5

On my VPSs with LeaseWeb, whenever I reach an non-existent host, I get search.com domain name, and if I ping a non-existent domain from SSH, I don't get "host not found" but replies from IPs like these: phx1-ss-2-lb.cnet.com

My host is doing something, what exactly? Can I disable this?

It looks like search.com fetches all traffic to nonexistent domains, must have some advertising deal with my host maybe ?!

It messes up my mail server, sending emails even if host doesn't really exist, then gets jammed with bounces from @xx.xx.cnet.com

I am also waiting for a reply from my host but I want to know what you think.

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
adrianTNT
  • 1,077
  • 6
  • 22
  • 43
  • 5
    One resolution I can think of would be to change the DNS servers that your server uses. Are you contractually or technically bound to using the DNS servers that LeaseWeb provides? – joeqwerty Oct 06 '11 at 23:06
  • I don't think I am. But... how do I pick the right (reliable) DNS to use? – adrianTNT Oct 06 '11 at 23:10
  • Well, I would probably use Google's public DNS servers. If you don't have an internal DNS server and don't need one, then I don't see any reason you can't switch to using Google's or someone else's. – joeqwerty Oct 06 '11 at 23:13
  • In /etc/resolv.conf an entry "search com" had to be removed. – adrianTNT Oct 07 '11 at 00:29

2 Answers2

13

Sounds like NXDOMAIN hijacking.

What DNS servers is your device using, and can you change them to a non-hijacking recursive lookup server?

Shane Madden
  • 114,520
  • 13
  • 181
  • 251
  • In /etc/resolv.conf I had 62.212.65.123 and 62.212.64.122, but after these it was "search com" while on other servers was "search localdomain", the "search com" probably caused the problem. – adrianTNT Oct 07 '11 at 00:29
  • Those belong to leaseweb. As @up_the_irons suggested, Google's public DNS servers are well-behaved and generally very fast, give them a try. – Shane Madden Oct 07 '11 at 00:31
4

Sounds like NXDOMAIN hijacking to me as well.

Replace the name servers in your /etc/resolv.conf and use Google's instead:

8.8.8.8 and 8.8.4.4

up_the_irons
  • 321
  • 1
  • 2