Every few weeks I get an email (usually a very unpleasant one) or sometimes even a phone call from a Facebook user who believes that I am "hacking" their internet. They come to this conclusion after they end up on my site after entering www.facebook.com. Looking at my server logs, it seems like this happens to about 1 person per day from different IPs and service providers.
The HOST: header in their request does contain www.facebook.com as I can confirm from my server logs. At this point I believe the problem must lie in DNS. Somehow my IP ends up getting served for a www.facebook.com query. This must happen very infrequently otherwise I'd be seeing a lot more traffic from the problem. In fact, my site would be flattened if even a small fraction of Facebook users ended up there.
Any thoughts on the root cause of this? Anyone seen anything similar? At this point the only course of action I can think of is to create a special landing page for users requesting www.facebook.com from my server telling them to try again later.
You've already answered your own question. "the problem must lie in DNS". Assuming you have no control over anybody else's DNS there's really nothing you can do about it, unless of course those visits are from somewhere within the network you do have control over.
You Should report this to facebook, Since this is not your problem. It is the problem of DNS configs for Facebook.com domain, which is not under your administration.
Facebook must be dynamically generating dns records for load balancing, And your IP must fall near Facebook's subnet. You can change your IP if this is a problem to you.
There are two likely sources for this DNS misdirection:
Someone futzing with DNS packets (look up "Golden Shield Project")
Messed up "hosts" files on clients as a result of malware infection
I can't tell without more information, though. What client addresses are you seeing, for example? What's your IP address. If you can't share publicly, contact me offline. I'm a DNS researcher, not too hard to find - look for the ServerFault answers where I've mentioned particular RFCs I've written ;-)
if at all possible see if yhou csan get the folks complaining to tell you their dns server name. Maybe then you can track down the DNS servers causing the issue.
Search your domain over multiple search engines see what you get. Don't forget obscure ones.
I assume your domain might be linked to facebook on some search engine and when facebook is misspelled they are redirected to you. Is your domain similar with facebook's?
Ask next guy that calls you about: browser, toolbars and default search engine.
Ask them to do a malware scan.
Also, it would be interesting to find from when you are using that IP and if it's hosted by you or it is owned by an ISP.
There is also another possible explanation.
I used to have an ADSL router that occasionally would fail by corrupting the routing information for the internet address that I was spending a packet to at that particular point in time. It was not DNS level, as this problem appeared with IP addresses as well. Doing traceroutes on the IP addresses gave some very strange answers with the routes going to different places each time. This problem could be resolved by power cycling the ADSL router, and then remained fixed for a couple of months before repeating.
Solved it by buying a new ADSL router.