Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

NSLOOKUP appends rr.com domain

Status
Not open for further replies.
dcranford

dcranford

MIS
May 18, 2000
131
US
Seems this is reported throughout the web for domain PCs but I've not found anything for "at home" laptops. I have one connected to a standard RoadRunner router. Two days ago, IE stopped finding websites. Running NSLOOKUP returns something similar to this:

C:\>nslookup Server: UnKnown
Address: 192.168.1.1

Non-authoritative answer:
Name: Addresses: 21.22.23.24 (this is an example - not the actual returned address)

No matter what I lookup, it always appends the carolina.rr.com domain and returns the same number.

I feel reasonably certain that the virus and spyware software is current. The daily anti-virus signatures are updating to the laptop. I've checked the basic IP services and all that are set to automatic are running. Any one have any ideas on this?

Deon Cranford
 
Sort by date Sort by votes
The server unknown part may be the key. That suggests to me that your query did not receive an answer from the DNS. When you are connected to TWC via DHCP connection, domain carolina.rr.com will be pushed to your resolver. Since it wasn't able to lookup it then tried appending the default domain, carolina.rr.com to the query and gets sent to TWC's dummy page. I think it is similar to when you get those pages that come up with "<whatever your searched for>.com domain is available, contact us at xyz to buy it", kind of a catchall.

I have seen this happen every once in a while and not fully understood it.

Next time, when this happens, at the nslookup prompt >, type server 8.8.8.8 and then repeat your query. This should set the DNS to google's public DNS rather than TWCs.
 
Upvote 0 Downvote
Appreciate the idea. I'll work on that this weekend and advise
 
Upvote 0 Downvote
Just to chime in...nslookup is a bad tool to use. Don't use it if possible.

On your problem, nslookup uses the search list option by default. If you want to perform the search correctly with nslookup, add a period to the end to specify an FQDN( The search list option can usually be changed (or disabled) under the advanced settings for an adapter in Windows. I think it's called DNS suffix or something.
 
Upvote 0 Downvote
Thank you both for the replies. Spent most of the weekend on this one. Turned out to be; you guessed it, a virus. It's name was Roxifind. I was never able to determine how the rerouting of the DNS was being done but it kept ports https, ftp, ssh, and telnet open while disabling port 80.

I appreciate you taking the time to forward your suggestions.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Wibble2004
  • Locked
  • Question
Bind9.11.20: nslookup shows different MX information on Windows and Linux workstation
Replies
0
Views
6K
Wibble2004
Wibble2004
splat_123456
  • Locked
  • Question
Windows 2016 Server Adding Domain Controller to Existing Domain Failure
Replies
0
Views
77
splat_123456
splat_123456
intel233
  • Locked
  • Question
Nslookup
Replies
1
Views
77
Noway2
Noway2
TrueHobbit
  • Locked
  • Question
Zimbra Collaboration Server + Godaddy domain
Replies
0
Views
86
TrueHobbit
TrueHobbit
MCSLOY
  • Locked
  • Question
Script to Parse MX records for Top Level Domain?
Replies
0
Views
50
MCSLOY
MCSLOY

Part and Inventory Search

Sponsor

Back
Top