02 Mar

Airtel hijacking NXDOMAIN queries

Back in India after amazing APRICOT 2013 at Singapore. It was nice to stay in East Asia for a while and look around. 🙂

Anyways, issue for today – I have been using Airtel DNS servers from quite sometime since BSNL has crappy DNS while Google gives issues with Akamai while OpenDNS doesn’t has any node in India yet.  


Today I noticed a NXDOMAIN redirection for a non-working domain and later investigated. It seems like Airtel is hijacking on NXDOMAIN queries now.


 Airtel NXDOMAIN Hijack


anurag@laptop:~$ dig bbbaaa.ccc.aaa a

; <<>> DiG 9.8.1-P1 <<>> bbbaaa.ccc.aaa a
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33337
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;bbbaaa.ccc.aaa. IN A

bbbaaa.ccc.aaa. 60 IN A

;; Query time: 140 msec
;; WHEN: Sat Mar 2 17:00:49 2013
;; MSG SIZE rcvd: 48



Looking for  routing to that IP:

anurag@laptop:~$ awhois
AS | IP | BGP Prefix | CC | AS Name
45028 | | | GB | BAREFRUIT-AS Barefruit Ltd Autonomous System


Never heard of that network before but that server seems to be doing redirection to airtelforum.com

anurag@laptop:~$ dig -x +short

anurag@laptop:~$ dig airtelforum.com. a +short


Strange! I can understand if Airtel is really hijacking queries and redirecting but then why they are running airtelforum.com on a network outside in Europe? Whois result for the domain seems OK type. Strange again that they are not using DNS servers of Airtel itself but of Direct i (set as via reseller)

While the website seems having a perfact Airtel reddish design with their logo as well.


Anyways time to switch back to Google DNS servers. 🙂

2 thoughts on “Airtel hijacking NXDOMAIN queries

    • Google’s Public DNS does not replies to NXDOMAIN queries. So I am quite sure your DNS server is NOT changed yet. Make sure you have removed Airtel’s DNS servers and using ONLY and

      Also – you will likely notice quite degraded service if you use non-Airtel DNS resolver because of failure with CDN services.

Leave a Reply