[dns-operations] Strange goings on with two domains
Andrew Sullivan
ajs at anvilwalrusden.com
Thu Oct 18 21:57:31 UTC 2012
On Thu, Oct 18, 2012 at 05:19:28PM -0400, Bill Owens wrote:
>
> So the question is, how did someone manage to change the servers in
> the com zone, without changing the WHOIS records, and without
> permission from the admin/technical contact?
My bet is that this is a consequence of the sponsorship -- either the
registrar changed or the name was allowed to expire and then brought
back from the dead or both. Here's the whois data from
crystaltech.com:
Domain Name: CRYSTALTECH.COM
Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
Whois Server: whois.melbourneit.com
Referral URL: http://www.melbourneit.com
Name Server: WEBTERMINATOR1.CRYSTALTECH.COM
Name Server: WEBTERMINATOR2.CRYSTALTECH.COM
Status: ok
Updated Date: 18-oct-2012
Creation Date: 08-sep-1996
Expiration Date: 07-sep-2022
The domain was updated today, and 7 Sept is 42 days in the past, which
sounds suspiciously close to the 45 day auto-renew grace period.
When you delete names in EPP, you are not allowed to delete the name
if any subordinate host objects still exist. You cannot delete a host
object if there is something using that host object as a name server
(the host is linked). Since the current registrar of crystaltech.com
is not the same as that of duckworksmagazine.com, this might have been
the case earlier. In that case, presumably Melbourne IT renamed the
host objects that were dependent on crystaltech.com, in order to make
them "external" hosts and thereby to allow the deletion of
crystaltech.com. Certainly, this is a pattern of use I saw in the
.info and other related registries.
A
--
Andrew Sullivan
ajs at anvilwalrusden.com
More information about the dns-operations
mailing list