am i wrong or is there a problem (which is a dozen hours old)? roam.psg.com:/usr/home/randy> dig +norec @a.gtld-servers.net. orkut.com. ns ; <<>> DiG 9.3.0s20021217 <<>> +norec @a.gtld-servers.net. orkut.com. ns ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61385 ;; flags: qr; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2 ;; QUESTION SECTION: ;orkut.com. IN NS ;; ANSWER SECTION: orkut.com. 172800 IN NS ns11.worldnic.com. orkut.com. 172800 IN NS ns12.worldnic.com. ;; ADDITIONAL SECTION: ns11.worldnic.com. 172800 IN A 216.168.225.141 ns12.worldnic.com. 172800 IN A 216.168.225.142 ;; Query time: 101 msec ;; SERVER: 192.5.6.30#53(a.gtld-servers.net.) ;; WHEN: Thu May 6 17:42:09 2004 ;; MSG SIZE rcvd: 106 roam.psg.com:/usr/home/randy> dig +norec @ns11.worldnic.com. orkut.com. ns ; <<>> DiG 9.3.0s20021217 <<>> +norec @ns11.worldnic.com. orkut.com. ns ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36354 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0 ;; QUESTION SECTION: ;orkut.com. IN NS ;; AUTHORITY SECTION: . 3600000 IN NS M.ROOT-SERVERS.NET. . 3600000 IN NS A.ROOT-SERVERS.NET. . 3600000 IN NS B.ROOT-SERVERS.NET. . 3600000 IN NS C.ROOT-SERVERS.NET. . 3600000 IN NS D.ROOT-SERVERS.NET. . 3600000 IN NS E.ROOT-SERVERS.NET. . 3600000 IN NS F.ROOT-SERVERS.NET. . 3600000 IN NS G.ROOT-SERVERS.NET. . 3600000 IN NS H.ROOT-SERVERS.NET. . 3600000 IN NS I.ROOT-SERVERS.NET. . 3600000 IN NS J.ROOT-SERVERS.NET. . 3600000 IN NS K.ROOT-SERVERS.NET. . 3600000 IN NS L.ROOT-SERVERS.NET. ;; Query time: 91 msec ;; SERVER: 216.168.225.141#53(ns11.worldnic.com.) ;; WHEN: Thu May 6 17:42:26 2004 ;; MSG SIZE rcvd: 238 roam.psg.com:/usr/home/randy> dig +norec @ns12.worldnic.com. orkut.com. ns ; <<>> DiG 9.3.0s20021217 <<>> +norec @ns12.worldnic.com. orkut.com. ns ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38052 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0 ;; QUESTION SECTION: ;orkut.com. IN NS ;; AUTHORITY SECTION: . 3600000 IN NS F.ROOT-SERVERS.NET. . 3600000 IN NS G.ROOT-SERVERS.NET. . 3600000 IN NS H.ROOT-SERVERS.NET. . 3600000 IN NS I.ROOT-SERVERS.NET. . 3600000 IN NS J.ROOT-SERVERS.NET. . 3600000 IN NS K.ROOT-SERVERS.NET. . 3600000 IN NS L.ROOT-SERVERS.NET. . 3600000 IN NS M.ROOT-SERVERS.NET. . 3600000 IN NS A.ROOT-SERVERS.NET. . 3600000 IN NS B.ROOT-SERVERS.NET. . 3600000 IN NS C.ROOT-SERVERS.NET. . 3600000 IN NS D.ROOT-SERVERS.NET. . 3600000 IN NS E.ROOT-SERVERS.NET. ;; Query time: 91 msec ;; SERVER: 216.168.225.142#53(ns12.worldnic.com.) ;; WHEN: Thu May 6 17:43:03 2004 ;; MSG SIZE rcvd: 238 and Domain Name: ORKUT.COM Registrar: EMARKMONITOR INC. DBA MARKMONITOR Whois Server: whois.markmonitor.com Referral URL: http://www.markmonitor.com Name Server: NS11.WORLDNIC.COM Name Server: NS12.WORLDNIC.COM Status: ACTIVE Updated Date: 05-may-2004 <<<=== Creation Date: 08-dec-2002 Expiration Date: 08-dec-2007 hmmm randy
for those who want to lose their (insert relevant time zone) meal, try to get useful data from whois for orkut.com randy
i smell a hijack. the correct data are on google's servers. roam.psg.com:/usr/home/randy> dig @ns1.google.com. orkut.com. ns ; <<>> DiG 9.3.0s20021217 <<>> @ns1.google.com. orkut.com. ns ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30597 ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4 ;; QUESTION SECTION: ;orkut.com. IN NS ;; ANSWER SECTION: orkut.com. 3600 IN NS ns2.google.com. orkut.com. 3600 IN NS ns3.google.com. orkut.com. 3600 IN NS ns4.google.com. orkut.com. 3600 IN NS ns1.google.com. ;; ADDITIONAL SECTION: ns2.google.com. 345600 IN A 216.239.34.10 ns3.google.com. 345600 IN A 216.239.36.10 ns4.google.com. 345600 IN A 216.239.38.10 ns1.google.com. 345600 IN A 216.239.32.10 ;; Query time: 177 msec ;; SERVER: 216.239.32.10#53(ns1.google.com.) ;; WHEN: Thu May 6 18:28:18 2004 ;; MSG SIZE rcvd: 170
Today at 18:29 (+0200), Randy Bush wrote:
Date: Thu, 6 May 2004 18:29:27 +0200 From: Randy Bush <randy@psg.com> To: nanog@nanog.org Subject: Re: orkut dns?
i smell a hijack. the correct data are on google's servers.
Ah Hah... I'll bet friendster's behind it then. ;-) - Christopher ======================
roam.psg.com:/usr/home/randy> dig @ns1.google.com. orkut.com. ns
; <<>> DiG 9.3.0s20021217 <<>> @ns1.google.com. orkut.com. ns ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30597 ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4
;; QUESTION SECTION: ;orkut.com. IN NS
;; ANSWER SECTION: orkut.com. 3600 IN NS ns2.google.com. orkut.com. 3600 IN NS ns3.google.com. orkut.com. 3600 IN NS ns4.google.com. orkut.com. 3600 IN NS ns1.google.com.
;; ADDITIONAL SECTION: ns2.google.com. 345600 IN A 216.239.34.10 ns3.google.com. 345600 IN A 216.239.36.10 ns4.google.com. 345600 IN A 216.239.38.10 ns1.google.com. 345600 IN A 216.239.32.10
;; Query time: 177 msec ;; SERVER: 216.239.32.10#53(ns1.google.com.) ;; WHEN: Thu May 6 18:28:18 2004 ;; MSG SIZE rcvd: 170
i smell a hijack. the correct data are on google's servers.
... or a transfer that the registry didn't handle so well. % whois -h whois.markmonitor.com orkut.com shows data consistent with the display below. The ?.gtld-servers.net servers are apparently still pointing to nameservers of the former registrar.
roam.psg.com:/usr/home/randy> dig @ns1.google.com. orkut.com. ns
; <<>> DiG 9.3.0s20021217 <<>> @ns1.google.com. orkut.com. ns ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30597 ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4
;; QUESTION SECTION: ;orkut.com. IN NS
;; ANSWER SECTION: orkut.com. 3600 IN NS ns2.google.com. orkut.com. 3600 IN NS ns3.google.com. orkut.com. 3600 IN NS ns4.google.com. orkut.com. 3600 IN NS ns1.google.com.
;; ADDITIONAL SECTION: ns2.google.com. 345600 IN A 216.239.34.10 ns3.google.com. 345600 IN A 216.239.36.10 ns4.google.com. 345600 IN A 216.239.38.10 ns1.google.com. 345600 IN A 216.239.32.10
;; Query time: 177 msec ;; SERVER: 216.239.32.10#53(ns1.google.com.) ;; WHEN: Thu May 6 18:28:18 2004 ;; MSG SIZE rcvd: 170
On Thu, 06 May 2004, Stephen Stuart wrote:
i smell a hijack. the correct data are on google's servers.
... or a transfer that the registry didn't handle so well.
...or an issue with the zone's former authoritative name servers. The registry acts as directed by the registrars and taking the proper steps to keep the zone on the air throughout a transfer is ultimately the responsibility of the domain owner. In many cases this is a non-issue because the transfer happens without any change to the domain's (zone's, really) authoritative name servers. In this case, a change to the name servers followed on the heels of the transfer. The domain orkut.com was indeed transferred from one registrar to another. About 20 hours elapsed between when the transfer happened (i.e., control of the domain changed from one registrar to another) and when the new registrar changed the authoritative name servers (i.e., directed us to put a new orkut.com NS RRset in the com zone). Randy's message from 6 May at 11:44 EDT containing dig output is the closest thing we have to a time machine to understand what happened DNS-wise. Those queries were made during the 20-hour window when the domain was under control of the new registrar but when the name servers had not yet been changed. For reasons unknown, the former name servers were no longer authoritative for orkut.com (according to Randy's dig output). The registry has no connection with provisioning of authoritative name service for orkut.com. Matt -- Matt Larson <mlarson@verisign.com> VeriSign Naming and Directory Services
participants (4)
-
Christopher Chin -
Matt Larson -
Randy Bush -
Stephen Stuart