DNS Hijacking And NXDOMAIN

What is NXDOMAIN? How does nxdomain affects my browsing? Explains the relationship between NXDOMAIN and DNS Hijacking.

A DNS server is used to translate a domain name into an IP address or vise versa. For example, when you type dnsknowledge.com in your web browser, an authoritative dns server translate a domain name such as dnsknowledge.com into an IP address such as 67.228.49.226. However, if you try dnsknowledgefoobarexamplefackdomain.com, you will get an error indicating non existing domain name.

Non-existent Internet Domain Names Definition

NXDOMAIN is nothing but non-existent Internet or Intranet domain name. If domain name is unable to resolved using the DNS, a condition called the NXDOMAIN occurred. In this example, try to find out an ip address for the domain called abcquq12examfooltest.com using the nslookup or host command line option:
nslookup abcquq12examfooltest.com
OR
host abcquq12examfooltest.com
Sample outputs:

Host abcquq12examfooltest.com not found: 3(NXDOMAIN)

Since domain name is the invalid domain, you got a NXDOMAIN response i.e an error message indicating that domain is either not registered or invalid.

DNS Hijacking And NXDOMAIN

A few ISPs (example: Optimum Online, Comcast, Time Warner, Cox Communications, RCN, Rogers, Charter Communications, Verizon, Virgin Media, Frontier Communications, Bell Sympatico etc) and attacks started the bad practice of DNS hijacking on non-existent domain name for making money or collecting users personal data. These ISPs or attackers DNS server sends a fake IP address for all the NXDOMAIN responses. In most cases your browser will connect to a fake IP address server which will display page with advertising, instead of a proper error message to you. In some cases it is possible to obtain sensitive information too.