nanog mailing list archives
Re: DNS hijack?
From: Matthew Petach <mpetach () netflight com>
Date: Fri, 12 Nov 2021 07:07:00 -0800
On Fri, Nov 12, 2021 at 5:55 AM William Herrin <bill () herrin us> wrote:
On Thu, Nov 11, 2021 at 6:36 PM Jeff Shultz <jeffshultz () sctcweb com> wrote:Yeah, apparently when a domain expires, a lot of DNS queries to domainsin that domain's DNS server... get redirected to a Network Solutions "this is expired" website at that IP.Even though those domains are perfectly legit and paid up. Or so it wasexplained to me and how it appeared. Hi Jeff, Do you mean that there's a delay between when you're recorded as having paid up and when everything is correct throughout the DNS system? Yes, there is. Your domain expired, you corrected the problem, but then there was an unexpected (by you) delay before the interloping name resolution was gone? If you meant something else, I'd like to hear a better description of the problem. If not... well of course: that's how the DNS works. There's propagation delay imposed by TTLs and refresh intervals before old data is discarded. There are a handful of scenarios (e.g. old-school browser pinning) where stale data can persist for months. Don't let the domain expire before you renew it. Really don't.
I suspect it's more a case of domain foo.com provides DNS service for several other domains, including bar.com. bar.com is fully paid up. foo.com doesn't get paid up on time; expires, but is quickly re-claimed and paid up again. queries for bar.com suddenly show up as "this domain is available" due to foo.com (which provides DNS for bar.com) having briefly gone into the expired state. Users of bar.com are (rightly) confused, as bar.com was never in a jeopardy state. We'll see if Jeff confirms my suspicion of what happened in this case. ^_^; Matt
Current thread:
- DNS hijack? Jeff Shultz (Nov 11)
- Re: DNS hijack? Jeff Shultz (Nov 11)
- Re: DNS hijack? Stephane Bortzmeyer (Nov 12)
- Re: DNS hijack? Stephane Bortzmeyer (Nov 11)
- Re: DNS hijack? Jeff Shultz (Nov 11)
- Re: DNS hijack? William Herrin (Nov 12)
- Re: DNS hijack? Matthew Petach (Nov 12)
- Re: DNS hijack? Jeff Shultz (Nov 12)
- Re: DNS hijack? Robert L Mathews (Nov 12)
- Re: DNS hijack? Jim (Nov 13)
- Re: DNS hijack? Jeff Shultz (Nov 11)
- Re: DNS hijack? Jeff Shultz (Nov 11)
- Re: DNS hijack? Stephane Bortzmeyer (Nov 12)
- Re: DNS hijack? Jeff Shultz (Nov 12)
- Re: DNS hijack? Jim (Nov 12)
- Re: DNS hijack? Rubens Kuhl (Nov 12)
- Re: DNS hijack? William Herrin (Nov 12)
- Re: DNS hijack? Stephane Bortzmeyer (Nov 13)