nanog mailing list archives

Re: DNS hijack?

From: William Herrin <bill () herrin us>
Date: Fri, 12 Nov 2021 05:52:24 -0800

On Thu, Nov 11, 2021 at 6:36 PM Jeff Shultz <jeffshultz () sctcweb com> wrote:



Yeah, apparently when a domain expires, a lot of DNS queries to domains in that domain's DNS server... get redirected 
to a Network Solutions "this is expired" website at that IP.
Even though those domains are perfectly legit and paid up. Or so it was explained to me and how it appeared.


Hi Jeff,

Do you mean that there's a delay between when you're recorded as
having paid up and when everything is correct throughout the DNS
system? Yes, there is. Your domain expired, you corrected the problem,
but then there was an unexpected (by you) delay before the interloping
name resolution was gone?

If you meant something else, I'd like to hear a better description of
the problem. If not... well of course: that's how the DNS works.
There's propagation delay imposed by TTLs and refresh intervals before
old data is discarded. There are a handful of scenarios (e.g.
old-school browser pinning) where stale data can persist for months.
Don't let the domain expire before you renew it. Really don't.

Regards,
Bill Herrin



-- 
William Herrin
bill () herrin us
https://bill.herrin.us/

Current thread:

DNS hijack? Jeff Shultz (Nov 11)
- Re: DNS hijack? Jeff Shultz (Nov 11)
  - Re: DNS hijack? Stephane Bortzmeyer (Nov 12)
- Re: DNS hijack? Stephane Bortzmeyer (Nov 11)
  - Re: DNS hijack? Jeff Shultz (Nov 11)
    - Re: DNS hijack? William Herrin (Nov 12)
    - Re: DNS hijack? Matthew Petach (Nov 12)
    - Re: DNS hijack? Jeff Shultz (Nov 12)
    - Re: DNS hijack? Robert L Mathews (Nov 12)
    - Re: DNS hijack? Jim (Nov 13)
- Re: DNS hijack? Richard (Nov 12)
  - Re: DNS hijack? Stephane Bortzmeyer (Nov 12)
    - Re: DNS hijack? Jeff Shultz (Nov 12)
    - Re: DNS hijack? Jim (Nov 12)
    - Re: DNS hijack? Rubens Kuhl (Nov 12)
    - Re: DNS hijack? William Herrin (Nov 12)

(Thread continues...)