How does browser resolve unregistered domains like .ph or .ws?
It depends.
And it depends a lot on which recusive nameserver your browser is using, as it can be lying. Also, it happens more and more today that browsers like Firefox or Google Chrome are able to use DoH (DNS over HTTPS) and hence any external server to do DNS resolution
So whatever DNS resolver you are using can lie to you if a domain does not exist and respond in such a way that your browser will be directed through some specific page. Various extensions or configuration items in your browser can also get you the same behaviour.
But for your specific example, it works because the registry of .PH has a wildcard in its zone.
You can check it easily:
$ dig ph. NS +short
1.ns.ph.
ns2.cuhk.edu.hk.
ph.communitydns.net.
ns4.apnic.net.
$ dig \*.ph A @1.ns.ph. +noall +ans +nottlunits
*.ph. 300 IN A 45.79.222.138
This wildcard means that, no matter which name you query for, if there are no other records (a real registered name), you will get this IP address. Note that the wildcard applies only to A
:
$ dig \*.ph AAAA @1.ns.ph. +noall +ans +nottlunits
(no data)
$ dig \*.ph NS @1.ns.ph. +noall +ans +nottlunits
(no data)
This case is only possible for ccTLDs (but few do it) because it is prohibited in gTLDs by ICANN rules, after the infamous Verisign SiteFinder "experiment" in the past.
And when this happens, it does not impact just a browser and HTTP traffic, but everything. Which is root of the problem: imagine there is a valid example.ph
domain and you have to send an highly sensitive information (and not encrypting the message), to [email protected]
but you do a typo and send to [email protected]
where this exanple.ph
domain does not exist... but it will resolve and per SMTP rules, even without MX
record, the message will be sent over to the IP address (wildcard) that exanple.ph
resolves to, and then it depends if an MTA is listening there or not.
.ws
ccTLD (yes it is a country) has the same kind of wildcard:
$ dig ws. NS +short
ns5.dns.ws.
us3.dns.ws.
us4.dns.ws.
a.dns.ws.
ns2.dns.ws.
s.dns.ws.
$ dig @s.dns.ws \*.ws. A +noall +ans +nottlunits
*.ws. 300 IN A 64.70.19.203