John Nagle - 2012-03-31

I have a 64-bit x86 Linux server running CentOS 6 and VirtualMin.  It supports one domain.  It does not run "named".  It is configured, via WebMin to send all its DNS requests to the hosting service's DNS.  Here's the /etc/resolv.conf file that Webmin generated:

cat /etc/resolv.conf

So far, so good. Now, if I ping a nonexistent domain while logged into the server with ssh (and "" really isn't registered), I get diverted to a CNET search site:

PING ( 56(84) bytes of data.
64 bytes from ( icmp_seq=1 ttl=246 time=11.8 ms
64 bytes from ( icmp_seq=2 ttl=246 time=12.0 ms

OK, the upstream DNS server must be doing that, right? Let's ask it.

Host not found: 3(NXDOMAIN)

No, it's not being found by DNS lookups.  I've tried "nslookup", too; it's looking at the correct server, and it doesn't find that domain.  It finds real domains OK.

This even affects my own programs that call "getaddrinfo".

There's no HOSTALIASES shell variable set ("getaddrinfo" looks at that.)

/etc/hosts looks like this (censored slightly):

 cat /etc/hosts
# =============================================================
# Network Hosts File generated by BareMetal
# ============================================================= 69-64-68-000 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6

How are unsuccessful DNS lookups being hijacked?