Posted: Tue Aug 05, 2008 13:23 Post subject: DNS redirections on unknown domains via kolmic.com
Hi everyone,
first things first, yes I have googled and googled again.
The following has shown up since a few days; I guess since the upgrade to v24 SP1. Any unknown DNS website gets redirected to what seems a domain grabber site (loading mainly from kolmic.com). It is not limited to just one computer. All three machines show the same symptoms. It happens when the machines get their DNS via DHCP. Manually entering opendns servers solves the issue.
I could eliminate the issue aswell when directly connecting a PC to the DSL modem and doing the pppoe myself. So I am suspecting the dd-wrt. I don't want to accuse anyone, just would like to find the cause of this freaky redirecting behaviour.
Has anyone else experience this? Any help is appreciated.
as I wrote in my first post, I have tried with connecting a computer directly to my ISP via PPPoE and this shows then the correct behaviour.
My setup is as follows:
Linksys wrt54gl v1 with DD-WRT 24-SP1 voip
dnsmasq is off since I discovered this wierd redirecting
3 client computers (mac, 2x linux one of which dual boots with windows xp)
Main browser is firefox but IEx shows same result
All operating systems shows the same behaviour which eliminates the infection with a DNS changer or similar.
If I enter, 'wikipedia' in the google address bar, it should do a lookup for this domain and fall back on a google lucky search. This does _not_ happen when behind the router. It now resolves just wikipedia as a domain and loads something from kolmic.com. Addressbar now shows 'http://wikipedia/'.
So I am suspecting DD-WRT as I have eliminated any other possibility.
Cross-graded to dd-wrt v24 sp1 std. Did not help.
Reset to factory defaults. Did not help.
Installed tomato firmware. Did not help.
Did a "thorough" nvram clearing with tomato. This did the trick.
So something was stuck inside the nvram. I have a backup of nvram done with the inital voip version of dd-wrt if someone would like to look at it.
Yes, well you should always do nvram clear when switching or upgrading firmwares. dd-wrt is not responsible for problems arising when you skip this step.
BTW, you can clear nvram in dd-wrt by ssh/telnetting to the device and issuing erase nvram or mtd erase nvram command. Then reboot.
I experienced same problem. As I'm using firefox's adressbar for serching, this is very anoying. Every time I search for one word term, I get redirected to splash screen "iBroadcast".
However solution is simple - do not assign LAN domain on setup screen. This way so called "search domain" is not assigned to network connection of your adapter.