[dns-operations] Strange goings on with two domains
Laurent Frigault
lolo at troll.free.org
Thu Oct 18 21:52:03 UTC 2012
On Thu, Oct 18, 2012 at 05:19:28PM -0400, Bill Owens wrote:
> The symptom is simple: neither domain, duckworksbbs.com and
> duckworksmagazine.com, will resolve, because the com servers have
> bogus NS records for them:
>
> [cookiemonster:~] owens% dig duckworksmagazine.com @a.gtld-servers.net ns
>
> ; <<>> DiG 9.8.3-P2 <<>> duckworksmagazine.com @a.gtld-servers.net ns
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26991
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;duckworksmagazine.com. IN NS
>
> ;; AUTHORITY SECTION:
> duckworksmagazine.com. 172800 IN NS doesnotexistwebterminator2.crystaltech.com.hu.
> duckworksmagazine.com. 172800 IN NS doesnotexistwebterminator1.crystaltech.com.hu.
>
> ;; Query time: 18 msec
> ;; SERVER: 2001:503:a83e::2:30#53(2001:503:a83e::2:30)
> ;; WHEN: Thu Oct 18 17:09:28 2012
> ;; MSG SIZE rcvd: 139
>
> Not only do those hostnames not exist (as one would expect), that domain isn't registered in hu.
>
> Here's the odd part. These changes have taken place without the
> permission of the domain owner, who I've contacted by email (he has a
> Gmail account, thankfully!) They seem to have happened a few hours
> ago; he told me that he has "been watching the sites go up and down
> all day." I confirmed that the web servers themselves are fine; this
> seems to be strictly a DNS issue. And WHOIS still shows the correct
> servers for both domains:
No :
COM/NET whois outpout has 2 part. the registry part first and then the
registrar part:
% whois duckworksmagazine.com
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: DUCKWORKSMAGAZINE.COM
Registrar: NETWORK SOLUTIONS, LLC.
Whois Server: whois.networksolutions.com
Referral URL: http://www.networksolutions.com/en_US/
Name Server: DOESNOTEXISTWEBTERMINATOR1.CRYSTALTECH.COM.HU
Name Server: DOESNOTEXISTWEBTERMINATOR2.CRYSTALTECH.COM.HU
Status: clientTransferProhibited
Updated Date: 05-oct-2010
Creation Date: 18-nov-1999
Expiration Date: 18-nov-2019
>>> Last update of whois database: Thu, 18 Oct 2012 21:35:15 UTC <<<
....
then the registrar part from whois.networksolutions.com
> Registrant:
> Leinweber, Chuck
> Duckworks
> 608 Gammenthaler
> Harper, TX 78631
> US
>
> Domain Name: DUCKWORKSMAGAZINE.COM
>
> ------------------------------------------------------------------------
> Promote your business to millions of viewers for only $1 a month
> Learn how you can get an Enhanced Business Listing here for your domain name.
> Learn more at http://www.NetworkSolutions.com/
> ------------------------------------------------------------------------
>
> Administrative Contact, Technical Contact:
> Leinweber, Chuck chuck at duckworksmagazine.com
> Duckworks
> 608 Gammenthaler
> Harper, TX 78631
> US
> 830-864-4562 fax: 830-864-4197
>
>
> Record expires on 18-Nov-2019.
> Record created on 18-Nov-1999.
> Database last updated on 18-Oct-2012 16:42:26 EDT.
>
> Domain servers in listed order:
>
> WEBTERMINATOR1.CRYSTALTECH.COM
> WEBTERMINATOR2.CRYSTALTECH.COM
>
> So the question is, how did someone manage to change the servers in
> the com zone, without changing the WHOIS records, and without
> permission from the admin/technical contact?
>
Looks like the hosts WEBTERMINATOR1.CRYSTALTECH.COM /
WEBTERMINATOR2.CRYSTALTECH.COM have been renamed, by the registrar of the
domain CRYSTALTECH.COM for some reason (expiration ? error ?)
After that it must have re-create thoses hosts instead of renaming them
back.
The owner of DUCKWORKSMAGAZINE.COM should change its DNS via its
registrar (networksolutions) interface to resynchronize at registry level.
Regards,
--
Laurent Frigault | Free.org - BookMyName
More information about the dns-operations
mailing list