Re: Hostile Nameserver Takeover? HELP!
In article <1UXTa.118216$Io.10084105@newsread2.prod.itd.earthlink.net>,
Chris Buckley <cwbuckle@earthlink.net> wrote:
[color=blue]
>I'm having this most annoying problem lately, and believe it may be someone
>hostile to my interests trying to block my nameservers. Hoping someone
>could point me in the right direction.
>
>To simplify the problem, I will deal with two separate domains in my
>examples.
>
>I have the server:
>buckleytech.com (69.61.4.99)
>which uses the nameservers ns7.nethostco.com and ns8.nethostco.com[/color]
And, it looks to me from here as if something is rotten w/r/t
netcohost.com.
netcohost.com has some very-suspicious-looking domain registration
information. The whois database insists it's registered through
enom.com (a registrar who seems to have a poor reputation w/r/t
spamming by their customers). All of the domain registration
information at whois.enom.com is "NA", except for a line which says
that the domain is registered through GoDaddy. The domain
registration info at enom.com lists no nameservers.
A "dig netcohost.com ns" indicates that the domain is receiving all of
its nameservice through a batch of servers at "name-services.com".
However, querying those nameservers to try to get a truly
authoritative set of NS record entries for this domain seems to fail.
[color=blue]
>Is there something I can do to resolve this? Everybody is telling me that
>its not their problem, or I'm not their customer. Its as if hostdime is
>operating a 'hostile' nameserver takeover somewhere. I imagine that there
>has to be a way to prevent this, or yahoo's would be pointing all the
>requests for popular websites over to their own sites to steal the traffic.[/color]
It looks to me as if there's something going on (a dispute, an attack,
a takeover, or just mondo technical problems) affecting netcohost.com,
and you are perhaps a "collateral damage" victim of this.
I suggest that you change your domain's registration info, so that the
root servers consider _only_ your own two nameservers to be
authoritative for it. Eliminate the "netcohost.com" servers from your
nameserver set entirely.
If you decide you do need additional off-site nameservers, you'd
probably want to consider looking elsewhere.
--
Dave Platt <dplatt@radagast.org> AE6EO
Hosting the Jade Warrior home page: [url]http://www.radagast.org/jade-warrior[/url]
I do _not_ wish to receive unsolicited commercial email, and I will
boycott any company which has the gall to send me such ads!
Re: Hostile Nameserver Takeover? HELP!
Well, I've contacted my registrar 3 times, each time they said "this should
fix it" and 48 hours later, same
problem exists.
I'm using aplus.net (names4ever.com) as my registrar currently. Can anybody
refer me to another registrar I can
transfer this to that would know what they are doing?
"Barry Margolin" <barry.margolin@level3.com> wrote in message
news:JWZTa.383$0z4.374@news.level3.com...[color=blue]
> In article <vi0kslfkr9teb3@corp.supernews.com>,
> Dave Platt <dplatt@radagast.org> wrote:[color=green]
> >In article <1UXTa.118216$Io.10084105@newsread2.prod.itd.earthlink.net>,
> >Chris Buckley <cwbuckle@earthlink.net> wrote:
> >[color=darkred]
> >>I'm having this most annoying problem lately, and believe it may be[/color][/color][/color]
someone[color=blue][color=green][color=darkred]
> >>hostile to my interests trying to block my nameservers. Hoping someone
> >>could point me in the right direction.
> >>
> >>To simplify the problem, I will deal with two separate domains in my
> >>examples.
> >>
> >>I have the server:
> >>buckleytech.com (69.61.4.99)
> >>which uses the nameservers ns7.nethostco.com and ns8.nethostco.com[/color]
> >
> >And, it looks to me from here as if something is rotten w/r/t
> >netcohost.com.[/color]
>
> It's nethostco.com, not netcohost.com, and its DNS looks fine to me (but
> you were right about all the N/A's in its WHOIS entry).
>
> The problem with ns1.buckleytech.com and ns2.buckleytech.com is that the
> 216.67.251.xxx addresses are coming from glue records on the .COM servers.
> Someone has registered these hostnames as servers with those addresses,[/color]
and[color=blue]
> the glue records are shadowing the records from the authoritative servers.
>
> Chris, are you sure these aren't just old addresses for your nameservers
> when they were at a different location (the 216.67.251 addresses belong to
> Pegasus Web Technologies -- did they ever host your servers)? If so, you
> simply forgot to update the Host registrations when they moved. You need
> to contact your domain registrar and correct them.
>
> --
> Barry Margolin, [email]barry.margolin@level3.com[/email]
> Level(3), Woburn, MA
> *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to[/color]
newsgroups.[color=blue]
> Please DON'T copy followups to me -- I'll assume it wasn't posted to the[/color]
group.
