nslookup fails but ping succeeds for nonexistent domains

networking ping domain-name-system freebsd nslookup

Solution 1:

The system (particularly glibc, which handles name resolution) behaves erratically when the hostname of the server is a domain name. From the man page for resolv.conf:

The search list is normally determined from the local domain name; by default, it contains only the local domain name.

What this means in simple terms is that when a domain lookup fails (after nothing turns up in /etc/hosts and the resolver fails to return a useful result) the system will proceed to cheerfully remove the first part of the hostname - for example 'abcxyz.com' - and append the remainder as a search suffix.

Since '.com' is the search suffix produced by removing 'abcxyz' from the hostname, the system is appending '.com' as the search suffix for failed lookups, which produces results such as:

foobar-abcxyz.cz -> foobar-abcxyz.cz.com -> www.czjewelry.com

foobar-abcxyz.com -> foobar-abcxyz.com.com -> www.cnet.com

To correct for this, you will likely want to set the hostname of the server to a hostname such as 'hostname.abcxyz.com' instead of 'abcxyz.com' - which will in turn result in 'abcxyz.com' being appended as the search suffix by default.

As an interim measure, you can create a random MD5 checksum and add it to /etc/resolv.conf as an override for the search suffix:

uuidgen | md5sum
e930f5f4ba6ba7868b0cc6718bcef568 -

echo "search e930f5f4ba6ba7868b0cc6718bcef568" >>/etc/resolv.conf

This will append 'e930f5f4ba6ba7868b0cc6718bcef568' to failed DNS lookups instead of '.com' - which in turn results in the default behavior of failed lookups for nonexistent domains. Should you change the hostname to an actual hostname, this line can be removed.

Solution 2:

Some nameservers deliberately return IPs for nonexistent domains. ISPs are notorious for doing this - they can actually monetize on advertising given on landing pages for nonexistent domains.

You could always change your resolv.conf file to use public DNS servers that are known for sure not to exhibit this behavior. Google's DNS (8.8.8.8 and 8.8.4.4) and Level3's DNS (4.2.2.1 through 4.2.2.6) both provide public DNS access and do not redirect unknown domains. (Source: https://www.grc.com/dns/alternatives.htm)

Related

Cannot SSH tunnel with PuTTY (Windows Vista) to connect to MySQL on a Linux box
Help running multiple websites on apache2
Slow starting Domain Controller after installing Enterprise Certificate Authority in Windows 2008 R2
List all symbolic links on a directory
Ports used for Lync Edge server
How to set permissions on registry keys from the command line?
Postfix and myhostname/mydomain
Filtering varnishlog v4
Nagios - NSClient++ cannot run included external script
Migrate from old to new postfix/dovecot mail server
Pre-populating GCE persistent disks while building and/or before running Docker image on GKE
Hyper V Create Virtual Machine Operation Failed