Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Navil.com

Status
Not open for further replies.
dan

dan

MIS
Oct 7, 1998
298
US
Something is periodically hijacking our DNS servers so that traffic to site X is redirected to navil.com. Anyone have an idea of what is causing this or how to fix it? I have found a very few mentions of it when I google it, but no solutions. We are using Windows 2000 Servers for DNS.
Others that have written about is suggested running "hijack this", which seems to show nothing out of the ordinary.
Dan
 
Sort by date Sort by votes
Does this happen to all workstations that are using this particular Windows 2000 DNS server or just one or a few? If it is just one or a few, check the hosts file on those workstations.

Jim W MCSE CCNA
Network Manager
 
Upvote 0 Downvote
It is different ones at different times. Rebooting proxy server and all DNS servers cleared the problem for a time, so it can't be in the host file. It works with some sites and not others. There doesn't seem to be a recognizable pattern. Sometimes the problem shows up using the proxy server and other times with a direct connection.
Dan
 
Upvote 0 Downvote
Sounds to me like your up stream DNS server (probably ISP) are giving you the wrong info.

Next time it happens use NSLOOKUP against your ISP DNS server to see exactly what info it has for this domain.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
 
Upvote 0 Downvote
I tried that, our DNS servers were resolving the correct address this time (I don't think they were last time). It seemed to be cached on our proxy server (ISA2000) which we rebooted. This seemed to temporarily fix the problem. Our DNS servers are set to go to the root servers rather than an upstream DNS from our ISP. We are planning to change that as a possible solution. Still don't know where it is coming from.
Dan
 
Upvote 0 Downvote
Dan, we are also having this problem and use a Windows 2000 DNS server. However, we do not use a proxy server. I've done the nslookup test and found that on the "problem" sites the DNS server does not return a valid response. I believe it usually replies with a timeout. The problem for us is that once someone (at a workstation) goes to a "problem" site, all other sites also get redirected to navil.com. It has not appeared to cause any harm yet, but is very annoying and disconcerting to the users (and admins).

The sites that I have seen cause the problem are:

(maybe)
(maybe)

Since we are a business, I don't have an ISP, to speak of, that I am using for my DNS. We are running our own DNS servers and recursively looking up domains that we are not authoritative for.

BTW, our DNS server was recently infected by the W32/SDBot.worm.gen.n virus (a trojan which disabled NetBIOS) - have you had any virus problems on your DNS servers?

CARTER
 
Upvote 0 Downvote
We have not had a problem with the virus (worm) you mentioned. However, I don't understand your statement that you don't have an ISP. Who provides your Internet connection? Whoever that is, I would suggest you set your DNS servers forwarders to point to their DNS. Apparently ISP have a secure path to the root, while small companies that go directly to the root like you and I traverse an insecure route. The insecure route is apparently being hacked. Hope this helps.
Dan
 
Upvote 0 Downvote
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top