NSI/VeriSign propogating incorrect DNS glue records
Does anyone know any way to contact NSI and get them to remove or correct bogus glue records (host entries)? Not the phone number on their website for international callers - they're completely _not_ helpful. Very polite, just no help. Their automated systems send confirmation requests to the wrong addresses (the legacy contact address on the *-HST record rather than the new contact address on the domain, despite the claims on their help pages). As NSI are poisoning the DNS with incorrect and extraneous glue records, all domains with the DNS servers in question are broken, despite the domain which contains the DNS servers being already redelegated and having correct updated entries for those hostnames in it. I've called NSI twice but they just seem to make up random stories and tell me things I've done before aren't possible (pointing two registered nameserver names at one IP for example... we have a number pointing at one IP already, which they eventually verified). And sitting on hold to the USA is frustrating, too. Emailing them resulted in an automated response promising an answer within 24 hours. 36 hours ago. Can another registrar even do anything? Since NSI have the domain and host record, it doesn't seem likely. And this is really urgent for me since the bogus/old IPs being propogated by NSI are to be derouted in less than 48 hours, so even if they do fix it there's still outage time for the domains due to the 48 hour TTL. It's just completely screwed up that they can't even verify and expedite the request in any way and just make up excuses like "our mail server is playing up" and "email tends to take 24-48 hours to get through". I don't have a problem getting email from/to anyone else on the internet in less than a minute... David.
Move the domains elsewhere (e.g., if NS1.EXAMPLE.COM is bogus, move EXAMPLE.COM elsewhere). Once you do that, NSI isn't in charge of *.EXAMPLE.COM glue records any more, and you can have your new registrar correct them - in most cases, quite quickly and easily. It may not solve your "last-minute" issue, but the reality is that convincing NSI to behave responsibly should be the next Olympic sport. D
Can another registrar even do anything? Since NSI have the domain and host record, it doesn't seem likely. And this is really urgent for me since the bogus/old IPs being propogated by NSI are to be derouted in less than 48 hours, so even if they do fix it there's still outage time for the domains due to the 48 hour TTL. It's just completely screwed up that they can't even verify and expedite the request in any way and just make up excuses like "our mail server is playing up" and "email tends to take 24-48 hours to get through". I don't have a problem getting email from/to anyone else on the internet in less than a minute...
-- +---------------------+-----------------------------------------+ | dredd@megacity.org | "Thou art the ruins of the noblest man | | Derek J. Balling | That ever lived in the tide of times. | | | Woe to the hand that shed this costly | | | blood" - Julius Caesar Act 3, Scene 1 | +---------------------+-----------------------------------------+
On 02/16/02, Derek Balling <dredd@megacity.org> wrote:
Move the domains elsewhere (e.g., if NS1.EXAMPLE.COM is bogus, move EXAMPLE.COM elsewhere). Once you do that, NSI isn't in charge of *.EXAMPLE.COM glue records any more, and you can have your new registrar correct them - in most cases, quite quickly and easily.
Unfortunately, if you have other domains registered with that same nameserver then NSI may hold onto the host record and not let go for MONTHS. That last announcement includes some hope, but I'm not holding my breath.
It may not solve your "last-minute" issue, but the reality is that convincing NSI to behave responsibly should be the next Olympic sport.
I hear they're getting better about brand-new customers, but all of us who've been using them since the benevolent public service days (remember those?) still get screwed. -- J.D. Falk "The kick defines the beat, <jdfalk@cybernothing.org> the bass defines the groove." -- Phil Lockwood
At 10:45 AM -0800 2/16/02, J.D. Falk wrote:
On 02/16/02, Derek Balling <dredd@megacity.org> wrote:
Move the domains elsewhere (e.g., if NS1.EXAMPLE.COM is bogus, move EXAMPLE.COM elsewhere). Once you do that, NSI isn't in charge of *.EXAMPLE.COM glue records any more, and you can have your new registrar correct them - in most cases, quite quickly and easily.
Unfortunately, if you have other domains registered with that same nameserver then NSI may hold onto the host record and not let go for MONTHS.
They can keep a host-record hanging around in their database 'til the end of time for all you care. The only registrar who can send EXAMPLE.COM glue-records up the chain is $NEW_REGISTRAR, and that's all that matters. I've got a host record hanging around in NSI's database for "NS1.MEGACITY.ORG" for about two or three years since I left NSI. It has an address that is about three years old, and the IP address only reflects "reality" because I think they got tired of me constantly bitching about it to them that it looked hokey when NSI-hosting domains[1] that USED ns1.megacity.org had the wrong IP address in their whois record (but that didn't matter because the glue still had the right data) D [1] friends' domains, not mine. I wouldn't touch NSI with a 3m cattle-prod. -- +---------------------+-----------------------------------------+ | dredd@megacity.org | "Thou art the ruins of the noblest man | | Derek J. Balling | That ever lived in the tide of times. | | | Woe to the hand that shed this costly | | | blood" - Julius Caesar Act 3, Scene 1 | +---------------------+-----------------------------------------+
participants (3)
-
David Luyer
-
Derek Balling
-
J.D. Falk