Re: Hostile Nameserver Takeover? HELP! - TCP-IP

This is a discussion on Re: Hostile Nameserver Takeover? HELP! - TCP-IP ; In article , Chris Buckley wrote: >I'm having this most annoying problem lately, and believe it may be someone >hostile to my interests trying to block my nameservers. Hoping someone >could point me in the right direction. > >To simplify ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Re: Hostile Nameserver Takeover? HELP!

  1. Re: Hostile Nameserver Takeover? HELP!

    In article <1UXTa.118216$Io.10084105@newsread2.prod.itd.earthl ink.net>,
    Chris Buckley wrote:

    >I'm having this most annoying problem lately, and believe it may be someone
    >hostile to my interests trying to block my nameservers. Hoping someone
    >could point me in the right direction.
    >
    >To simplify the problem, I will deal with two separate domains in my
    >examples.
    >
    >I have the server:
    >buckleytech.com (69.61.4.99)
    >which uses the nameservers ns7.nethostco.com and ns8.nethostco.com


    And, it looks to me from here as if something is rotten w/r/t
    netcohost.com.

    netcohost.com has some very-suspicious-looking domain registration
    information. The whois database insists it's registered through
    enom.com (a registrar who seems to have a poor reputation w/r/t
    spamming by their customers). All of the domain registration
    information at whois.enom.com is "NA", except for a line which says
    that the domain is registered through GoDaddy. The domain
    registration info at enom.com lists no nameservers.

    A "dig netcohost.com ns" indicates that the domain is receiving all of
    its nameservice through a batch of servers at "name-services.com".
    However, querying those nameservers to try to get a truly
    authoritative set of NS record entries for this domain seems to fail.

    >Is there something I can do to resolve this? Everybody is telling me that
    >its not their problem, or I'm not their customer. Its as if hostdime is
    >operating a 'hostile' nameserver takeover somewhere. I imagine that there
    >has to be a way to prevent this, or yahoo's would be pointing all the
    >requests for popular websites over to their own sites to steal the traffic.


    It looks to me as if there's something going on (a dispute, an attack,
    a takeover, or just mondo technical problems) affecting netcohost.com,
    and you are perhaps a "collateral damage" victim of this.

    I suggest that you change your domain's registration info, so that the
    root servers consider _only_ your own two nameservers to be
    authoritative for it. Eliminate the "netcohost.com" servers from your
    nameserver set entirely.

    If you decide you do need additional off-site nameservers, you'd
    probably want to consider looking elsewhere.

    --
    Dave Platt AE6EO
    Hosting the Jade Warrior home page: http://www.radagast.org/jade-warrior
    I do _not_ wish to receive unsolicited commercial email, and I will
    boycott any company which has the gall to send me such ads!

  2. Re: Hostile Nameserver Takeover? HELP!

    Well, I've contacted my registrar 3 times, each time they said "this should
    fix it" and 48 hours later, same
    problem exists.

    I'm using aplus.net (names4ever.com) as my registrar currently. Can anybody
    refer me to another registrar I can
    transfer this to that would know what they are doing?

    "Barry Margolin" wrote in message
    news:JWZTa.383$0z4.374@news.level3.com...
    > In article ,
    > Dave Platt wrote:
    > >In article <1UXTa.118216$Io.10084105@newsread2.prod.itd.earthl ink.net>,
    > >Chris Buckley wrote:
    > >
    > >>I'm having this most annoying problem lately, and believe it may be

    someone
    > >>hostile to my interests trying to block my nameservers. Hoping someone
    > >>could point me in the right direction.
    > >>
    > >>To simplify the problem, I will deal with two separate domains in my
    > >>examples.
    > >>
    > >>I have the server:
    > >>buckleytech.com (69.61.4.99)
    > >>which uses the nameservers ns7.nethostco.com and ns8.nethostco.com

    > >
    > >And, it looks to me from here as if something is rotten w/r/t
    > >netcohost.com.

    >
    > It's nethostco.com, not netcohost.com, and its DNS looks fine to me (but
    > you were right about all the N/A's in its WHOIS entry).
    >
    > The problem with ns1.buckleytech.com and ns2.buckleytech.com is that the
    > 216.67.251.xxx addresses are coming from glue records on the .COM servers.
    > Someone has registered these hostnames as servers with those addresses,

    and
    > the glue records are shadowing the records from the authoritative servers.
    >
    > Chris, are you sure these aren't just old addresses for your nameservers
    > when they were at a different location (the 216.67.251 addresses belong to
    > Pegasus Web Technologies -- did they ever host your servers)? If so, you
    > simply forgot to update the Host registrations when they moved. You need
    > to contact your domain registrar and correct them.
    >
    > --
    > Barry Margolin, barry.margolin@level3.com
    > Level(3), Woburn, MA
    > *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to

    newsgroups.
    > Please DON'T copy followups to me -- I'll assume it wasn't posted to the

    group.



+ Reply to Thread