Routing Problems: ->

Hi there!
I am really confused by now: My internet connection is really behaving in a funny way. Sometimes when i am trying to connect to a website another website is opened and displayed in the browser although the right domain name is shown.
I can give an example: traceroute:

traceroute to (, 30 hops max, 40 byte packets
 1  SE515.home (  1.665 ms   1.804 ms   1.953 ms
 2  * * *
Unable to look up Temporärer Fehler bei der Namensauflösung
 3  774.735 ms   954.309 ms   951.729 ms
 4 (  959.488 ms   956.341 ms   954.622 ms
Unable to look up Temporärer Fehler bei der Namensauflösung
 5  952.688 ms   950.192 ms   947.157 ms
 6 (  945.831 ms (  1057.346 ms xe (  941.213 ms
 7 (  936.730 ms (  935.858 ms (  933.733 ms
 8 (  1454.861 ms   1451.347 ms   1447.583 ms
 9 (  1502.022 ms   1499.417 ms   1497.563 ms
10 (  1496.065 ms   1492.416 ms   1516.930 ms
11 (  1537.698 ms   1534.473 ms   1538.654 ms
12  * * *
13 (  1620.979 ms   1613.415 ms   1606.714 ms
14 (  2091.983 ms   2070.137 ms   2070.590 ms
15 (  2069.386 ms   2066.851 ms   2064.191 ms

My guess is that somehow the routing is wrong, however, I can not reproduce this behavior. The domain names that get mixed up are kind of random. It only stays that way for about 5-10 minutes.

Any tips at where I can start???

The initial resolution of Google appears to be wrong. What nameserver(s) are you using? Are they your ISP’s nameservers? It could be somebody attempting a DNS poisoning attack on BIND.

Thanks for the quick reply ken_yap!
I was thinking about that too. My /etc/resolv.conf only has my local router as name server.
I checked the local net with wireshark and didn’t notice anything suspicious, though.
My router uses (primary) and (secondary) as name servers. If I look them up with they are inside the ip range of my provider but how can I check if they are real name servers?

They probably are real name servers belonging to your ISP, a reverse lookup shows that they are in but they may not have been patched (surprising lapse of your ISP if true).

Go to DoxPara Research and on the RHS you will see a DNS checker. Click on it and wait for the results. If it says your nameservers are vulnerable, your ISP should be notified immediately. You, not somebody else, have to do this check because you are using their servers.

Hi! Sadly that’s not it… I actually remembered the page after I checked this…
Is there a way to do that to the router?

Your ISP's name server,, has other protections above and beyond port randomization against the recently discovered DNS flaws. There is no reason to be concerned about the results seen below.Requests seen for TXID=4812 TXID=4607 TXID=27318 TXID=27501 TXID=36478

Your router is just a forwarder so the actual request would come from your ISP’s nameserver anyway.

Sorry, no more ideas on this one. Maybe try setting your computer to use your ISP’s nameservers directly to see what happens?