1
I'm having been getting a weird DNS response recently. If I ping any unresolved DNS (without tld, I.e. abc instead of abc.com), it will return the IP 72.167.34.97. If I would do it in the browser, it then redirect to telogis.com's login page.
I first notice this a month back in our office when I wanted to access the AP, but keyed in a wrong IP into the browser. It shows the telogis page. It was in the middle of mixing pfSense with Windows 2003 AD environment, thus I was assuming it's an configuration mistaken. After everything stabilized, I still bump into telogis page for this unresolved domain name, that's when I started to take notice. It would even redirect to telogis if I've misspelled the SharePoint server name in the browser.
I never heard of telogis before this. I've not installed anything from telogis as well. After much digging, I didn't find anything related to telogis or 72.167.34.97 recorded in registry or hosts file. This doesn't happen to my colleague. And it even happen to the same laptop when I'm online elsewhere.
Anywhere else I should be looking to remove this as it's starting to pose problem when I'm diagnosing a network issue, while Windows cache the unwanted DNS entries. Or anyone has a similar experience.
I'm running Windows 7 Ultimate x86 SP1, I'm 99.9% sure my laptop is free from spyware and viruses. Another side note, along the same time, I was migrating my local laptop profile to join the office's Windows 2003 AD domain. I've configured the NIC interface's DNS server to the AD in the office, router at home and ISPs elsewhere. Also, It won't resolved if I try to ping offline, which is expected.
EDIT:
billc.cn for the nslookup tips. Now I've found out the culprit. Our office domain is example.com
, which the domain will resolve to telogis' IP, but we're using it internally, which shouldn't be a problem, except for this particular one. Any DNS lookup to non-tld domain, ends up with domain.example.com
, which in turn resolve back to telogis again. This is what nslookup return when I lookup for test
C:\>nslookup test
Server: unknown
Address: 192.168.1.1
Non-authoritative answer:
Name: telogis.com
Address: 72.167.34.97
Aliases: test.example.com
www.telogis.com
So this means that it should happen to all PC which has joint this domain. I've better double check again. Is there anyway to overcome this?
And
– TRiG – 2016-06-14T10:35:52.503xxx.com
is a porn site. Please use either your real names or RFC 2606 in your question.@TRIG
xxx
here is a placeholder – faulty – 2016-06-14T21:07:54.0331@faulty We have a standard for placeholders. It's RFC 2606. – TRiG – 2016-06-14T21:13:58.643
@TRiG noted, didn't realized that – faulty – 2016-06-14T21:28:44.983
1The moral of the story is the same as always: Don't steal someone else's domain name that you do not own (
xxx.com.
in this case) and use it as your own. Use a domain name that you yourself own. – JdeBP – 2011-10-10T11:00:35.070Well, we actually just wanted to use xxx as our domain, but windows made it xxx.com automatically. – faulty – 2011-10-11T00:23:34.943
1
You don't own
– JdeBP – 2011-10-11T14:47:04.060xxx.
either. That's owned by ICM Registry LLC. Stop stealing other people's domain names and you'll stop suffering this pain.