The following DNS servers provided by BSNL are now hijacking NXDOMAIN records:
218.248.255.211
218.248.255.212
The IP 52.74.158.221 (reverse DNS: ec2-52-74-158-221.ap-southeast-1.compute.amazonaws.com.) is of domain-error.com which then hijacks the HTTP request. That site shows search results related to the HTTP request and also has affiliate links to various e-commerce sites.
These nameservers sometimes also hijack legitimate domains like www.citibank.com which is a very serious issue.
See DNS hijacking - Wikipedia, the free encyclopedia for details on such practices.
It's best to use Google Public DNS (8.8.8.8, 8.8.4.4) or use BIND or dnsmasq (with the bogus NX domain override setting configured) on your router.
218.248.255.211
218.248.255.212
Code:
$ dig google.comw @218.248.255.212
; <<>> DiG 9.9.5-9+deb8u4-Debian <<>> google.comw @218.248.255.212
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9992
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.comw. IN A
;; ANSWER SECTION:
google.comw. 300 IN A 52.74.158.221
;; Query time: 689 msec
;; SERVER: 218.248.255.212#53(218.248.255.212)
;; WHEN: Thu Dec 24 00:13:16 IST 2015
;; MSG SIZE rcvd: 56The IP 52.74.158.221 (reverse DNS: ec2-52-74-158-221.ap-southeast-1.compute.amazonaws.com.) is of domain-error.com which then hijacks the HTTP request. That site shows search results related to the HTTP request and also has affiliate links to various e-commerce sites.
These nameservers sometimes also hijack legitimate domains like www.citibank.com which is a very serious issue.
See DNS hijacking - Wikipedia, the free encyclopedia for details on such practices.
It's best to use Google Public DNS (8.8.8.8, 8.8.4.4) or use BIND or dnsmasq (with the bogus NX domain override setting configured) on your router.
