DNS issue or what, ping problem

My router is always left on but I only log in to the ISP when I want. I usually do this by just issuing a "ping www.bbc.co.uk" at a terminal window. There's a few secs delay and I see the router light come on and then window shows the usual with the IP address and times.

Here's the problem.

I see an indication for the IP address _before_ the router logs in and this IP address is _not_ the BBC's. A whois lookup only shows it as part of a block in America. That is, instead of the window just showing my ping command only and _then_ when login has happened the IP and times show up, I _immediately_ see this -

ping www.bbc.co.uk (aa.bb.cc.dd) with bytes of data

the () brackets IP is the rogue address and normally no address is shown at this stage.

I have the ISP's DNS set in the router.

Is this a case of poisoned DNS or could there be a malware issue?

What IP do you see?

Matt

In reply to a post by Anonymous:

I see an indication for the IP address _before_ the router logs in and this IP address is _not_ the BBC's.

Do you mean an indication in the displayed ping results? I'm not clear what you are talking about. Post the ping output exactly that you are talking about.

I don't understand how you can have the router ON but not logged in to ISP. Is it a special router or ISP, or do you do something special to achieve this?

Anyway, if you are not logged into your ISP somehow, there can't be any DNS in operation until you do log in.

Maybe he means his connection is not set to "always on" ?

Ah OK! I've never known how anything other than that worked

Yes xrayspex, most routers I've encountered can set the ISP login to "always on", "on demand" or a box "connect/disconnect".

So this router is sitting synced at 8Meg but waiting to get its dynamic address from the ISP login.

Normally, a hit on a bookmark in Firefox will initiate a login but most times the "ping www.bbc.co.uk" command is used in a terminal.

That command will be the only text showing _until_ the login is done, then the usual info with the correct IP and the trip time will scroll on until it's stopped.

The anomaly is arising with once the Enter key is hit after the command, immediately is shown

ping www.bbc.co.uk (207.67.186.88)

So where is it getting that address from, is my query?

There's plenty tryingto help with the question, but

My router is always left on but I only log in to the ISP when I want.

Why?

Is your PC set to DHCP and getting its IP and DNS settings from the DSL Router?

If so, it is the DNS daemon on the DSL router returning that IP address.

What happens if you ping something other than www.bbc.co.uk ?

Surely the fix for this is to change the router settings to 'always on' rather than 'connect on demand'.

Seems a most unusual way to want to connect. Surely just by opening your browser application it would force a connection as it connects to your chosen home page ?
What settings are you using in your browser, the LAN should be set to 'never dial a connection' or similar.

I can't help but think you are making hard work for yourself.

In reply to a post by Anonymous:

So where is it getting that address from, is my query?

Your computer can cache DNS lookups.