Apparent DNS hijacking

We’ve had customers who have had problems trying to connect to our web site, westerndepot.com, and are getting redirected elsewhere like a router login or a non-responsive address that is NOT the IP address for our web site. In an effort to combat the problem we have recently switched our domain registration to Cloudflare and activated DNSSEC for the domain. However we are still having some customers report that they are getting directed elsewhere. The IP addresses we have set for the DNS at Cloudflare are correct and were always correct at our previous registrar too so we know that isn’t the problem. Is there anything else we can do to stop the apparent DNS hijacking?

Greetings,

Thank you for asking.

When I access your website, this is what I do see now:

Domain is still pointed to:

;QUESTION
westerndepot.com. IN NS
;ANSWER
westerndepot.com. 21600 IN NS dakota.ns.cloudflare.com.
westerndepot.com. 21600 IN NS jill.ns.cloudflare.com.

No nameserver change detected in past 10 days.
Using Cloudflare nameservers for 22 days straight.

DNSSEC is good, all pass valid :white_check_mark:

DNS records are as well propagated correctly:

Maybe some router firewall is redirecting you, or some security app like anti-virus?
Have you tried flushing the DNS?

Have you tried clearing your web browser cache or tried accessing using a different web browser?
Otherwise, some app might be doing the redirection or some web browser extension, or a malware on a device, etc.

Can you confirm you still do have the access to your domain name and your Cloudflare account?

It is obvious that you are not one of the people who can’t connect to our web site. It’s good to know that DNSSEC is working properly.

We aren’t the ones having problems connecting to our web site, probably because our web server is also the firewall for our local internet so when we connect to our site the signal literally never has to leave the building. It is a few of our customers that are reporting the problem to us. Several of the ones that called I believe are using Comcast which I’m not sure I saw on the list or correctly propagated records you showed. We normally tell them to power down their router for a few seconds to reset it. One person in the past few days called back to say that the reset didn’t solve the problem. I’m guessing that the next step would be to start collecting information from those who report the problem on the IP address they get direct to and who provides their internet service and then report back here?

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.