where to find used dns settings

1

my /etc/resolv.conf use 8.8.8.8 and all 3 dig below answers without a A reocrd

dig some_unregistred_adress.se
dig @8.8.8.8 some_unregistred_adress.se
dig @127.0.0.1 some_unregistred_adress.se

but if i ping some_unregistred_adress.se i end up pinging my server, thats not even at the same ISP as this computer, only connection i know is that this computers hostname is a subdomain of my server.

Where is ping and other softwhere geting the IP adresses from unregistered domains?

some relevant output:

puggan@rito ~ $ uname -a
Linux rito.work.puggan.se 2.6.38-gentoo-r6 #2 SMP Thu Jul 14 14:36:14 CEST 2011 i686 AMD Athlon(tm) II X2 245 Processor AuthenticAMD GNU/Linux


puggan@rito ~ $ dig @127.0.0.1 some_unregistred_adress.se

; <<>> DiG 9.7.3 <<>> @127.0.0.1 some_unregistred_adress.se
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 8080
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;some_unregistred_adress.se.    IN      A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Dec  2 15:51:31 2011
;; MSG SIZE  rcvd: 44


puggan@rito ~ $ ping -c 1 some_unregistred_adress.se
PING puggan.se (83.248.176.173) 56(84) bytes of data.
64 bytes from c83-248-176-173.bredband.comhem.se (83.248.176.173): icmp_req=1 ttl=52 time=34.4 ms

--- puggan.se ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 34.406/34.406/34.406/0.000 ms


puggan@rito ~ $ egrep "^(#|$)" -v /etc/resolv.conf
nameserver 8.8.8.8
nameserver 130.244.127.162
nameserver 130.244.127.170
nameserver 192.168.1.32

Puggan Se

Posted 2011-12-02T15:13:49.750

Reputation: 278

Anything in /etc/hosts? – Matti Virkkunen – 2011-12-02T15:16:10.877

nothing relevant: egrep "^(#|$)" -v /etc/hosts 127.0.0.1 localhost 127.0.0.1 guide.opendns.com ::1 localhost 83.191.245.100 maple-info.net 83.191.245.100 www.maple-info.net 83.254.38.187 mrzoom-egotripp – None – 2011-12-02T15:17:12.637

Marc B: yes, but dig should be catched to then, as opendns do, if i ran "dig @208.67.220.220 some_unregistred_adress.se" i get a false A record – None – 2011-12-02T15:18:53.370

Answers

2

  1. You are not using fully-qualified domain names;
  2. your domain search path for converting names to FQDNs includes puggan.se.; and
  3. there is a wildcard at *.puggan.se that matches some_unregistred_adress.se.puggan.se. and that has a cname resource record set pointing to puggan.se.

Use fully-qualified domain names if you don't want to use the search path behaviour that you have configured in your DNS client library.

Further reading

JdeBP

Posted 2011-12-02T15:13:49.750

Reputation: 23 855

2

Some ISPs intercept DNS requests and redirect them to their own, and serve up bad answers (e.g. their own spamvertising sites) in the hopes of making a few pennies off nonexistent/mis-typed domains.

As well, whoever's running the .se TLD can also have a wildcard *.se DNS entry to catch all non-existent .se domain lookups as well. For .se, this seems to be "one.com": 

$ nslookup -type=soa blahblah.se
Server:  access.usask.ca
Address:  128.233.3.1

Non-authoritative answer:
blahblah.se
        primary name server = ns01.one.com
        responsible mail addr = hostmaster.one.com
        serial  = 2004000000
        refresh = 10800 (3 hours)
        retry   = 1800 (30 mins)
        expire  = 1209600 (14 days)
        default TTL = 900 (15 mins)

blahblah.se     nameserver = ns01.one.com
blahblah.se     nameserver = ns02.one.com
ns01.one.com    internet address = 195.47.247.5
ns02.one.com    internet address = 91.198.169.5</strike>

ok... should've picked a way more random/non-existent domain for this particular test. nslookup asdfasdfasdfasdfasdfadsf.se does return no-such-host.

Marc B

Posted 2011-12-02T15:13:49.750

Reputation:

nslookup -type=soa some_unregistred_adress.se Server: 8.8.8.8 Address: 8.8.8.8#53

** server can't find some_unregistred_adress.se: NXDOMAIN – None – 2011-12-02T15:21:02.353

blahblah.se is a reigistred doamin, owned by HENRIK FORSELL – None – 2011-12-02T15:22:17.253

for asdfasdfasdfasdfasdfadsf.se dig and nslookup give no a record, and ping gives me the same ip as my server – None – 2011-12-02T15:31:15.113

ping should be using the system resolver settings, so ping/telnet/traceroute/ssh/etc... should all get the same IP when they look it up. – None – 2011-12-02T15:46:51.367

they all have the same problem, but programs like dig and nslookup don't, and they use /etc/resolv.conf, so what backup plan are the system resolver using, i guess its using my hostname somehow, and i want to turn it off – Puggan Se – 2011-12-03T17:26:03.160

0

Got same problem again, forgot to write my soulution last time.

to turn off search domain i added search . in /etc/dhcpcd.conf (gentoo)

Puggan Se

Posted 2011-12-02T15:13:49.750

Reputation: 278

Asked: 2011-12-02T15:13:49.750

Viewed: 511 times

Active: 2015-03-17T12:59:25.013