DNS "injection"?

[MasterRacker]

Something changed recently in my home network that concerns me. My ISP is Charter (cable). I have a small router that provides DHCP to my internal network. The router is set to specifically use the OpenDNS servers. I'm running Windows XP SP3.

Yesterday I mistyped a url and got a Charter search page. When I looked at my IP configuration, much to my surprise, I saw 2 different DNS servers listed above the OpenDNS pair.

I haven't had a chance to do a nslookup on the addresses yet, but I'm confident they are Charter addresses since I get Charter search pages.

I verified that router is still only using OpenDNS, so how is this happening? I'm using Comodo firewall and Avast! as well as the router and I have a hard time believing that Charter had someone hack a rootkit onto my machine simply to feed me their DNS, so what's the deal?

Jeff
[small][purple]It's never too early to begin preparing for [/purple]International Talk Like a Pirate Day
"The software I buy sucks, The software I write sucks. It's time to give up and have a beer..." - Me[/small]

 

[North323]

where did you lookup your IP config? on the command line? in most cases, your ISP will force DNS servers in your config because average guy does not use OpenDNS. So you may have 4 DNS servers because you are going through a Charter cable modem...

 

[MasterRacker]

Command line - yes. Thing is, cable modem is upstream of the router. Router gets its external addressing from Charter via DHCP, but internally should only be feeding me what I set.

This worked as expected when I first set it up. Something changed recently.

Jeff
[small][purple]It's never too early to begin preparing for [/purple]International Talk Like a Pirate Day
"The software I buy sucks, The software I write sucks. It's time to give up and have a beer..." - Me[/small]

 

[North323]

explicitly block their DNS ip's in your firewall

 

[MasterRacker]

I may end up trying that. I've looked at my router again and on the public side I see their dns and one of the OpenDNS. My public address is on the 68.x.x.x network. My internal addressing is 192.168.x.x.

I did some nslookups and the addresses are Charter. I'm sure I didn't see Charter DNS servers internally when I first set up OpenDNS, so I'm very curious how they're feeding that to my private network.

Jeff
[small][purple]It's never too early to begin preparing for [/purple]International Talk Like a Pirate Day
"The software I buy sucks, The software I write sucks. It's time to give up and have a beer..." - Me[/small]

 

[jimbopalmer]

If the individual computers list DNS servers, that overrides the router's opinion.

I tried to remain child-like, all I acheived was childish.

 

[burtsbees]

Is the modem doing the NAT or is it bridging?

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[MasterRacker]

I believe the modem is just a bridge. My router does NAT. The internal PCs are DHCP and supposed to only get what the router gives them.

Jeff
[small][purple]It's never too early to begin preparing for [/purple]International Talk Like a Pirate Day
"The software I buy sucks, The software I write sucks. It's time to give up and have a beer..." - Me[/small]

 

[burtsbees]

Do you have an option to import dns info to your comps?

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!