recovery in progress

Alexei Roudnev alex at
Mon Jan 17 06:44:58 UTC 2005

There is more sertious problem here.

I can image 2 kinds of transfer:
- (1) domain is transferred WITHOUT CHANGES to the new registrar. Notice -
WITHOUT CHANGES. New registrar
should not change diomain without explicit order from owner.

- (2) Domain is expired and, after reasonable HOLD period, is transferred to
the new owner (and more likely new registrar). I can happen with the unused
domain only, or with domain which is expired.

In no case can 2 events happen together; if it happen, it is 100% indication
of hajacking. If someone want domain to be delegated to the new owner, he
91) change registrar if necessary, and (2) change donain owner.

All other approaches are very dangerous.

> On Sun, Jan 16, 2005 at 06:01:35PM -0500, Henry Yen wrote:
> >
> > The latest shell host motd's:
> >
> > . Hijack recovery underway (elr) Sun Jan 16 17:43:28 2005
> > .
> > .    Recovery is underway from the domain hijack.
> > .
> > .    The root name servers now have the correct information, as does the
> > .    WHOIS registry.  Portions of the Internet will still not be able to
> > .    see until their name servers expire the false data.  More
> > .    info soon.
> Yes, some folks with serious mojo got involved and things seem to be
> on the way to "operationally fixed".  AFAIK there is still no progress as
> to the question of how this kind of transfer can happen without notice
> to the transferred-from registrar (it's possible that there's progress
> I don't know about).
> I have just spoken to the tremendously tired and overworked ops staff at
> Panix again.  They would appreciate it very much if network operators
> would reload their nameservers to help the good data for
> propagate over the bad.  Some Panix customer email now seems to be being
> relayed to the actual Panix mail servers by the fake ones in the UK, which
> is not such a good thing for obvious reasons.
> Thor

More information about the NANOG mailing list