What to do if I get ping results for non-existing hosts?

2

When I am pinging non-existing host like 'zzz' or 'qwerty'

I am getting the following result

Pinging zzz.kanisa.com [209.62.20.200] with 32 bytes of data:

Reply from 209.62.20.200: bytes=32 time=60ms TTL=46
Reply from 209.62.20.200: bytes=32 time=66ms TTL=46

It looks like a virus to me. But I was unable to find a solution on web. Any ideas how to fix it?

Even more ridiculous results with nslookup

C:\> nslookup google.com
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    google.com.kanisa.com
Address:  209.62.20.200

How to get rid of it?

bublegumm

Posted 2010-05-08T03:35:16.530

Reputation: 175

Answers

0

For name lookup, the DNS client uses DNS Suffixes which can be changed here for Windows XP:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\SearchList

bublegumm

Posted 2010-05-08T03:35:16.530

Reputation: 175

Aha, I somehow thought your were on a Mac. I'm sure there is some "Advanced" setting in some dialog for that on Windows as well. – Arjan – 2010-05-08T17:12:54.063

2

There is a wildcard DNS entry for *.kanisa.com which points at that IP. That means that even if there is no website hosted for that subdomain, all non-explicitly defined entries for that domain point to 209.62.20.200, which, apparently, responds to ICMP ECHO requests.

MDMarra

Posted 2010-05-08T03:35:16.530

Reputation: 19 580

Sounds like exact answer to me. I wonder how I can fix it. I cannot reproduce it on my second laptop so I guess it is local issue. – bublegumm – 2010-05-08T14:35:50.357

1IF you have "kanisa.com" set as a search domain in your network connection preferences, anything you ping from that one location that isn't fully qualified will append kanisa.com to the end. – MDMarra – 2010-05-08T16:44:45.753

1

You will be interested to notice that I get similar results too :-)

$ ping zzz.kanisa.com
PING zzz.kanisa.com (209.62.20.200): 56 data bytes
64 bytes from 209.62.20.200: icmp_seq=0 ttl=57 time=390 ms

So,

  1. zzz.kanisa.com resolves the same way for all
    Nothing special in zzz.kanisa.com resolving to 209.60.20.200 for you
  2. But, why does zzz get converted to zzz.kanisa.com for you?
    That means, you have kanisa.com as your local domain name.
    Is that expected? If so, ping abc would also look for abc.kanisa.com
    And, resolve to the same IP (wildcard DNS as MarkM explains).

So, the real question becomes: Is kanisa.com your default domain name?

nik

Posted 2010-05-08T03:35:16.530

Reputation: 50 788

No, it is not my domain name. Although I am not sure what default in this context means. – bublegumm – 2010-05-08T14:36:19.153

@bublegumm, see the default search domain, in your network preferences, Advanced, DNS, like here.

– Arjan – 2010-05-08T16:32:45.457

Asked: 2010-05-08T03:35:16.530

Viewed: 1 737 times

Active: 2011-03-01T15:15:32.013