Airtel hijacking NXDOMAIN queries

Back in India after amazing APRICOT 2013 at Singapore. It was nice to stay in East Asia for a while and look around. 🙂

Anyways, issue for today – I have been using Airtel DNS servers from quite sometime since BSNL has crappy DNS while Google gives issues with Akamai while OpenDNS doesn’t has any node in India yet.  

Today I noticed a NXDOMAIN redirection for a non-working domain and later investigated. It seems like Airtel is hijacking on NXDOMAIN queries now.

anurag@laptop:~$ dig bbbaaa.ccc.aaa a

; <<>> DiG 9.8.1-P1 <<>> bbbaaa.ccc.aaa a
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33337
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;bbbaaa.ccc.aaa. IN A

;; ANSWER SECTION:
bbbaaa.ccc.aaa. 60 IN A 92.242.132.27

;; Query time: 140 msec
;; SERVER: 202.56.215.28#53(202.56.215.28)
;; WHEN: Sat Mar 2 17:00:49 2013
;; MSG SIZE rcvd: 48

Looking for  routing to that IP:

anurag@laptop:~$ awhois 92.242.132.27
AS | IP | BGP Prefix | CC | AS Name
45028 | 92.242.132.27 | 92.242.132.0/24 | GB | BAREFRUIT-AS Barefruit Ltd Autonomous System
anurag@laptop:~$

Never heard of that network before but that server seems to be doing redirection to airtelforum.com

anurag@laptop:~$ dig -x 92.242.134.8 +short
unallocated.barefruit.co.uk.
anurag@laptop:~$

anurag@laptop:~$ dig airtelforum.com. a +short
92.242.134.8
anurag@laptop:~$

Strange! I can understand if Airtel is really hijacking queries and redirecting but then why they are running airtelforum.com on a network outside in Europe? Whois result for the domain seems OK type. Strange again that they are not using DNS servers of Airtel itself but of Direct i (set as via reseller)

While the website seems having a perfact Airtel reddish design with their logo as well.

Anyways time to switch back to Google DNS servers. 🙂