(NSI) LAME-DELEGATION.ORG hijacking IP space ??
could someone explain this shorts# nslookup LAME2850.LAME-DELEGATION.ORG Server: ns1.chagres.net Address: 216.223.236.233 Aliases: 233.236.223.216.in-addr.arpa Non-authoritative answer: Name: LAME2850.LAME-DELEGATION.ORG Address: 1.1.1.1 or this shorts# nslookup LAME41178.LAME-DELEGATION.ORG Server: ns1.chagres.net Address: 216.223.236.233 Aliases: 233.236.223.216.in-addr.arpa Non-authoritative answer: Name: LAME41178.LAME-DELEGATION.ORG Address: 4.3.145.66 shorts# nslookup 4.3.145.66 Server: ns1.chagres.net Address: 216.223.236.233 Aliases: 233.236.223.216.in-addr.arpa Name: lsanca1-145-066.biz.dsl.gtei.net Address: 4.3.145.66 seems 4.3.146.66 is some DSL link in GTEI / BBN / Name today if NSI is going to use this as a way to deal with lame zones, fine, but how about using RFC 1918 space, or a public IP and a machine that returns NXDOMAIN..... instead of what looks like random IP allocations, some of which may cause pain for others... Hey, better yet, why not just learn how to DELETE host records from a zone ???
I commented on it once before on nanog actually... Basicly LAME-DELEGATION.ORG is domain Network Solutions is using to move old host records to. If they have a domain that is expiring and scheduled for deletion and it has host records in .com or .net zones (so called glue host records), then NSI would rename that host from somehost.experingdomain.com to lamexxxxx.lame-delegation.org Then they can delete the domain and at some point later they check if there are any domains in their .com/.net zones that use that host and if so they either keep that "lamexxxx.lame-delegation.org" or notify those domains and manually remove that extra host from the list of dns servers for each domain. Somewhere in the process the lamexxxx.lame-delegation.org I gather maybe changed from its previous ip to "1.1.1.1" and then probably deleted. To me using 1.1.1.1 seems inappropriate (this is not a special ip block to be used for such purpose and just reserved iana block which may be allocated, it may also creates unnecessory load on root servers, though in theory nobody is supposed to query that dns os use such host). While the above process is better then just deleting the domains and and letting their host records remain (which can then be controlled by whoever reregisters the domains), it only protects .com/.net domains and not domains in any "country-level" or .biz or .info domains which may very well use those deleted hosts as well. I also have to note that its only networksolutions that is using lame-delegation.org and number of other registrars have similar system but using different domains to move hosts to. Some dont do it at all and let the host remains even when domain is reregistered (giving control of the glue hosts to new domain owner). Also another note I have to make about which I wondered couple months back - while previously it was easy for NSI to rename host names like above since they controlled .com, .net, .org. now that they no longer control .org, this may not be the same (though I suspect it really does not matter, all they change is glue record in zone files as well as whois and they do not necessarily need to control .org for that). On Sat, 14 Jun 2003, John Brown wrote:
could someone explain this
shorts# nslookup LAME2850.LAME-DELEGATION.ORG Server: ns1.chagres.net Address: 216.223.236.233 Aliases: 233.236.223.216.in-addr.arpa
Non-authoritative answer: Name: LAME2850.LAME-DELEGATION.ORG Address: 1.1.1.1
or this
shorts# nslookup LAME41178.LAME-DELEGATION.ORG Server: ns1.chagres.net Address: 216.223.236.233 Aliases: 233.236.223.216.in-addr.arpa
Non-authoritative answer: Name: LAME41178.LAME-DELEGATION.ORG Address: 4.3.145.66
shorts# nslookup 4.3.145.66 Server: ns1.chagres.net Address: 216.223.236.233 Aliases: 233.236.223.216.in-addr.arpa
Name: lsanca1-145-066.biz.dsl.gtei.net Address: 4.3.145.66
seems 4.3.146.66 is some DSL link in GTEI / BBN / Name today
if NSI is going to use this as a way to deal with lame zones, fine, but how about using RFC 1918 space, or a public IP and a machine that returns NXDOMAIN.....
instead of what looks like random IP allocations, some of which may cause pain for others...
Hey, better yet, why not just learn how to DELETE host records from a zone ???
One more note - While this would be the third time I'v seen lamexxxx.lamedelegation.org with ip 1.1.1.1 I really do not know for sure if NSI is responsible or not. It may very well have been actual previous domain owner who has incorrectly registered host to such an address. I'd need to lookup zone file for .org (which is supposed to have a these lame-delegationglue hosts now) and I have not yet signed zone download agreement with PIR. On Sun, 15 Jun 2003 william@elan.net wrote:
I commented on it once before on nanog actually...
Basicly LAME-DELEGATION.ORG is domain Network Solutions is using to move old host records to. If they have a domain that is expiring and scheduled for deletion and it has host records in .com or .net zones (so called glue host records), then NSI would rename that host from somehost.experingdomain.com to lamexxxxx.lame-delegation.org
Then they can delete the domain and at some point later they check if there are any domains in their .com/.net zones that use that host and if so they either keep that "lamexxxx.lame-delegation.org" or notify those domains and manually remove that extra host from the list of dns servers for each domain. Somewhere in the process the lamexxxx.lame-delegation.org I gather maybe changed from its previous ip to "1.1.1.1" and then probably deleted. To me using 1.1.1.1 seems inappropriate (this is not a special ip block to be used for such purpose and just reserved iana block which may be allocated, it may also creates unnecessory load on root servers, though in theory nobody is supposed to query that dns os use such host).
While the above process is better then just deleting the domains and and letting their host records remain (which can then be controlled by whoever reregisters the domains), it only protects .com/.net domains and not domains in any "country-level" or .biz or .info domains which may very well use those deleted hosts as well. I also have to note that its only networksolutions that is using lame-delegation.org and number of other registrars have similar system but using different domains to move hosts to. Some dont do it at all and let the host remains even when domain is reregistered (giving control of the glue hosts to new domain owner).
Also another note I have to make about which I wondered couple months back - while previously it was easy for NSI to rename host names like above since they controlled .com, .net, .org. now that they no longer control .org, this may not be the same (though I suspect it really does not matter, all they change is glue record in zone files as well as whois and they do not necessarily need to control .org for that).
On Sat, 14 Jun 2003, John Brown wrote:
could someone explain this
shorts# nslookup LAME2850.LAME-DELEGATION.ORG Server: ns1.chagres.net Address: 216.223.236.233 Aliases: 233.236.223.216.in-addr.arpa
Non-authoritative answer: Name: LAME2850.LAME-DELEGATION.ORG Address: 1.1.1.1
or this
shorts# nslookup LAME41178.LAME-DELEGATION.ORG Server: ns1.chagres.net Address: 216.223.236.233 Aliases: 233.236.223.216.in-addr.arpa
Non-authoritative answer: Name: LAME41178.LAME-DELEGATION.ORG Address: 4.3.145.66
shorts# nslookup 4.3.145.66 Server: ns1.chagres.net Address: 216.223.236.233 Aliases: 233.236.223.216.in-addr.arpa
Name: lsanca1-145-066.biz.dsl.gtei.net Address: 4.3.145.66
seems 4.3.146.66 is some DSL link in GTEI / BBN / Name today
if NSI is going to use this as a way to deal with lame zones, fine, but how about using RFC 1918 space, or a public IP and a machine that returns NXDOMAIN.....
instead of what looks like random IP allocations, some of which may cause pain for others...
Hey, better yet, why not just learn how to DELETE host records from a zone ???
the issue is them using reserved IP space.. Also, as of today, there are 11553 glue records in the .ORG zone for lame delegation. Most have no more than 1 or 2 zones associated with a specific glue record. Seems like NSI is placing a LARGE amount of glue when not needed.
participants (2)
-
John Brown
-
william@elan.net