nanog mailing list archives

Re: DNS hijack?

From: Jeff Shultz <jeffshultz () sctcweb com>
Date: Fri, 12 Nov 2021 08:33:14 -0800

On Fri, Nov 12, 2021 at 7:07 AM Matthew Petach <mpetach () netflight com>
wrote:


I suspect it's more a case of

domain foo.com provides DNS service for several other domains,
including bar.com.

bar.com is fully paid up.

foo.com doesn't get paid up on time; expires, but is quickly
re-claimed and paid up again.

queries for bar.com suddenly show up as "this domain is
available" due to foo.com (which provides DNS for bar.com)
having briefly gone into the expired state.  Users of bar.com
are (rightly) confused, as bar.com was never in a jeopardy
state.

We'll see if Jeff confirms my suspicion of what happened
in this case.   ^_^;

Matt


That's exactly what happened, exacerbated by foo.com's domain registration
being held in the account of a now retired employee, so we got no
notifications on it (his email was... somewhat personalized over 20+ years
of managing it).

I still think that this is not the correct way for NetSol to handle this
situation, particularly since the pages they put up look like phishbait
designed by Austin Powers.

-- 
Jeff Shultz

-- 
Like us on Social Media for News, Promotions, and other information!!

   
<https://www.facebook.com/SCTCWEB/>      
<https://www.instagram.com/sctc_sctc/>      
<https://www.yelp.com/biz/sctc-stayton-3>      
<https://www.youtube.com/c/sctcvideos>













_**** This message 
contains confidential information and is intended only for the individual 
named. If you are not the named addressee you should not disseminate, 
distribute or copy this e-mail. Please notify the sender immediately by 
e-mail if you have received this e-mail by mistake and delete this e-mail 
from your system. E-mail transmission cannot be guaranteed to be secure or 
error-free as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses. The sender therefore does 
not accept liability for any errors or omissions in the contents of this 
message, which arise as a result of e-mail transmission. ****_

Current thread:

DNS hijack? Jeff Shultz (Nov 11)
- Re: DNS hijack? Jeff Shultz (Nov 11)
  - Re: DNS hijack? Stephane Bortzmeyer (Nov 12)
- Re: DNS hijack? Stephane Bortzmeyer (Nov 11)
  - Re: DNS hijack? Jeff Shultz (Nov 11)
    - Re: DNS hijack? William Herrin (Nov 12)
    - Re: DNS hijack? Matthew Petach (Nov 12)
    - Re: DNS hijack? Jeff Shultz (Nov 12)
    - Re: DNS hijack? Robert L Mathews (Nov 12)
    - Re: DNS hijack? Jim (Nov 13)
- Re: DNS hijack? Richard (Nov 12)
  - Re: DNS hijack? Stephane Bortzmeyer (Nov 12)
    - Re: DNS hijack? Jeff Shultz (Nov 12)
    - Re: DNS hijack? Jim (Nov 12)
    - Re: DNS hijack? Rubens Kuhl (Nov 12)
    - Re: DNS hijack? William Herrin (Nov 12)
    - Re: DNS hijack? Stephane Bortzmeyer (Nov 13)
    - Re: DNS hijack? Nick Hilliard (Nov 13)