[dns-operations] The strange case of fox.com
Mark Andrews
marka at isc.org
Wed Mar 2 01:07:24 UTC 2016
In message <56D633CD.8090308 at gronkulator.com>, Rich Goodson writes:
> On 3/1/16 3:24 PM, Dave Warren wrote:
> > On 2016-03-01 12:37, Robert Edmonds wrote:
> >> Mark Andrews wrote:
> >>> And if the same notice went out with "you have 28 days to correct
> >>> this or the delegation will be removed from the com zone" and this
> >>> was just followed through what would the effect be? There are no
> >>> checks as balances in the system. Sometimes you need to break the
> >>> zone completely to get the zone fixed.
> >> Sounds like a great phishing campaign. "You have 28 days to correct this
> >> or your domain name will be removed. Click here to login and fix it."
> >
> > ICANN already forces this issue with the mandatory WHOIS verification
> > emails, complete with disabling your domain if they bounce and nothing
> > is done about it.
> >
> That's a positive step, but it certainly doesn't guarantee that the
> WHOIS contact knows anything about the DNS, or will respond to emails.
>
> I've been reading this thread with some interest, as this used to be a
> small but significant portion of my previous job at a cable company.
> Mostly small domains, however.
>
> Typically, we'd get a NOC ticket from somebody like Joe the Plumber
> about their domain joesplumbing.com being intermittently resolvable on
> our name servers. I would investigate and then respond with a
> multi-paragraph email about how their domain was messed up and exactly
> how to fix it. Sometimes the domain would be fixed and sometimes not.
Which is why you should have continued with the proceedures in RFC
1033 and requested excommunication. Sometimes that is the only way
to make a zone owner take notice. Just do your due dilligence first
and document the steps you have take to resolve the issue.
Escalation for failure to address operational issues should be the
norm. Everybody is paying the price for not escalating. Knowing
that you will be excommunicated, rather than it being a idle threat,
will cause behaviour to change.
> Occasionally, the ticket would be about a higher traffic domain and not
> instigated by the domain owner (or responsible party). Those were more
> difficult. The most difficult time I ever had was with capitalone.com
> being intermittently resolvable. This was because the name servers for
> capitalone.com were in a subdomain of capitalone.com,
> (wpex.capitalone.com, if I remember correctly), then the name servers
> themselves had no A records. I sent emails to every whois contact for
> the domain, as well as hostmaster, postmaster,
> root at every.name.server.they.had, etc. and no response. I went so far as
> to call physical phone numbers and was told that their DNS hosting was
> outsourced (no idea if that was accurate). I finally "fixed" it
> (stopped the complaining) by making all my recursive name servers
> authoritative for one of their name servers names, so at least we would
> have an IP as a sort of glue record to follow.
>
> Roughly a year and a half after this incident, I saw a job posting for a
> DNS expert at Capital One. I was able to remove the authoritative
> record from my customer resolvers shortly afterwards.
>
> I noticed that there was a huge upswing of these complaints after March
> 10, 2010, after Verisign made the change to glue no longer being
> promoted to authoritative
> (https://www.verisign.com/en_US/innovation/dnssec/dns-behavior-changes/index.
> xhtml).
> I never really saw them before, but saw them all the time afterwards.
>
> Rich
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list