| View previous topic :: View next topic |
| Author |
Message |
jesnow
l33t
Joined: 26 Apr 2006
Posts: 892
|
 Posted: Wed Nov 18, 2020 12:03 am Post subject: no-dns network matches random names [solved] |
 |
|
This is a strange behavior:
I run a small network at home and the router takes care of forwarding dns requests. Between hosts I use entries in /etc/hosts and fixed ip addresses, so i don't have to run bind. I don't want to run bind. BUT if a make a typo in a host name, my router seems to send the request to some random server:
| Code: |
jesnow@merckx ~ $ ping xyzzy
PING xyzzy (23.202.231.169) 56(84) bytes of data.
64 bytes from a23-202-231-169.deploy.static.akamaitechnologies.com (23.202.231.169): icmp_seq=1 ttl=50 time=56.0 ms
64 bytes from a23-202-231-169.deploy.static.akamaitechnologies.com (23.202.231.169): icmp_seq=2 ttl=50 time=55.9 ms
64 bytes from a23-202-231-169.deploy.static.akamaitechnologies.com (23.202.231.169): icmp_seq=3 ttl=50 time=56.0 ms
^C
--- xyzzy ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 55.930/55.963/55.989/0.024 ms
jesnow@merckx ~ $ ping 8348jffjk
PING 8348jffjk (23.217.138.110) 56(84) bytes of data.
64 bytes from a23-217-138-110.deploy.static.akamaitechnologies.com (23.217.138.110): icmp_seq=1 ttl=51 time=54.3 ms
64 bytes from a23-217-138-110.deploy.static.akamaitechnologies.com (23.217.138.110): icmp_seq=2 ttl=51 time=54.3 ms
64 bytes from a23-217-138-110.deploy.static.akamaitechnologies.com (23.217.138.110): icmp_seq=3 ttl=51 time=53.6 ms
64 bytes from a23-217-138-110.deploy.static.akamaitechnologies.com (23.217.138.110): icmp_seq=4 ttl=51 time=53.8 ms
64 bytes from a23-217-138-110.deploy.static.akamaitechnologies.com (23.217.138.110): icmp_seq=5 ttl=51 time=54.0 ms
^C
--- 8348jffjk ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4004ms
rtt min/avg/max/mdev = 53.627/54.005/54.297/0.268 ms
jesnow@merckx ~ $ ping bartali
PING bartali (192.168.1.116) 56(84) bytes of data.
64 bytes from bartali (192.168.1.116): icmp_seq=1 ttl=64 time=0.102 ms
64 bytes from bartali (192.168.1.116): icmp_seq=2 ttl=64 time=0.100 ms
64 bytes from bartali (192.168.1.116): icmp_seq=3 ttl=64 time=0.065 ms
^C
--- bartali ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2033ms
rtt min/avg/max/mdev = 0.065/0.089/0.102/0.017 ms
jesnow@merckx ~ $
|
Bartali is the local server, and the other two are random. This seems like it's not the behavior I want. Why would *anyone* want it to do that? I'm not sure what router setting to disable to prevent it from matching names without a domain.
Any insight gratefully accepted. For now it seems like a quirk.
Jon.
Last edited by jesnow on Mon Dec 14, 2020 3:46 am; edited 1 time in total |
|
| Back to top |
|
 |
mike155
Advocate
Joined: 17 Sep 2010
Posts: 4438
Location: Frankfurt, Germany
|
| Posted: Wed Nov 18, 2020 1:08 am Post subject: |
|
|
Interesting!
I get
| Code: | # ping xyzzy
ping: xyzzy: No address associated with hostname |
Please post your file '/etc/resolv.conf' and the output of
|
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23066
|
| Posted: Wed Nov 18, 2020 2:25 am Post subject: |
|
|
| There is a known defect with some ISPs that they mishandle DNS requests for non-existent domains. Instead of returning NXDOMAIN as they should, they return an A record pointing to some server they control, in the hope that the request came from a web browser that they can mislead into connecting to that server. The resulting server is usually infested with ads and may, if you are lucky, attempt to guess what you meant and suggest that to you - all in Javascript-laden HTML, of course. This behavior breaks a variety of conforming clients, among them web browsers and mail transport agents, which expect that requesting resolution of a non-existent domain will result in an answer that the domain does not exist. Such ISPs consider this misbehavior a "feature" or a "service to their users" and adamantly insist that they are doing a good thing and that you should just live with their DNS resolver being broken. |
|
| Back to top |
|
|
jesnow
l33t
Joined: 26 Apr 2006
Posts: 892
|
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23066
|
| Posted: Wed Nov 18, 2020 5:47 pm Post subject: |
|
|
| If the broken ISP nameserver is returning consistent addresses for the override, you might be able to configure your local resolver to rewrite responses with that A record to report NXDOMAIN to your client. Failing that, you could add an unreachable route to the bad addresses, so that traffic is stopped locally before getting to them. (This is not as good as NXDOMAIN, as clients will still wrongly think the host exists.) |
|
| Back to top |
|
|
AlexJGreen
Tux's lil' helper
Joined: 19 Sep 2018
Posts: 149
|
| Posted: Wed Nov 18, 2020 6:29 pm Post subject: |
|
|
_
Last edited by AlexJGreen on Mon Dec 28, 2020 3:01 am; edited 1 time in total |
|
| Back to top |
|
|
jesnow
l33t
Joined: 26 Apr 2006
Posts: 892
|
| Posted: Sat Nov 21, 2020 11:14 pm Post subject: |
|
|
| Yes. |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23066
|
| Posted: Sat Nov 21, 2020 11:51 pm Post subject: |
|
|
| That suggests the ISP does not intercept / redirect DNS traffic, but does mishandle requests that you send directly to them. In some rare cases, you can opt out of this DNS mangling, after which your ISP will handle DNS queries correctly. How to do this is very ISP-specific though. |
|
| Back to top |
|
|
jesnow
l33t
Joined: 26 Apr 2006
Posts: 892
|
| Posted: Sun Nov 22, 2020 2:38 am Post subject: |
|
|
| I have to go look for the "Route my dns typos intended for the local net to random outside servers" check box and clear it! |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23066
|
| Posted: Sun Nov 22, 2020 5:31 am Post subject: |
|
|
| One option, which may or may not be available, would be to direct your local resolver not to delegate unqualified hostnames up to the ISP. This wouldn't help when you incorrectly request nosuchdomain.org, but it would stop nosuchhost from resolving. |
|
| Back to top |
|
|
jesnow
l33t
Joined: 26 Apr 2006
Posts: 892
|
| Posted: Mon Dec 14, 2020 3:46 am Post subject: |
|
|
Solution: It's actually very simple: Don't use your router as a nameserver. Use for example 4.4.4.4 or 8.8.8.8, they don't do that.
in /etc/resolv.conf:
| Code: | domain vesarius.net
nameserver 8.8.8.8
#nameserver 2600:1700:a90:1b20::1
|
Seems to work.
Jon. |
|
| Back to top |
|
|
Tony0945
Watchman
Joined: 25 Jul 2006
Posts: 5127
Location: Illinois, USA
|
| Posted: Mon Dec 14, 2020 1:58 pm Post subject: |
|
|
| Better yet net-dns/dnsmasq |
|
| Back to top |
|
|
|
Networking & Security
