Posted: Tue Aug 05, 2008 13:23 Post subject: DNS redirections on unknown domains via kolmic.com
first things first, yes I have googled and googled again.
The following has shown up since a few days; I guess since the upgrade to v24 SP1. Any unknown DNS website gets redirected to what seems a domain grabber site (loading mainly from kolmic.com). It is not limited to just one computer. All three machines show the same symptoms. It happens when the machines get their DNS via DHCP. Manually entering opendns servers solves the issue.
I could eliminate the issue aswell when directly connecting a PC to the DSL modem and doing the pppoe myself. So I am suspecting the dd-wrt. I don't want to accuse anyone, just would like to find the cause of this freaky redirecting behaviour.
Has anyone else experience this? Any help is appreciated.
as I wrote in my first post, I have tried with connecting a computer directly to my ISP via PPPoE and this shows then the correct behaviour.
My setup is as follows:
Linksys wrt54gl v1 with DD-WRT 24-SP1 voip
dnsmasq is off since I discovered this wierd redirecting
3 client computers (mac, 2x linux one of which dual boots with windows xp)
Main browser is firefox but IEx shows same result
All operating systems shows the same behaviour which eliminates the infection with a DNS changer or similar.
If I enter, 'wikipedia' in the google address bar, it should do a lookup for this domain and fall back on a google lucky search. This does _not_ happen when behind the router. It now resolves just wikipedia as a domain and loads something from kolmic.com. Addressbar now shows 'http://wikipedia/'.
So I am suspecting DD-WRT as I have eliminated any other possibility.