Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
News

Old Webhosting Providers Who Hijack DNS? 24

Posted by Cliff from the solving-uplinker-antics dept.
linzeal asks: "Oneworld Hosting my old webhosting provider keeps hijacking my DNS records for my website Anarchists for Life and pointing it at another customer's website. I have talked to the owner of the IP block as well as my old web host a multitude of times to no avail. My new webhosting provider Trilucid has been very helpful and has even suggested legal action. Does anyone here have an idea on how to solve this problem short of that?"
This discussion has been archived. No new comments can be posted.

Old Webhosting Providers Who Hijack DNS? More

Old Webhosting Providers Who Hijack DNS?

Comments Filter:

  • How are they hijacking DNS records? (Score:4, Informative)

    by nbvb ( 32836 ) on Wednesday December 26, 2001 @10:59AM (#2751728) Journal
    How are they "hijacking" your DNS records?

    Who's your registrar?? How can they update the DNS records for _your_ domain? Are you listed as the zone/technical contact?

    If you gave them absolute control of the domain, then there's almost nothing you can do.

    If you are the contact for the domain, update it with your registrar and make sure they're _NOT_ listed as the tech. contact!

    Who's your DNS provider? Are they causing the problems?
    • I'm the technical contact and have always been and Dotster [dotster.com] have gone out of their way to try to help me as well with no success. When I switched providers each time it was I who updated the DNS records. Not one of my webhosting providers has ever touched the dns records to my knowledge.
    • The SOA record is messed up. Get TOMORROW2.NET to correct it and update the serial. The root servers know who to ask, but TOMORROW2.NET has the zone messed up.

      Also ns[1234].tomorrow2.net are confused amongst themselves -- ns1 doesn't know who ns3, and vice-versa, plus ns1 does not responsd but ns3 serves an SOA record that points to ns1.ocdns.com. They need to fix this too.

      Once all this is fixed, they have to update the serial numbers so the zone transfers will happen.

      For those with an eye for the finer details:

      ----
      [start with a root server]
      > server d.gtld-servers.net.
      Default Server: d.gtld-servers.net
      Address: 192.31.80.30

      > set type=soa
      > anarchsforlife.org.
      Server: d.gtld-servers.net
      Address: 192.31.80.30

      Authoritative answers can be found from:
      anarchsforlife.org nameserver = NS1.TOMORROW2.NET
      anarchsforlife.org nameserver = NS2.TOMORROW2.NET
      anarchsforlife.org nameserver = NS3.TOMORROW2.NET
      anarchsforlife.org nameserver = NS4.TOMORROW2.NET
      NS1.TOMORROW2.NET internet address = 128.241.194.20
      NS2.TOMORROW2.NET internet address = 128.241.194.21
      NS3.TOMORROW2.NET internet address = 130.94.173.110
      NS4.TOMORROW2.NET internet address = 130.94.173.111
      > set type=ns
      > anarchsforlife.org.
      Server: d.gtld-servers.net
      Address: 192.31.80.30

      Non-authoritative answer:
      anarchsforlife.org nameserver = NS3.TOMORROW2.NET
      anarchsforlife.org nameserver = NS4.TOMORROW2.NET
      anarchsforlife.org nameserver = NS1.TOMORROW2.NET
      anarchsforlife.org nameserver = NS2.TOMORROW2.NET

      Authoritative answers can be found from:
      NS3.TOMORROW2.NET internet address = 130.94.173.110
      NS4.TOMORROW2.NET internet address = 130.94.173.111
      NS1.TOMORROW2.NET internet address = 128.241.194.20
      NS2.TOMORROW2.NET internet address = 128.241.194.21
      > set type=a
      > anarchsforlife.org.
      Server: d.gtld-servers.net
      Address: 192.31.80.30

      Name: anarchsforlife.org
      Served by:
      - NS1.TOMORROW2.NET
      128.241.194.20
      anarchsforlife.org
      - NS2.TOMORROW2.NET
      128.241.194.21
      anarchsforlife.org
      - NS3.TOMORROW2.NET
      130.94.173.110
      anarchsforlife.org
      - NS4.TOMORROW2.NET
      130.94.173.111
      anarchsforlife.org

      [that's what we wanted to see, so let's ask them]

      > server ns1.tomorrow2.net.
      Default Server: ns1.tomorrow2.net
      Address: 128.241.194.20

      > set type=a
      > anarchsforlife.org.
      Server: ns1.tomorrow2.net
      Address: 128.241.194.20
      [no response]
      ^C
      > set type=ns
      > anarchsforlife.org.
      Server: ns1.tomorrow2.net
      Address: 128.241.194.20

      Non-authoritative answer:
      anarchsforlife.org nameserver = NS2.TOMORROW2.NET
      anarchsforlife.org nameserver = NS3.TOMORROW2.NET
      anarchsforlife.org nameserver = NS4.TOMORROW2.NET
      anarchsforlife.org nameserver = NS1.TOMORROW2.NET

      Authoritative answers can be found from:
      NS2.TOMORROW2.NET internet address = 128.241.194.21
      NS1.TOMORROW2.NET internet address = 128.241.194.20
      > set type=soa
      > anarchsforlife.org.
      Server: ns1.tomorrow2.net
      Address: 128.241.194.20
      [no response.]
      ^C
      > server ns3.tomorrow2.net.
      *** Can't find address for server ns3.tomorrow2.net.: Non-existent host/domain
      [back to the root server, since ns1 doesn't know ns3]
      > server d.gtld-servers.net.
      Default Server: d.gtld-servers.net
      Address: 192.31.80.30

      > server ns3.tomorrow2.net.
      Default Server: ns3.tomorrow2.net
      Address: 130.94.173.110

      > set type=soa
      > anarchsforlife.org.
      Server: ns3.tomorrow2.net
      Address: 130.94.173.110

      anarchsforlife.org
      origin = ns1.ocdns.com
      mail addr = root.ns1.ocdns.com
      serial = 1005677141
      refresh = 28800 (8 hours)
      retry = 7200 (2 hours)
      expire = 3600000 (41 days 16 hours)
      minimum ttl = 86400 (1 day)
      anarchsforlife.org nameserver = ns2.ocdns.com
      anarchsforlife.org nameserver = ns1.ocdns.com
      ns1.ocdns.com internet address = 130.94.173.122
      ns2.ocdns.com internet address = 130.94.173.124
      >
      [but this is telling us to ask ocdns.com]

      ---
  • [netsol.com]
    Whois on networksolutions.com

    Registrant:
    Chris Welsh
    2792 W. Jasper Dr.
    Chandler, Az 85224
    US

    Registrar: Dotster (http://www.dotster.com)
    Domain Name: ANARCHSFORLIFE.ORG
    Created on: 06-SEP-00
    Expires on: 06-SEP-02
    Last Updated on: 26-OCT-00

    Administrative Contact:
    Welsh, Chris koat@disinfo.net
    2792 W. Jasper Dr
    Chandler, Az 85224
    US
    602-254-6398

    Technical Contact:
    Welsh, Chris koat@disinfo.net
    2792 W. Jasper Dr
    Chandler, Az 85224
    US
    602-254-6398

    Domain servers in listed order:
    NS3.TOMORROW2.NET
    NS4.TOMORROW2.NET
    NS2.TOMORROW2.NET
    NS1.TOMORROW2.NET
    • These are the correct nameservers for my new provider

      Registrar: Go Daddy Software (http://registrar.godaddy.com)
      Domain Name: TRILUCID.COM

      Domain servers in listed order:
      NS1.TOMORROW2.NET
      NS2.TOMORROW2.NET

      but this is my old provider

      Registrar: NETWORK SOLUTIONS, INC.

      Organization: Netwrench
      address: P.O. Box 880
      Worthington, OH 43085 US

      Admin contact: Hosting, One World
      email: info@ONEWORLDHOSTING.COM
      phone: 800 8460241
      fax: 614 4363010

      Tech contact: Hosting, One World
      email: info@ONEWORLDHOSTING.COM
      phone: 800 8460241
      fax: 614 4363010

      Nameservers: ns2.oneworldhosting.com
      ns.oneworldhosting.com

      ns2.owh.com appearently still has my information on it and somehow takes precedent from the one my registrar is pointing at.
      • I am betting that you are looking in the wrong place. You probably copied the old DNS records to the new servers at NS1.TOMORROW2.NET, NS2 etc.

        The whois records are pointing to NS1.TOMORROW2.NET, NS2.TOMORROW2.NET, NS3...,NS4...

        Given that, there is no way ns2.owh.com is being used by the clients to look up your domain.
        ONEWORLDHOSTING.COM is probably just re-using your old IP address and your new DNS servers still have the old records.

        You new provider may be to inept to figure out what the problem is. A lawyer would be a waste of time and money. It is not a problem with your old provider it is a problem with your DNS records or your new provider.

        BTW, the DNS SOA record on NS1.TOMORROW2.NET has ns1.ocdns.com listed. I can't do a zone transfer of your domain but I would not be surprised if your DNS records were setup to do a zone transfer from ONEWORLDHOSTING.COM and your new provider can't figure this out.

        Get your records fixed at your new provider and you should have no problem.

        The following query shows that data is being retrieved from your new providers servers and it has the old IP address.
        $ host -a www.anarchsforlife.org
        Trying "www.anarchsforlife.org."
        ;; ->>HEADER- opcode: QUERY, status: NOERROR, id: 26950
        ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4

        ;; QUESTION SECTION:
        ;www.anarchsforlife.org. IN ANY

        ;; ANSWER SECTION:
        www.anarchsforlife.org. 171572 IN A 64.177.5.173

        ;; AUTHORITY SECTION:
        anarchsforlife.org. 171572 IN NS NS3.TOMORROW2.NET.
        anarchsforlife.org. 171572 IN NS NS4.TOMORROW2.NET.
        anarchsforlife.org. 171572 IN NS NS1.TOMORROW2.NET.
        anarchsforlife.org. 171572 IN NS NS2.TOMORROW2.NET.

        ;; ADDITIONAL SECTION:
        NS1.TOMORROW2.NET. 171672 IN A 128.241.194.20
        NS2.TOMORROW2.NET. 171672 IN A 128.241.194.21
        NS3.TOMORROW2.NET. 171672 IN A 130.94.173.110
        NS4.TOMORROW2.NET. 171672 IN A 130.94.173.111

        Received 205 bytes from 209.9.172.254#53 in 64 ms

        Chuck
        • I'll definately bring this to both the registrar's attention and my new web hosting provider. I know first hand how difficult DNS can be when I attempted to setup a simple DNS/DNS cache server once. Thank you very much and happy holidays. :)
  • you should contact a lawyer and have him send them a letter threatening legal action if they don't stop. For them to send a letter may cost you a couple hundred $$, but may be an easy way. If they continue, and you need to take them to court, you will definitely win and they will end up footing the bill for your legal costs. Unless, you still owe them money and that's why they are doing this.... Of course, you can just keep calling and emailing them daily.... then hourly... then every 5 or 10 minutes.... eventually they will get the point that you won't leave them alone till the resolve your problem.
  • You shouldn't really rely on a company who you are in contract with to provide you DNS service. When you leave, they have no incentive to keep pointing records for you or even make it easy for you to move.

    It's much easier to use a third party DNS provider who is either really cheap or free.

    There are quite a few cheap ones out there and a couple free ones, but of course, I won't cool my own. ;-)

    -davidu

    • Re: (Score:3, Interesting)

      by account_deleted ( 4530225 )
      Comment removed based on user account deletion
      • I don't owe them any money. It is some fault with their secondary DNS server keeping old records and/or being brought up partially from old backups. I'm not sure. It is a recaccuring problem and the ipblock owners Alabanza have actually solved the problem off and on numerous times for a few days.

        12/26/01 12:15:46 IP Block 64.177.5.173 Trying 64.177.5.173 at ARIN Trying 64.177.5 at ARIN Alabanza, Inc. (NETBLK-ALABANZA-BALT-4) 8309 Tinsley Rd. Baltimore, MD 21244 US Netname: ALABANZA-BALT-4 Netblock: 64.176.0.0 - 64.177.255.255 Maintainer: ALAB Coordinator: Cunningham, Thomas (TC12-ARIN) ipadmin@alabanza.com 410-779-1400 Domain System inverse mapping provided by: NS.ALABANZA.COM 209.239.47.252 NS2.ALABANZA.COM 209.239.47.201 ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE Record last updated on 06-Oct-2000. Database last updated on 25-Dec-2001 19:55:00

        Currently two places are attempting to use my domain name with one of the ip addresses that they "own". Only one of them is actually being pointed at by my registrar the other one is usurping it because of technical problems or worse. Would ICANN be a good place to contact?

    • as near as I can tell he is not using his old provider to host DNS. The whois records point to his new provider.

      Chuck
  • The simple way to resolve this is by changing the DNS server where your domains point to. Currently, it points to tomorrow2.net which have 4 of them listed.

    But from the cursory checking of that domain, it seems to belong to neither party unless it does belong to oneworldhosting.com, but not sure about it. But you can change it to point to your new hosting provider DNS so it will updates it properly and use the much higher serial number to override the old one that is floating around which they might consider the valid DNS which it isn't. It happens a few times and it is not much of an issue if you change the serial number to be higher than the old one that existed on the old DNS Server.
    • See the problem with this theory is, even though you change the DNS at your registrar, if you are only running a locally known domain, for your local small-town community to see, and if you had that site hosted on a small town ISP, the one that won't give up the DNS.... well, if they still resolve that domain to their servers, and most people in that lil town use that ISP... then most people in that town will only get the old page... I've ran into this before. Go through legal channels, they have no legal right to highjack the site. .
    • Tomorrow2.net is owned or used by trilucid my current provider. It is the ns2.oneworldhosting.com server that still holds my domain information somehow and refuses to release it.
      • Eventually you should have oneworldhosting.com stop serving out your DNS information but it is only a problem for their customers if they are providing stale data.

        You records at your new provider are using stale data. (maybe doing a zone transfer from your old providers master) Get your entire DNS zone from your new provider and that will help.

        How do you update your DNS records at the new provider?

        Confirm with them that they are not doing a zone transfer from your old provider.

        Make sure any changes you make with them include a new serial number for the zone file.

        Chuck
  • Switch registrars: to networklsoultions.com, formerly internic.net. They were awarded the contract that internic once held. Which Verisign now holds. Manually remove all previus DNS Host records that you have information about. They are still there even when they tell you "this is all that is showing up". Host with a large provider. Verio, Verisign, ATT, SWBELL, Etc.
    • Why anyone would want to switch to network solutions is beyond me. Network solutions has some of the WORST customer service around and charges about twice what most other registrars charge.
  • To save you all five seconds...

    Trying "anarchsforlife.org."
    HEADER opcode: QUERY, status: NOERROR, id: 23812
    flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 4, ADDITIONAL: 4

    QUESTION SECTION:
    anarchsforlife.org. IN ANY

    ANSWER SECTION:
    anarchsforlife.org. 172800 IN NS NS1.TOMORROW2.NET.
    anarchsforlife.org. 172800 IN NS NS2.TOMORROW2.NET.
    anarchsforlife.org. 172800 IN NS NS3.TOMORROW2.NET.
    anarchsforlife.org. 172800 IN NS NS4.TOMORROW2.NET.

    AUTHORITY SECTION:
    anarchsforlife.org. 172800 IN NS NS1.TOMORROW2.NET.
    anarchsforlife.org. 172800 IN NS NS2.TOMORROW2.NET.
    anarchsforlife.org. 172800 IN NS NS3.TOMORROW2.NET.
    anarchsforlife.org. 172800 IN NS NS4.TOMORROW2.NET.

    ADDITIONAL SECTION:
    NS1.TOMORROW2.NET. 172800 IN A 128.241.194.20
    NS2.TOMORROW2.NET. 172800 IN A 128.241.194.21
    NS3.TOMORROW2.NET. 172800 IN A 130.94.173.110
    NS4.TOMORROW2.NET. 172800 IN A 130.94.173.111

    Received 241 bytes from 198.142.0.51#53 in 352 ms
    [mikem@nailbox mikem]$ whois anarchsforlife.org
    [whois.crsnic.net]

    Whois Server Version 1.3

    Domain Name: ANARCHSFORLIFE.ORG
    Registrar: DOTSTER, INC.
    Whois Server: whois.dotster.com
    Referral URL: http://www.dotster.com/help/whois
    Name Server: NS1.TOMORROW2.NET
    Name Server: NS2.TOMORROW2.NET
    Name Server: NS3.TOMORROW2.NET
    Name Server: NS4.TOMORROW2.NET
    Updated Date: 18-dec-2001

    >>> Last update of whois database: Wed, 26 Dec 2001 17:04:50 EST

    The Registry database contains ONLY .COM, .NET, .ORG, .EDU domains and
    Registrars.

    [whois.dotster.com]

    Registrant:
    Chris Welsh
    2792 W. Jasper Dr.
    Chandler, Az 85224
    US

    Registrar: Dotster (http://www.dotster.com)
    Domain Name: ANARCHSFORLIFE.ORG
    Created on: 06-SEP-00
    Expires on: 06-SEP-02
    Last Updated on: 26-OCT-00

    Administrative Contact:
    Welsh, Chris koat@disinfo.net
    2792 W. Jasper Dr
    Chandler, Az 85224
    US
    602-254-6398

    Technical Contact:
    Welsh, Chris koat@disinfo.net
    2792 W. Jasper Dr
    Chandler, Az 85224
    US
    602-254-6398

    Domain servers in listed order:
    NS3.TOMORROW2.NET
    NS4.TOMORROW2.NET
    NS2.TOMORROW2.NET
    NS1.TOMORROW2.NET

    Register a domain name at www.dotster.com

    End of Whois Information

  • only at /. .... (Score:1)

    by Anonymous Coward
    can a DNS misconfiguration become "hijacking". Good work there Cliff, glad to see you're on top if it.

    If that's not bad enough, only about two guys out of 20 had any clue what was going on in the first place. Get a lawyer?...that's rich...how 'bout a hostmaster with a clue?

    His zone record was fucked up, but it's hardly hijacking.
  • The problem is that your old isp has your dns records in their system, but their web servers don't know about your domain (thus pointing it to the default or first one). You need to make sure that all the root servers point to the correct dns and ask your old isp to remove your zone from their configuation files (on masters and slaves).

Slashdot Top Deals

THEGODDESSOFTHENETHASTWISTINGFINGERSANDHERVOICEISLIKEAJAVELININTHENIGHTDUDE

Close