nslookup fails but ping succeeds for nonexistent domains
Solution 1:
The system (particularly glibc, which handles name resolution) behaves erratically when the hostname of the server is a domain name. From the man page for resolv.conf:
The search list is normally determined from the local domain name; by default, it contains only the local domain name.
What this means in simple terms is that when a domain lookup fails (after nothing turns up in /etc/hosts and the resolver fails to return a useful result) the system will proceed to cheerfully remove the first part of the hostname - for example 'abcxyz.com' - and append the remainder as a search suffix.
Since '.com' is the search suffix produced by removing 'abcxyz' from the hostname, the system is appending '.com' as the search suffix for failed lookups, which produces results such as:
foobar-abcxyz.cz -> foobar-abcxyz.cz.com -> www.czjewelry.com
foobar-abcxyz.com -> foobar-abcxyz.com.com -> www.cnet.com
To correct for this, you will likely want to set the hostname of the server to a hostname such as 'hostname.abcxyz.com' instead of 'abcxyz.com' - which will in turn result in 'abcxyz.com' being appended as the search suffix by default.
As an interim measure, you can create a random MD5 checksum and add it to /etc/resolv.conf as an override for the search suffix:
uuidgen | md5sum
e930f5f4ba6ba7868b0cc6718bcef568 -echo "search e930f5f4ba6ba7868b0cc6718bcef568" >>/etc/resolv.conf
This will append 'e930f5f4ba6ba7868b0cc6718bcef568' to failed DNS lookups instead of '.com' - which in turn results in the default behavior of failed lookups for nonexistent domains. Should you change the hostname to an actual hostname, this line can be removed.
Solution 2:
Some nameservers deliberately return IPs for nonexistent domains. ISPs are notorious for doing this - they can actually monetize on advertising given on landing pages for nonexistent domains.
You could always change your resolv.conf file to use public DNS servers that are known for sure not to exhibit this behavior. Google's DNS (8.8.8.8 and 8.8.4.4) and Level3's DNS (4.2.2.1 through 4.2.2.6) both provide public DNS access and do not redirect unknown domains. (Source: https://www.grc.com/dns/alternatives.htm)