[dns-operations] The strange case of fox.com

Wed Mar 2 00:29:01 UTC 2016

On 3/1/16 3:24 PM, Dave Warren wrote:
> On 2016-03-01 12:37, Robert Edmonds wrote:
>> Mark Andrews wrote:
>>> And if the same notice went out with "you have 28 days to correct
>>> this or the delegation will be removed from the com zone" and this
>>> was just followed through what would the effect be?  There are no
>>> checks as balances in the system.  Sometimes you need to break the
>>> zone completely to get the zone fixed.
>> Sounds like a great phishing campaign. "You have 28 days to correct this
>> or your domain name will be removed. Click here to login and fix it."
>
> ICANN already forces this issue with the mandatory WHOIS verification 
> emails, complete with disabling your domain if they bounce and nothing 
> is done about it.
>
That's a positive step, but it certainly doesn't guarantee that the 
WHOIS contact knows anything about the DNS, or will respond to emails.

I've been reading this thread with some interest, as this used to be a 
small but significant portion of my previous job at a cable company.  
Mostly small domains, however.

Typically, we'd get a NOC ticket from somebody like Joe the Plumber 
about their domain joesplumbing.com being intermittently resolvable on 
our name servers.  I would investigate and then respond with a 
multi-paragraph email about how their domain was messed up and exactly 
how to fix it.  Sometimes the domain would be fixed and sometimes not.

Occasionally, the ticket would be about a higher traffic domain and not 
instigated by the domain owner (or responsible party).  Those were more 
difficult.  The most difficult time I ever had was with capitalone.com 
being intermittently resolvable.  This was because the name servers for 
capitalone.com were in a subdomain of capitalone.com, 
(wpex.capitalone.com, if I remember correctly), then the name servers 
themselves had no A records.  I sent emails to every whois contact for 
the domain, as well as hostmaster, postmaster, 
root at every.name.server.they.had, etc. and no response. I went so far as 
to call physical phone numbers and was told that their DNS hosting was 
outsourced (no idea if that was accurate).  I finally "fixed" it 
(stopped the complaining) by making all my recursive name servers 
authoritative for one of their name servers names, so at least we would 
have an IP as a sort of glue record to follow.

Roughly a year and a half after this incident, I saw a job posting for a 
DNS expert at Capital One.  I was able to remove the authoritative 
record from my customer resolvers shortly afterwards.

I noticed that there was a huge upswing of these complaints after March 
10, 2010, after Verisign made the change to glue no longer being 
promoted to authoritative 
(https://www.verisign.com/en_US/innovation/dnssec/dns-behavior-changes/index.xhtml). 
I never really saw them before, but saw them all the time afterwards.

Rich