What is the correct response for a DNS server when a domain does not exist?

I've recently been noticing some "odd" behavior from my ISP's DNS server when resolving non-existent domain. It's been causing me some problems and I was wondering if these DNS servers are actually conforming to the standard.

It started with them adding the feature that if you request an incorrect domain, it directs you to a search page that they run. I guess this is useful for some people when web browsing, but it borks things up for other applications particularly if the search server has some other open ports such as SMTP.

To get round this, I changed preferences with my ISP to turn this feature off. Now my ISP's DNS does something lot stranger. When a domain can not be found, it returns MY own IP address as the A name for that non-existent domain. So now if I click a link which no-longer exists, it bounces me to my own home page (run through the same Internet connection).

I'm trying to understand why being bounced to my own IP address would ever be useful. More to the point, is this the standard or are they breaking the standard for some purpose best known to themselves?


Solution 1:

Yes, your ISP is breaking the standard, but it is a common occurrence these days. Your ISP's DNS servers should be returning a NXDOMAIN response, or "Non-existent Domain".

If they are unable to do this, I would look at using external DNS servers like Google or OpenDNS, or running your own internal caching/resolving servers for your clients.

A note on OpenDNS, I believe you have to sign up for a business account to turn off NXDOMAIN redirection.

Solution 2:

No. You should get NXDOMAIN ( http://dnsknowledge.com/whatis/nxdomain-non-existent-domain-2/ ) when a domain does not exists in authoritative dns server. An example:

host foooo.serverfault.com
Host foooo.serverfault.com not found: 3(NXDOMAIN)

Google does return NXDOMAIN

 host foooo.serverfault.com 8.8.8.8
 Using domain server:
 Name: 8.8.8.8
 Address: 8.8.8.8#53
 Aliases: 

 Host foooo.serverfault.com not found: 3(NXDOMAIN)

Have you tried using your own DNS server (BIND caching dns server)? The best way to track this issue is to run dig command or better use the tcpdump command. The following will trace the delegation path from the root name servers to verify that you are getting correct data from your own authoritative dns servers:

 dig +trace your.domain.com

Solution 3:

I am not sure what the RFC is regarding this. However Window DNS returns a timeout.

> yagoo.mil
Server:  mylocaldc.com
Address:  172.27.27.10

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to mylocaldc.com timed-out

However google returns the Domain name back with no answer.

> server 8.8.8.8
Default Server:  google-public-dns-a.google.com
Address:  8.8.8.8

> yagoo.mil
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    yagoo.mil

Solution 4:

That's ... wait, what?

You really should be getting NXDOMAIN for any domain that doesn't exist.

Wildcard results on domains that don't exist are a reality these days - unfortunate as that may be. But returning the requesting IP as a wildcard... that doesn't make any sense. I've also never seen Google do anything like that.

Do you have the output of dig or nslookup that you can share to clarify what's going on?

Alternatively, are you willing to share the IP of your ISP's DNS server, or perhaps their name? I'd love to see this in action, because it makes no sense at all. I can't think of any reason why the behavior you're describing would exist.