All invalid hosts gets resolved to "com.org"

5

vi@vi-server:~$ nslookup nonexistent.itransition.com
Server:         8.8.8.8
Address:        8.8.8.8#53

** server can't find nonexistent.itransition.com: NXDOMAIN

vi@vi-server:~$ cat /etc/resolv.conf 
nameserver 8.8.8.8

It does not exist. The same result from dig nonexistent.itransition.com.

vi@vi-server:~$ ping nonexistent.itransition.com
PING nonexistent.itransition.com.org (216.234.246.153) 56(84) bytes of data.
64 bytes from 99.f6.ead8.static.theplanet.com (216.234.246.153): icmp_seq=1 ttl=46 time=128 ms
64 bytes from 99.f6.ead8.static.theplanet.com (216.234.246.153): icmp_seq=2 ttl=46 time=128 ms

It catches all invalid hostnames? Why? How to prevent?

Strace output:

$ strace -s1024 ping nonexistent.itransition.com
execve("/bin/ping", ["ping", "nonexistent.itransition.com"], [/* 18 vars */]) = 0
...
socket(PF_INET, 0x802 /* SOCK_??? */, IPPROTO_IP) = 3
connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("8.8.8.8")}, 16) = 0
...
send(3, "\6\340\1\0\0\1\0\0\0\0\0\0\vnonexistent\vitransition\3com\0\0\1\0\1"..., 45, MSG_NOSIGNAL) = 45
...
recvfrom(3, "\6\340\201\203\0\1\0\0\0\1\0\0\vnonexistent\vitransition\3com\0\0\1\0\1\300\30\0\6\0\1\0\0\5\270\0;\3ns1\fworldwidedns\3net\0\16it@itransition\300$w\336\23.\0\0T`\0\0*0\0\t:\200\0\0\250\300"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("8.8.8.8")}, [16]) send(3, "6c\1\0\0\1\0\0\0\0\0\0\vnonexistent\vitransition\3com\3org\0\0\1\0\1"..., 49, MSG_NOSIGNAL) = 49= 116
close(3)            

# Why it tries .com.org after that?
socket(PF_INET, 0x802 /* SOCK_??? */, IPPROTO_IP) = 3
connect(3, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("8.8.8.8")}, 16) = 0
...
send(3, "6c\1\0\0\1\0\0\0\0\0\0\vnonexistent\vitransition\3com\3org\0\0\1\0\1"..., 49, MSG_NOSIGNAL) = 49
...
recvfrom(3, "6c\201\200\0\1\0\1\0\0\0\0\vnonexistent\vitransition\3com\3org\0\0\1\0\1\300\f\0\1\0\1\0\0\f\304\0\4\330\352\366\231"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("8.8.8.8")}, [16]) = 65
close(3)

Vi.

Posted 2011-02-02T13:49:00.710

Reputation: 13 705

Can you post your /etc/resolv.conf? – coneslayer – 2011-02-02T13:55:59.110

@coneslayer, ready. – Vi. – 2011-02-02T14:00:34.067

Thanks, I was thinking there might be a wonky "search" line but it doesn't look like that's the problem. – coneslayer – 2011-02-02T14:04:49.833

What's your DNS suffix? – Hello71 – 2011-05-23T01:58:11.433

@Hello71, What is DNS suffix? Where to look for it? Should it be in /etc/result.conf (already posted in question)? – Vi. – 2011-05-23T02:01:44.590

Answers

1

Try the ICSI Netalyzr. It's a Java application that can test your Internet connection for signs of trouble. Your ISP might be redirecting your DNS lookups to their own servers to sell ads or for some other reason.

chuck

Posted 2011-02-02T13:49:00.710

Reputation: 504

Looks more like name resultion issue: attached strace output of ping. It fails to find host an tries to append ".org" for some reason. – Vi. – 2011-05-23T01:55:07.277

Asked: 2011-02-02T13:49:00.710

Viewed: 228 times

Active: 2011-05-23T01:54:02.833