Okay, so this is anecdotal, but since the domain belongs to me it's more than a little annoying. I got some calls that one of my domains, 2dpnr.org was going to a page that said it was Network Solutions and that my domain was available for renew or purchase. I hit my registrar, DirectNic, and found I'm good through 2023. They pulled up DNS checker and found that a bunch of DNS servers were showing 208.91.197.132 as the IP for the domain. It's actually in 64.130.197.x . I'm wondering if I was the only one? -- Jeff Shultz -- Like us on Social Media for News, Promotions, and other information!! <https://www.facebook.com/SCTCWEB/> <https://www.instagram.com/sctc_sctc/> <https://www.yelp.com/biz/sctc-stayton-3> <https://www.youtube.com/c/sctcvideos> _**** This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. ****_
Never mind, looks like an expired domain issue. Someone didn't remind someone else. On Thu, Nov 11, 2021 at 1:28 PM Jeff Shultz <jeffshultz@sctcweb.com> wrote:
-- Jeff Shultz -- Like us on Social Media for News, Promotions, and other information!! <https://www.facebook.com/SCTCWEB/> <https://www.instagram.com/sctc_sctc/> <https://www.yelp.com/biz/sctc-stayton-3> <https://www.youtube.com/c/sctcvideos> _**** This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. ****_
On Thu, Nov 11, 2021 at 01:36:58PM -0800, Jeff Shultz <jeffshultz@sctcweb.com> wrote a message of 122 lines which said:
Never mind, looks like an expired domain issue. Someone didn't remind someone else.
To avoid such a problem: * some registries allow for multi-year registration, * some registrars allow for multi-year registration, and/or automatic renewal, so you no longer have to think of it, * automatic entries in your agenda software is nice, too :-) * automatic monitoring of expiration (through whois or, better, RDAP, later is an example of a Nagios/Icinga/whatever plugin using RDAP). % /usr/local/lib/nagios/plugins/check_expire -H 2dpnr.org 2dpnr.org OK: expires in 497 days, 13:36:22.602780.
On Thu, Nov 11, 2021 at 01:28:07PM -0800, Jeff Shultz <jeffshultz@sctcweb.com> wrote a message of 105 lines which said:
No, you're not. Half of the RIPE Atlas probes see the wrong address: % blaeu-resolve -r 100 --type A 2dpnr.org [64.130.197.11] : 59 occurrences [208.91.197.132] : 41 occurrences Test #33310635 done at 2021-11-11T21:38:30Z
Yeah, apparently when a domain expires, a lot of DNS queries to domains in that domain's DNS server... get redirected to a Network Solutions "this is expired" website at that IP. Even though those domains are perfectly legit and paid up. Or so it was explained to me and how it appeared. Anything I could say about my opinion of that might be actionable, or at least inflammatory, so I'll stop now. The original problem has been corrected. On Thu, Nov 11, 2021 at 1:40 PM Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote:
-- Jeff Shultz -- Like us on Social Media for News, Promotions, and other information!! <https://www.facebook.com/SCTCWEB/> <https://www.instagram.com/sctc_sctc/> <https://www.yelp.com/biz/sctc-stayton-3> <https://www.youtube.com/c/sctcvideos> _**** This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. ****_
On Thu, Nov 11, 2021 at 6:36 PM Jeff Shultz <jeffshultz@sctcweb.com> wrote:
Yeah, apparently when a domain expires, a lot of DNS queries to domains in that domain's DNS server... get redirected to a Network Solutions "this is expired" website at that IP. Even though those domains are perfectly legit and paid up. Or so it was explained to me and how it appeared.
Hi Jeff, Do you mean that there's a delay between when you're recorded as having paid up and when everything is correct throughout the DNS system? Yes, there is. Your domain expired, you corrected the problem, but then there was an unexpected (by you) delay before the interloping name resolution was gone? If you meant something else, I'd like to hear a better description of the problem. If not... well of course: that's how the DNS works. There's propagation delay imposed by TTLs and refresh intervals before old data is discarded. There are a handful of scenarios (e.g. old-school browser pinning) where stale data can persist for months. Don't let the domain expire before you renew it. Really don't. Regards, Bill Herrin -- William Herrin bill@herrin.us https://bill.herrin.us/
On Fri, Nov 12, 2021 at 5:55 AM William Herrin <bill@herrin.us> wrote:
I suspect it's more a case of domain foo.com provides DNS service for several other domains, including bar.com. bar.com is fully paid up. foo.com doesn't get paid up on time; expires, but is quickly re-claimed and paid up again. queries for bar.com suddenly show up as "this domain is available" due to foo.com (which provides DNS for bar.com) having briefly gone into the expired state. Users of bar.com are (rightly) confused, as bar.com was never in a jeopardy state. We'll see if Jeff confirms my suspicion of what happened in this case. ^_^; Matt
On Fri, Nov 12, 2021 at 7:07 AM Matthew Petach <mpetach@netflight.com> wrote:
That's exactly what happened, exacerbated by foo.com's domain registration being held in the account of a now retired employee, so we got no notifications on it (his email was... somewhat personalized over 20+ years of managing it). I still think that this is not the correct way for NetSol to handle this situation, particularly since the pages they put up look like phishbait designed by Austin Powers. -- Jeff Shultz -- Like us on Social Media for News, Promotions, and other information!! <https://www.facebook.com/SCTCWEB/> <https://www.instagram.com/sctc_sctc/> <https://www.yelp.com/biz/sctc-stayton-3> <https://www.youtube.com/c/sctcvideos> _**** This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. ****_
On 11/12/21 8:33 AM, Jeff Shultz wrote:
I didn't see the page, but for what it's worth, this is governed by this ICANN policy: https://www.icann.org/resources/pages/errp-2013-02-28-en Particularly 2.2.4: "In interrupting the DNS resolution path of the registration, if the registrar directs web traffic to the domain name to a web page while the registration is still renewable by the RAE, that web page must conspicuously indicate that the domain name registration is expired and provide renewal instructions." If it didn't meet that requirement, you could complain to ICANN about it. (You're also more generally right that what Network Solutions is doing here is horrible. Decent registrars don't redirect traffic: they simply set the domain name to clientHold so that it doesn't appear in the DNS at all, because otherwise they're breaking your stuff -- and what's worse, breaking it in a way that may take some time to recover from even after you renew the domain name, due to DNS caching.) -- Robert L Mathews
On Fri, Nov 12, 2021 at 6:38 PM Robert L Mathews <lists@tigertech.com> wrote:
I didn't see the page, but for what it's worth, this is governed by this ICANN policy:> https://www.icann.org/resources/pages/errp-2013-02-28-en
It is common that registrars repoint nameservers and redirect web traffic when a domain's renewal has not been paid for (during 45-day grace period provided by the registry), probably more registrars do that than not. The issue here is not with the expired domain, thus not addressed by that ICANN policy... The ICANN policy addresses interrupting the resolution path and redirecting Web traffic for expiring domains; there's nothing about other services on those domains such as DNS when the expired domain has a backup nameserver host of a non-expired domain. In this case, interrupting the resolution path would be fine (In case the non-expired domain have other nameservers), But the redirection causes DNS instability and failures for domains that are not expired, even if those domains have other nameservers, and the non-expired domains get redirected to a web page falsely stating that they are expired. -- -JH
You have two nameservers listed: Domain Name: 2DPNR.ORG Name Server: GATEWAY.WVI.COM Name Server: VOYAGER.VISER.NET The second of these is returning the 208.nnn IPnumber for your a-record: dig @VOYAGER.VISER.NET 2dpnr.org 2dpnr.org. 300 IN A 208.91.197.132 The other one is returning the 64.nnn number. So, the issue is somewhere in your dns.
On Thu, Nov 11, 2021 at 09:44:04PM +0000, Richard <lists-nanog@listmail.innovate.net> wrote a message of 37 lines which said:
It depends on where you are (from my resolver, I get 64.130.197.11). This is because the name voyager.viser.net is not stable yet. Depending on your resolver, it points to 64.130.200.16 - which seems to give correct answers - or to 208.91.197.132 - which replies even for nonexisting domain names. Lesson: don't use a name as an argument to dig's @
On Fri, Nov 12, 2021 at 11:30 AM Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote:
I think 208.91.197.132 (Network Solution's domain bucket) needs to go in everyone's troubleshooting notebook as a sign there is an expired domain somewhere affecting whatever you have going wrong. -- Jeff Shultz -- Like us on Social Media for News, Promotions, and other information!! <https://www.facebook.com/SCTCWEB/> <https://www.instagram.com/sctc_sctc/> <https://www.yelp.com/biz/sctc-stayton-3> <https://www.youtube.com/c/sctcvideos> _**** This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. ****_
On Fri, Nov 12, 2021 at 1:29 PM Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote:
So yes, then.. A DNS Hijack by NetSol redirecting the hostname on an expired SLD related to one of the individual nameserver hosts to a faulty/non-compliant nameserver of NetSol's that then publishes bogus RRs for domains that registrar have no authority over. That means instead of the 1 nameserver failing; the entire domain breaks, even if there are multiple nameservers listed, and only 1 had been accidentally allowed to expire. DNSSEC would help here. NetSol's rogue nameserver wouldn't be able to produce the signed zone if validation were required. -- -JH
On Fri, Nov 12, 2021 at 3:09 PM Rubens Kuhl <rubensk@gmail.com> wrote:
DNSSEC would help DNS for the non-expired domain because the rogue server would not have the key. To my mind, though, Netsol's server should not be responding with authoritative answers to random domains that aren't assigned to it. That it does makes me think it's a good candidate for black-holing in the routing system. Regards, Bill Herrin -- William Herrin bill@herrin.us https://bill.herrin.us/
Stephane Bortzmeyer wrote on 13/11/2021 09:25:
To my mind, I simply don't understand why some people continue to use Network Solutions, with the track record they have.
indeed. one aspect of this is that it's unusually difficult to migrate away compared to other registrars. Only Primary Contact accounts can request an auth code - normal "admin" accounts can't, and there's no indication about how to work around this; they unnecessarily delay issuing the epp code for 5 days; there are several prominent options for renewing the domain (can't change your mind if you do this), and only one for transferring (lots of options to change your mind). During the transfer process, several emails are issued, all which lead back to renewal. When it's all completed, the only way to formally close an account is over the phone. Also, the exorbitant renewal pricing isn't available until you log in. And you will need to prepare for a shock if the domain expires (no notification to standard "admin" contacts either). I had this little gem from NetSol for an expired domain last year: https://i.imgur.com/Vtp7BX7.png I.e. $36 for reinstatement and $40 for 1y renewal. The other option was losing the domain entirely. There are plenty of other registrars which are completely super to deal with. Nick
participants (9)
-
Jeff Shultz
-
Jim
-
Matthew Petach
-
Nick Hilliard
-
Richard
-
Robert L Mathews
-
Rubens Kuhl
-
Stephane Bortzmeyer
-
William Herrin