Dec 10, '03 09:48:00AM • Contributed by: clownburner
Sometimes, when trying to get to a web site, I'd get redirected to a strange location. I thought perhaps I was getting hijacked or something. After spending some time analysing the problem with Ethereal, I came to the conclusion that Panther does strange things with DNS resolution. This didn't happen before in Jaguar, so I'm pretty sure it's a Panther thing. Since I spent a few hours banging my head on the wall before figuring it out, I thought I'd share with everyone and save you the frustration.
Like many companies, my company uses a different domain name for DHCP to help local users find servers that aren't available outside the firewall. We use 'company.org' for this purpose, where the real domain name is 'company.net'. If Panther fails a DNS lookup, it tries appending the default domain name to the end of the request. So, if I mistyped "foo.com" as "fooo.com," it would fail and then look up "fooo.com.company.org" -- this is pretty standard behaviour.
But then Panther does something strange - it tries appending just the top-level domain for the lookup -- it looks up 'fooo.com.org,' and since 'com.org' goes to a company that does web domain stuff, it looked like a hijacking.
If it was just mistyped domains, that would be no big deal. However, this also happens if your DNS server just happens to drop the ball on something like 'mail.yahoo.com' for example -- and once it happens, OS X caches it for quite a while. I couldn't figure how to turn this behavior off. Doing sudo killall lookupd will reset the cache though, which should fix it if the DNS server is working again.
I spent quite a while hunting this down, so I thought it might help someone.