DNS hijack?

Matthew Petach mpetach at netflight.com
Fri Nov 12 15:07:00 UTC 2021


On Fri, Nov 12, 2021 at 5:55 AM William Herrin <bill at herrin.us> wrote:

> On Thu, Nov 11, 2021 at 6:36 PM Jeff Shultz <jeffshultz at sctcweb.com>
> wrote:
> >
> >
> > Yeah, apparently when a domain expires, a lot of DNS queries to domains
> in that domain's DNS server... get redirected to a Network Solutions "this
> is expired" website at that IP.
> > Even though those domains are perfectly legit and paid up. Or so it was
> explained to me and how it appeared.
>
> Hi Jeff,
>
> Do you mean that there's a delay between when you're recorded as
> having paid up and when everything is correct throughout the DNS
> system? Yes, there is. Your domain expired, you corrected the problem,
> but then there was an unexpected (by you) delay before the interloping
> name resolution was gone?
>
> If you meant something else, I'd like to hear a better description of
> the problem. If not... well of course: that's how the DNS works.
> There's propagation delay imposed by TTLs and refresh intervals before
> old data is discarded. There are a handful of scenarios (e.g.
> old-school browser pinning) where stale data can persist for months.
> Don't let the domain expire before you renew it. Really don't.
>

I suspect it's more a case of

domain foo.com provides DNS service for several other domains,
including bar.com.

bar.com is fully paid up.

foo.com doesn't get paid up on time; expires, but is quickly
re-claimed and paid up again.

queries for bar.com suddenly show up as "this domain is
available" due to foo.com (which provides DNS for bar.com)
having briefly gone into the expired state.  Users of bar.com
are (rightly) confused, as bar.com was never in a jeopardy
state.

We'll see if Jeff confirms my suspicion of what happened
in this case.   ^_^;

Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20211112/109a8c0f/attachment.html>


More information about the NANOG mailing list