Detecting parked domains
Peter Dambier
peter at peter-dambier.de
Thu Aug 3 18:31:00 UTC 2006
No, it does not look good :)
; <<>> DiG 9.1.3 <<>> -t any eoileon.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47446
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;eoileon.com. IN ANY
;; ANSWER SECTION:
eoileon.com. 172800 IN NS ns11.chestertonholdings.com.
eoileon.com. 172800 IN NS ns1.chestertonholdings.com.
;; AUTHORITY SECTION:
eoileon.com. 172800 IN NS ns1.chestertonholdings.com.
eoileon.com. 172800 IN NS ns11.chestertonholdings.com.
;; ADDITIONAL SECTION:
ns1.chestertonholdings.com. 172800 IN A 204.13.160.12
ns11.chestertonholdings.com. 172800 IN A 204.13.161.12
;; Query time: 146 msec
;; SERVER: 192.168.48.227#53(192.168.48.227)
;; WHEN: Thu Aug 3 20:11:49 2006
;; MSG SIZE rcvd: 145
No SOA. Of course not. It is my own resolver :)
but
; <<>> DiG 9.1.3 <<>> -t any eoileon.com @ns1.chestertonholdings.com.
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60197
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 13
;; QUESTION SECTION:
;eoileon.com. IN ANY
;; ANSWER SECTION:
eoileon.com. 86400 IN A 204.13.161.31
;; AUTHORITY SECTION:
com. 86400 IN NS k.gtld-servers.net.
com. 86400 IN NS l.gtld-servers.net.
com. 86400 IN NS m.gtld-servers.net.
com. 86400 IN NS a.gtld-servers.net.
com. 86400 IN NS b.gtld-servers.net.
com. 86400 IN NS c.gtld-servers.net.
com. 86400 IN NS d.gtld-servers.net.
com. 86400 IN NS e.gtld-servers.net.
com. 86400 IN NS f.gtld-servers.net.
com. 86400 IN NS g.gtld-servers.net.
com. 86400 IN NS h.gtld-servers.net.
com. 86400 IN NS i.gtld-servers.net.
com. 86400 IN NS j.gtld-servers.net.
;; ADDITIONAL SECTION:
a.gtld-servers.net. 172800 IN A 192.5.6.30
a.gtld-servers.net. 172800 IN AAAA 2001:503:a83e::2:30
b.gtld-servers.net. 172800 IN A 192.33.14.30
b.gtld-servers.net. 172800 IN AAAA 2001:503:231d::2:30
c.gtld-servers.net. 172800 IN A 192.26.92.30
d.gtld-servers.net. 172800 IN A 192.31.80.30
e.gtld-servers.net. 172800 IN A 192.12.94.30
f.gtld-servers.net. 172800 IN A 192.35.51.30
g.gtld-servers.net. 172800 IN A 192.42.93.30
h.gtld-servers.net. 172800 IN A 192.54.112.30
i.gtld-servers.net. 172800 IN A 192.43.172.30
j.gtld-servers.net. 172800 IN A 192.48.79.30
k.gtld-servers.net. 172800 IN A 192.52.178.30
;; Query time: 245 msec
;; SERVER: 204.13.160.12#53(ns1.chestertonholdings.com.)
;; WHEN: Thu Aug 3 20:12:12 2006
;; MSG SIZE rcvd: 501
I wonder why bind did not say lame server?
; <<>> DiG 9.1.3 <<>> -t any eoileon.com @a.gtld-servers.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39156
;; flags: qr rd; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;eoileon.com. IN ANY
;; ANSWER SECTION:
eoileon.com. 172800 IN NS ns1.chestertonholdings.com.
eoileon.com. 172800 IN NS ns11.chestertonholdings.com.
;; AUTHORITY SECTION:
eoileon.com. 172800 IN NS ns1.chestertonholdings.com.
eoileon.com. 172800 IN NS ns11.chestertonholdings.com.
;; ADDITIONAL SECTION:
ns1.chestertonholdings.com. 172800 IN A 204.13.160.12
ns11.chestertonholdings.com. 172800 IN A 204.13.161.12
;; Query time: 160 msec
;; SERVER: 192.5.6.30#53(a.gtld-servers.net)
;; WHEN: Thu Aug 3 20:19:33 2006
;; MSG SIZE rcvd: 145
And no, they are not authoritative either.
> check_soa eoileon.com
There was no response from ns11.chestertonholdings.com
ns1.chestertonholdings.com: expected 1 answer, got 0
; <<>> DiG 9.1.3 <<>> -t any eoileon.com @ns11.chestertonholdings.com.
;; global options: printcmd
;; connection timed out; no servers could be reached
I should say the domain eoileon.com is at least broken if not broke :)
Cheers
Peter and Karin
Duane Wessels wrote:
>
> On Thu, 3 Aug 2006, Joe Abley said:
>
>> Do you have an example of a parked domain with no SOA record?
>
>
> eoileon.com
> tri-cityhearald.com
>
>
>> Surely for that to work for most of the domains we're talking about,
>> the parking companies would need to be able to insert arbitrary
>> records into zones such as "ORG", "NET" and "COM", which isn't
>> something that any of the registries for those zones permit.
>
>
> No, they just make up their own COM zone.
>
> For example, the nameservers for eoileon.com are:
>
> ;; AUTHORITY SECTION:
> eoileon.com. 145225 IN NS ns1.chestertonholdings.com.
> eoileon.com. 145225 IN NS
> ns11.chestertonholdings.com.
>
> If I ask one of their auth nameservers about COM I get:
>
> $ dig +short @ns1.chestertonholdings.com com soa
> a.gtld-servers.net. nstld.verisign-grs.com. 2006021701 3600 900 1209600
> 21600
>
> Which almost looks good, except they didn't get the email about Verisign's
> serial format change.
>
> $ dig +short com soa
> a.gtld-servers.net. nstld.verisign-grs.com. 1154620024 1800 900 604800 900
>
> Duane W.
>
--
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.serveftp.com
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
More information about the NANOG
mailing list