Automatically getting redirected to hugedomains.com

pnwbob · Mar 21, 2016, 2:52 AM

Whenever I type a url that can't be found I'm redirected to hugedomains.com >:(. It happens especially quickly if I just type http://anyword without the gTLD suffix. The reason I'm posting my redirect issue here is that if I plug into the frontier router upstream of my pfSense router it redirects to http://search.frontier.com not hugedomains.com (I can accept that happening). The redirection happens almost instantaneously when I'm plugged into the pfSense router, but takes a while with the frontier router. It happens with any device downstream of the pfSense router.

When I look at the dashboard on my pfSense router the dns servers are:
127.0.0.1
8.8.8.8
8.8.4.4

I didn't click the checkbox for "Allow DNS server list to be overridden by DHCP/PPP on WAN". The primary dns in my Ubuntu machine is the ip address for the pfSense router. As far as I can tell all is well. Just giving me the heebie-jeebies.

Here's hoping it doesn't mean bad things.

Thanks for whatever help you can provide.

-Bob

Derelict · Mar 21, 2016, 4:44 AM

Do you have pfSense DNS Forwarder configured or DNS Resolver?

Regardless of which one, how is it configured?

Learn to use dig or drill to solve DNS problems.

Personally I will not tolerate that kind of DNS shenanigans. I want NXDOMAIN returned not some stupid ad site.

pnwbob · Mar 21, 2016, 5:29 AM

I was using DNS Forwarder, but after doing some reading I switched to using the DNS Resolver since it is now the default. No change in the outcome though. It does bug me to no end that I'm getting redirected.

Here's nslookup:

nslookup abcquq12examfooltest.com
Server: 127.0.1.1
Address: 127.0.1.1#53

** server can't find abcquq12examfooltest.com: NXDOMAIN

If I go to abcquq12examfooltest.com in a browser it redirects to hugedomains.com again :-(

However if I do a nslookup of the hostname "weird" with no suffix I get this:

nslookup weird
Server: 127.0.1.1
Address: 127.0.1.1#53

Non-authoritative answer:
weird.mydomain.com canonical name = hdredirect-lb-399551664.us-east-1.elb.amazonaws.com.
Name: hdredirect-lb-399551664.us-east-1.elb.amazonaws.com
Address: 52.21.180.233
Name: hdredirect-lb-399551664.us-east-1.elb.amazonaws.com
Address: 52.3.120.90

I also called emailed Frontier and they said they are not redirecting to hugedomains. I also tried different browsers thinking it could be an addon. No magic there.

Thanks for the heads up on dig and drill.

Derelict · Mar 21, 2016, 5:40 AM

That does me no good without knowing where you're doing that lookup from. I can assume it's from the pfSense command line.

Impossible to test anything without knowing what mydomain.com is.

pnwbob · Mar 21, 2016, 5:52 AM

I think you hit the nail on the head. I had created a fake domain name for my pfSense server to live in. It is "pnwhome.com". Turns out hugedomains.com must own the domain name :-[. Not sure what fake domain I should use so that I don't have this issue. I guess I could just claim a real domain like "hugedomains.com" but there is probably a better way to deal with this.

Thanks again for your help.

pnwbob · Mar 21, 2016, 6:09 AM

Well I tried a lot of weird domain names and if I get a NXDOMAIN response in nslookup I get rerouted to hugedomains.com. I guess there isn't an easy way for me to win this. Heading to bed to sleep on it :-)

Derelict · Mar 21, 2016, 6:40 AM

What you are seeing is:

You configured your pfSense to have domain pnwhome.com that you don't control.
When you do not ask the resolver to resolve a FQDN and just give it a host name, it appends pnwhome.com and tries to resolve it.
The pnwhome.com DNS servers are configured to return the IP address you're getting if no record exists instead of NXDOMAIN.

Just set your domain back to .local like it came out of the box.

pnwbob · Mar 21, 2016, 7:08 AM

Done and done!

Thanks for holding my hand through this :)

johnpoz · Mar 21, 2016, 11:31 AM

So you setup your local domain to be a valid domain that you do not own or control dns of, and then wonder why when you do not fqdn lookups you get redirected??

;; QUESTION SECTION:
;pnwhome.com. IN NS

;; ANSWER SECTION:
pnwhome.com. 10800 IN NS ns1.namebrightdns.com.
pnwhome.com. 10800 IN NS ns2.namebrightdns.com

They have a redirect/wildcard setup

;; QUESTION SECTION:
;lsjdflsjfljslfjsdlfd.pnwhome.com. IN A

;; ANSWER SECTION:
lsjdflsjfljslfjsdlfd.pnwhome.com. 10800 IN CNAME hdredirect-lb-399551664.us-east-1.elb.amazonaws.com.
hdredirect-lb-399551664.us-east-1.elb.amazonaws.com. 60 IN A 52.21.180.233
hdredirect-lb-399551664.us-east-1.elb.amazonaws.com. 60 IN A 52.3.120.90

;; AUTHORITY SECTION:
us-east-1.elb.amazonaws.com. 846 IN NS ns-1119.awsdns-11.org.
us-east-1.elb.amazonaws.com. 846 IN NS ns-1793.awsdns-32.co.uk.
us-east-1.elb.amazonaws.com. 846 IN NS ns-235.awsdns-29.com.
us-east-1.elb.amazonaws.com. 846 IN NS ns-934.awsdns-52.net.

Funny ;)