How to find out if nameserver is legit

Posted on 2005-05-06
Last Modified: 2010-04-11
So I basically hit a website by mistake that had a ton of active x controls. viruses and spyware on it. I spent a good while using verious spyware removal tools and my virus scan to remove them. Plus I created a new profile and deleted the corrupt one in windows xp pro.

Anyways. I was checking the dns Servers my ISP is handing out ot me.  Are there any sites on the Internet to find out if the DNS servers you are pointed to are legit?  I'm just wondering if my arp has been poisoned by the viruses or something els is going on. I tired calling my ISP tech support but the help desk is clueless.
Question by:bboy77
    LVL 51

    Expert Comment

    >  I'm just wondering if my arp has been poisoned
    arp doesn't matter here 'cause it only handles IPs in the same logical subnet

    > ..  if the DNS servers you are pointed to are legit?
    if you doubt that your ISP is reliable, change it.
    LVL 38

    Accepted Solution

    You can use a program like ethereal to see if your getting responses from the servers, as far as legitmiacy goes, the helpdesk should know the ip's of their NS's... you can query other ns's if you want. If a NS has port 53 open and is serving DNS, then it's probably ok, but as of late there has been a bunch of NS posioning about and your also correct to suspect spyware as messing with your responses, as there are many that do. If your using XP or winME, turn off system restore, then use AV and or AS (anti-spyware) to get rid of them perminatly:
    LVL 8

    Assisted Solution

    While I wouldn't be surprised to see a virus that changes your name server to something that just serves bogus info, typically, you'll just have your host file populated with a bunch of fun stuff.

    To check, browse to:  C:\WINDOWS\system32\drivers\etc and check each of the host files, unless you have gone in and edited the host file, you should only have one entry which should look like localhost

    If you see a lot of bogus entries, maybe entries for Symantec, AVG, and other popular antivirus/anti-malware companies, then just delete them.

    If you think your name server might be bogus, just to some nslookups against it, and post the results here as a comment, and then have the rest of us compare our responses, if 3 people get the same response you get, then there is a good chance that your NS is fine.

    To do a lookup against your name server, go to a command prompt, type nslookup, and then type, then post the results.  Do this for a few different domains that would most likely be targeted.  

    Is there any thing you're seeing that makes you think you may still be infected?
    LVL 25

    Assisted Solution

    by:Ron M

    run a speed test...It will show you your ISP, and you can compare your speed to other users on the same isp...additionally it will provide information about the Primary and Secondary DNS servers for your C-lec.

    It won't be on the first page, but you poke around a little it's in there.....

    Or you could just call your ISP and ask's not top secret.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
    If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now