dlink router hijacking all nslookup results

FoxEye · 21 Aug 2010 at 21:09

nslookups look like this:

Code:

C:\Users\***>nslookup www.google.co.uk
Server:  resolver1.opendns.com
Address:  208.67.222.222

Non-authoritative answer:
Name:    www.google.co.uk.dlink.com
Address:  67.215.65.132

Another, to illustrate the problem:

Code:

C:\Users\***>nslookup www.overclockers.co.uk
Server:  resolver1.opendns.com
Address:  208.67.222.222

Non-authoritative answer:
Name:    www.overclockers.co.uk.dlink.com
Address:  67.215.65.132

So it seems all results have ".dlink.com" appended at the end for no reason... strange!

Here's an ipconfig /all.
I noticed something called an tunnel adaptor which I know nothing about:

Code:

C:\Users\***>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : mouldifier-1x
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : dlink.com

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E
 Gigabit Ethernet NIC (NDIS 6.20)
   Physical Address. . . . . . . . . : 00-24-1D-DE-DF-1B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : dlink.com
   Description . . . . . . . . . . . : Atheros AR5005GS Wireless Network Adapter

   Physical Address. . . . . . . . . : 00-19-E0-18-FB-4E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::7cb5:2293:4be9:79b7%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 12 August 2010 10:33:49
   Lease Expires . . . . . . . . . . : 22 August 2010 16:33:15
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 184556000
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-FF-65-B0-00-24-1D-DE-DF-1B

   DNS Servers . . . . . . . . . . . : 208.67.222.222
                                       208.67.220.220
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.dlink.com:

   Connection-specific DNS Suffix  . : dlink.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.2%30(Preferred)
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 208.67.222.222
                                       208.67.220.220
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{CD3A124B-84D1-446A-84D7-A91CBE557271}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:1448:8dd2:abf2:a81(Prefe
rred)
   Link-local IPv6 Address . . . . . : fe80::1448:8dd2:abf2:a81%16(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

I'm also noticing "connection specific DNS suffix" which means nothing to me, but could be the culprit here?

Any suggestions? Not being able to do any nslookups is a pain...

Duke · 21 Aug 2010 at 21:21

Not sure what all those tunnel adapters are? Are they shown in Network Connections?

FoxEye · 21 Aug 2010 at 21:24

Duke said:
Not sure what all those tunnel adapters are? Are they shown in Network Connections?

No. Only Local Area Connection (disconnected) and Wireless Network Connection.

Duke · 21 Aug 2010 at 21:27

And the DNS tab is all clear on the wireless adapter? Its as if you have a lot of custom DNS entries set if you know what I mean?

FoxEye · 21 Aug 2010 at 21:52

Only 2 DNS servers entered, both for OpenDNS.

Noticed one of the options in DNS tab, Advanced TCP settings:

"Append primary and connection specific DNS suffixes" and
"Append parent suffixes..."
both of which are on by default.

I supposed my next question should be why dlink.com has been entered in the DNS Suffix Search List and why it's a Connection Specific DNS Suffix for my wireless connection.

And why you'd ever want this kind of behaviour to be the default?