D-link routers affected by DNS hijacking

September 20, 2015

D-link is a trusted cost effective router solution for homes and small offices, especially in the regions where cable internet is still an unreachable reality. Recently I changed my home DSL router, from a Linksys X1000 to DSL-2750U (India specific) and was pretty happy to see that the device stood robust, without a single hangup after being online for weeks. Further, the firmware of the device provided much more tweaks compared to Linksys x1000.

However, almost a month and half back, I have noticed that my internet connection (4MBPS DSL) started getting a lot slower, websites unreachable due to DNS timeouts.

To my utter surprise, I found that the DNS settings with router were changed with a DNS server from Saudi Arabia (Primary) & Google DNS server for the secondary. I changed the DNS to static and fed in KEMS Zajil corporate DNS server entries & found, sometimes within a day or other times after couple of days, the router is once again back to the “automatically” changed DNS server entries. This made me google about DNS hijacking, specific to D-link routers & here is what I came across

I contacted D-link support, instead of replying my query they forwarded me a link to download a firmware (patched? new?) , which I thought should be one with the fix. I had no troubles for almost 3 weeks. Once again, I started experiencing no internet at all or host not found errors! this time I knew where exactly to look & I found my router with compromised DNS entries

DNS Entries

Obviously, this particular router firmware comes with TR-069, disabled. I ain’t at all sure whether, it is being exploited. Anyway, this time I didn’t bother to contact D-link and download another “firmware”, instead I quickly dusted out my old Linksys x1000 router, and configured it as a modem router, thus limiting the load on the device, which caused frequent hanging while used as Modem Router+ DHCP Server +  WIFI access point combo.

So far so good, I keep on checking the status page of the router to make sure that the DNS entries are not manipulated by the ISP for some reasons, or hijacked by…

So if you are feeling your DSL connection has gone all slow or you are constantly getting timed out DNS errors, cross check your D-link router’s DNS entries page.


for windows7bugs