely, then I'd probably start looking at either running some heavy duty malware software on your pc or wiping it and re-installing the OS from scratch. HTH!, Mike _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
