I have a 64-bit x86 Linux server running CentOS 6 and VirtualMin. It supports one domain. It does not run "named". It is configured, via WebMin to send all its DNS requests to the hosting service's DNS. Here's the /etc/resolv.conf file that Webmin generated:
So far, so good. Now, if I ping a nonexistent domain while logged into the server with ssh (and "noexample.com" really isn't registered), I get diverted to a CNET search site:
PING phx1-ss-2-lb.cnet.com (22.214.171.124) 56(84) bytes of data.
64 bytes from phx1-ss-2-lb.cnet.com (126.96.36.199): icmp_seq=1 ttl=246 time=11.8 ms
64 bytes from phx1-ss-2-lb.cnet.com (188.8.131.52): icmp_seq=2 ttl=246 time=12.0 ms
OK, the upstream DNS server must be doing that, right? Let's ask it.
Host noexample.com not found: 3(NXDOMAIN)
No, it's not being found by DNS lookups. I've tried "nslookup", too; it's looking at the correct server, and it doesn't find that domain. It finds real domains OK.
This even affects my own programs that call "getaddrinfo".
There's no HOSTALIASES shell variable set ("getaddrinfo" looks at that.)
/etc/hosts looks like this (censored slightly):
# Network Hosts File generated by BareMetal
127.0.0.1 myownhostname.com 69-64-68-000 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
How are unsuccessful DNS lookups being hijacked?