nslookup returning wrong DNS address

Go to helpful replies
csewell
Contributor III

‎11-06-2025 10:08 AM

This driving me batty as I cannot figure out what is happening. I'm not sure this is a BELL or HH4000 problem either.

Here's the problem: I have a personal domain name that is being hosted on CloudFlares DNS server.  The DNS name is assigned the public ip address of the HH4000. An nslookup of that domain from any PC, WiFi attached phone or tablet on my local network should return the public ip of the HH4000 right? Up until a few days ago it was. Then something changed, and now nslookup returns some 18.*.*.* address which resolves to an amazonaws.com name. This ONLY happens on my internal network behind the HH4000 and it happens on ALL networked devices: PC's, laptops, phones, tablets. If I nslookup from a web app or some PC outside my network, it returns the proper DNS address of the HH4000.

What I have tried: ipconfig /flushdns, powering off the HH4000 until it was assigned a new public ip address, doing an nslookup using another DNS server such as Googles or CloudFlares (8.8.8.8 or 1.1.1.1), assigning these public DNS servers in the HH4000 instead of Bells default DNS servers, changing the adapter settings of some PCs to use a public DNS instead of the default 192.168.2.1, restarting some PCs.

None of those made a difference, nslookup on any device inside my network still returns and amazonaws.com ip  address. Here's another clue: nslookup -v returns the proper ip address,  but I have no idea what the -v switch means in Windows nslookup.

Can someone clue me in on where the problem lies? Bell? HH4000? Something inside my network? Some DNS server somewhere?

0 Likes
0 17 358
17 REPLIES 17

Go to helpful replies
csewell
Contributor III
In response to dks

‎11-07-2025 05:36 PM

OMG, this was exhausting, but my problem is finally solved. Yes, the Gigahub does have a malicious site blocker. Control of it is not in the GigaHub's settings as far as I know, but in the BELL WiFi app. Somehow Guard got turned on, which intercepted and redirected connections to my domain. I didn't turn it on as I rarely use that app, even though I have a couple of hardwired WiFi pods. nslookup now returns the proper ip address for my domain, and port forwarding is now working. Although my web site is still blacklisted for phishing or something. I'll try to get that fixed.

0 Likes

Go to helpful replies
dks
Community All-Star
Community All-Star
In response to csewell

‎11-08-2025 05:49 AM

Thanks for the clarification. Guard is not located in the Giga Hub or any Bell device but is cloud-based real-time protection providing device security using algorithms and intelligence based on machine learning. It is configurable in the Bell Wi-Fi app. You can read more about Guard and how to configure it here

I am a Community All-Star and customer. I'm here to help by sharing my knowledge and experience. My views on Bell and the Community Forum are my own and not the views of Bell or any of its affiliates.
0 Likes

Go to helpful replies
csewell
Contributor III

‎11-08-2025 07:17 AM

Interesting. Somehow my simple website, that was hosted on GoDaddy with a different ip address than the Gigahubs WAN port, got marked as malicious, and Guard blocked all attempts to connect to the domain. Even to every port on the Gigahub, which was separate from the web site, but had the same base domain name. Doesn't sound intelligent to me. 

0 Likes