-3

Can someone help me, my domain Entrepreneurlocal.com is being redirected only when it is being viewed on certain ISp (bell Canada in montreal) it is being sent to a parkingcrew.net landing page. What do I do?

Pietro Mauro
  • 1

1 Answers1

2

Hijacking might be the incorrect term:

Using a couple of public DNS servers supposedly in Montreal I found one which returns an apparently incorrect cached response:

dig  www.Entrepreneurlocal.com @modemcable193.144-81-70.mc.videotron.ca
;; ANSWER SECTION:
www.Entrepreneurlocal.com. 234019 IN    A   50.57.203.17

Interestingly a query for either the SOA record or your domain without www. does return the expected responses:

Entrepreneurlocal.com.  3599    IN  A   184.168.81.163

If you only recently took control of the domain, or changed hosting providers, that can happen as old cached results might persist until they expire, sometimes much longer even than the TTL you had configured. 234019 seconds is roughly 65 hours, so simply wait it out.

HBruijn
  • 77,029
  • 24
  • 135
  • 201
  • I have been stuck in this situation for a couple of days. 50.57.203.17 was never an ip associatd with me, that's the strange part. – Pietro Mauro Feb 27 '15 at 16:23
  • It's only happens in certain areas, my web tech tells me that it is a sophisticated hack. – Pietro Mauro Feb 27 '15 at 16:24
  • Do you think that cloudflare.com might help – Pietro Mauro Feb 27 '15 at 16:25
  • 3
    @PietroMauro if that is what your "web tech" is telling you, it's time to get a new technician. – Daniel Feb 27 '15 at 22:50
  • Do you have any suggestions – Pietro Mauro Feb 28 '15 at 23:19
  • The nameserver above now returns consistent and correct results. Without forensic work it is impossible to determine if the erroneous results were the result of regular time-outs, mis-configuration or directed [malicious behaviour](http://en.wikipedia.org/wiki/DNS_spoofing) or if your problems were just incidental. Never attribute to malice what might be the result of simple incompetence. – HBruijn Mar 02 '15 at 16:37
  • Yes, this could be a result of cache poisoning, and pulling that off would indeed be a sophisticated hack. – Simon Richter Jul 22 '21 at 14:12