pings for unknown hosts ping 8.15.7.100

Running Ubuntu 9.04. I can ping hosts all day long but when I try to ping a host that doesn't exist, it instead sends pings to 8.15.7.100, which turns in to packet loss, but I'd prefer it if it told me the host cannot be found.

$ ping google.com
PING google.com (66.249.90.104) 56(84) bytes of data.
64 bytes from lga15s04-in-f104.1e100.net (66.249.90.104): icmp_seq=1 ttl=55 time=31.3 ms

$ ping somehost
PING somehost (8.15.7.100) 56(84) bytes of data.

I'm new to Ubuntu so this might be a feature, but anything I can do about it?

user27864

Posted 2010-02-11T00:20:13.567

Reputation:

Answers

You'll need to determine where your system is getting the weird IP.

Some ISPs configure their DNS servers to hijack DNS responses for non-existent domain names. Their purpose is generally to send a web-browser to a "search" site to make money by displaying advertisements. Unfortunately, this practice breaks the NXDOMAIN response that DNS would otherwise use to tell your computer that there's no DNS entry for the host.

If somehost isn't a full domain name, it's more likely your system or local DNS server is misconfigured. You can use dig to query DNS servers to help troubleshoot; see the DiG HowTo and man dig for details.

quack quixote

Posted 2010-02-11T00:20:13.567

Reputation: 37 382

It's the ISP; playing tricks.

See the following article:

http://www.michaelgeist.ca/content/view/3199/125/

Rogers Cable uses 8.15.7.107

JMac

Posted 2010-02-11T00:20:13.567

Reputation: 11

This has certainly nothing to do with your pc/OS/router. I run several Linux systems, none of them replied the way yours does. As pointed out already, this is, most likely, a trick played by your ISP.

There are two things that you can do about this. On the one hand, you can study your ISP's behaviour by downloading, installing and running Namebench, a Google test to compare your current ISP's DNS performance against Google's. Besides just timing several possibilites, it also tries to establish whether your ISP performs any kind of filtering, by trying to identify commonly blocked URLs. The report of the test will clarify what your ISP is really up to.

If the outcome of this is not fully satisfactory to you, you may wish to install DNSCrypt, a software package available for several OSes (Windows and MacOS users can find it here) which allows you to encrypt all of your DNS traffic and move it to a seldom-used port. This allows you to bypass ISP's filters which recognize either filter or protocol, and get access to one of a series of providers (chief among them is OpenDNS) willing to provide encrypted DNS resolution. This will restore full capabilities to your pc/LAN, whatever.

MariusMatutiae

Posted 2010-02-11T00:20:13.567

Reputation: 41 321

I did a whois lookup on the 'resolved' IP -- 8.15.7.100,

IP address :            8.15.7.100    
IP country code:        US  
IP address country:     United States  
IP address state:       California  
IP address city:        Beverly Hills  
IP postcode:            90212  
IP address latitude:    34.0607
IP address longitude:   -118.4032
ISP of this IP :        Level 3 Communications
Organization:           Co-Location.com 

Level 3 Communications, Inc. LVLT-ORG-8-8 (NET-8-0-0-0-1)
8.0.0.0 - 8.255.255.255

Co-Location.com Inc. LVLT-COLOC-1-8-15-7-96 (NET-8-15-7-96-1)
8.15.7.96 - 8.15.7.127

This may be familiar to you -- like Quack describes.
This maybe something configured along with your ISP related network setup.

If this reference is not familiar to your, you should dig this up for details.
It is always important to know where your unresolved network paths lead to.

nik

Posted 2010-02-11T00:20:13.567

Reputation: 50 788