I have a 64-bit x86 Linux server running CentOS 6 and VirtualMin. It supports one domain. It does not run "named". It is configured, via WebMin to send all its DNS requests to the hosting service's DNS. Here's the /etc/resolv.conf file that Webmin generated:
So far, so good. Now, if I ping a nonexistent domain while logged into the server with ssh (and "noexample.com" really isn't registered), I get diverted to a CNET search site:
ping noexample.com
PING phx1-ss-2-lb.cnet.com (64.30.224.112) 56(84) bytes of data.
64 bytes from phx1-ss-2-lb.cnet.com (64.30.224.112): icmp_seq=1 ttl=246 time=11.8 ms
64 bytes from phx1-ss-2-lb.cnet.com (64.30.224.112): icmp_seq=2 ttl=246 time=12.0 ms
OK, the upstream DNS server must be doing that, right? Let's ask it.
host noexample.com
Host noexample.com not found: 3(NXDOMAIN)
No, it's not being found by DNS lookups. I've tried "nslookup", too; it's looking at the correct server, and it doesn't find that domain. It finds real domains OK.
This even affects my own programs that call "getaddrinfo".
There's no HOSTALIASES shell variable set ("getaddrinfo" looks at that.)
I have a 64-bit x86 Linux server running CentOS 6 and VirtualMin. It supports one domain. It does not run "named". It is configured, via WebMin to send all its DNS requests to the hosting service's DNS. Here's the /etc/resolv.conf file that Webmin generated:
So far, so good. Now, if I ping a nonexistent domain while logged into the server with ssh (and "noexample.com" really isn't registered), I get diverted to a CNET search site:
OK, the upstream DNS server must be doing that, right? Let's ask it.
No, it's not being found by DNS lookups. I've tried "nslookup", too; it's looking at the correct server, and it doesn't find that domain. It finds real domains OK.
This even affects my own programs that call "getaddrinfo".
There's no HOSTALIASES shell variable set ("getaddrinfo" looks at that.)
/etc/hosts looks like this (censored slightly):
How are unsuccessful DNS lookups being hijacked?