Old Webhosting Providers Who Hijack DNS? 24
linzeal
asks: "Oneworld
Hosting my old webhosting provider keeps hijacking my DNS records
for my website Anarchists for Life
and pointing it at another customer's website.
I have talked to the owner of the IP block as well as my old web host
a multitude of times to no avail. My new webhosting provider
Trilucid has been very helpful
and has even suggested legal action. Does anyone here have an idea
on how to solve this problem short of that?"
How are they hijacking DNS records? (Score:4, Informative)
Who's your registrar?? How can they update the DNS records for _your_ domain? Are you listed as the zone/technical contact?
If you gave them absolute control of the domain, then there's almost nothing you can do.
If you are the contact for the domain, update it with your registrar and make sure they're _NOT_ listed as the tech. contact!
Who's your DNS provider? Are they causing the problems?
Re:How are they hijacking DNS records? (Score:1)
Re:How are they hijacking DNS records? (Score:1)
Also ns[1234].tomorrow2.net are confused amongst themselves -- ns1 doesn't know who ns3, and vice-versa, plus ns1 does not responsd but ns3 serves an SOA record that points to ns1.ocdns.com. They need to fix this too.
Once all this is fixed, they have to update the serial numbers so the zone transfers will happen.
For those with an eye for the finer details:
----
[start with a root server]
> server d.gtld-servers.net.
Default Server: d.gtld-servers.net
Address: 192.31.80.30
> set type=soa
> anarchsforlife.org.
Server: d.gtld-servers.net
Address: 192.31.80.30
Authoritative answers can be found from:
anarchsforlife.org nameserver = NS1.TOMORROW2.NET
anarchsforlife.org nameserver = NS2.TOMORROW2.NET
anarchsforlife.org nameserver = NS3.TOMORROW2.NET
anarchsforlife.org nameserver = NS4.TOMORROW2.NET
NS1.TOMORROW2.NET internet address = 128.241.194.20
NS2.TOMORROW2.NET internet address = 128.241.194.21
NS3.TOMORROW2.NET internet address = 130.94.173.110
NS4.TOMORROW2.NET internet address = 130.94.173.111
> set type=ns
> anarchsforlife.org.
Server: d.gtld-servers.net
Address: 192.31.80.30
Non-authoritative answer:
anarchsforlife.org nameserver = NS3.TOMORROW2.NET
anarchsforlife.org nameserver = NS4.TOMORROW2.NET
anarchsforlife.org nameserver = NS1.TOMORROW2.NET
anarchsforlife.org nameserver = NS2.TOMORROW2.NET
Authoritative answers can be found from:
NS3.TOMORROW2.NET internet address = 130.94.173.110
NS4.TOMORROW2.NET internet address = 130.94.173.111
NS1.TOMORROW2.NET internet address = 128.241.194.20
NS2.TOMORROW2.NET internet address = 128.241.194.21
> set type=a
> anarchsforlife.org.
Server: d.gtld-servers.net
Address: 192.31.80.30
Name: anarchsforlife.org
Served by:
- NS1.TOMORROW2.NET
128.241.194.20
anarchsforlife.org
- NS2.TOMORROW2.NET
128.241.194.21
anarchsforlife.org
- NS3.TOMORROW2.NET
130.94.173.110
anarchsforlife.org
- NS4.TOMORROW2.NET
130.94.173.111
anarchsforlife.org
[that's what we wanted to see, so let's ask them]
> server ns1.tomorrow2.net.
Default Server: ns1.tomorrow2.net
Address: 128.241.194.20
> set type=a
> anarchsforlife.org.
Server: ns1.tomorrow2.net
Address: 128.241.194.20
[no response]
^C
> set type=ns
> anarchsforlife.org.
Server: ns1.tomorrow2.net
Address: 128.241.194.20
Non-authoritative answer:
anarchsforlife.org nameserver = NS2.TOMORROW2.NET
anarchsforlife.org nameserver = NS3.TOMORROW2.NET
anarchsforlife.org nameserver = NS4.TOMORROW2.NET
anarchsforlife.org nameserver = NS1.TOMORROW2.NET
Authoritative answers can be found from:
NS2.TOMORROW2.NET internet address = 128.241.194.21
NS1.TOMORROW2.NET internet address = 128.241.194.20
> set type=soa
> anarchsforlife.org.
Server: ns1.tomorrow2.net
Address: 128.241.194.20
[no response.]
^C
> server ns3.tomorrow2.net.
*** Can't find address for server ns3.tomorrow2.net.: Non-existent host/domain
[back to the root server, since ns1 doesn't know ns3]
> server d.gtld-servers.net.
Default Server: d.gtld-servers.net
Address: 192.31.80.30
> server ns3.tomorrow2.net.
Default Server: ns3.tomorrow2.net
Address: 130.94.173.110
> set type=soa
> anarchsforlife.org.
Server: ns3.tomorrow2.net
Address: 130.94.173.110
anarchsforlife.org
origin = ns1.ocdns.com
mail addr = root.ns1.ocdns.com
serial = 1005677141
refresh = 28800 (8 hours)
retry = 7200 (2 hours)
expire = 3600000 (41 days 16 hours)
minimum ttl = 86400 (1 day)
anarchsforlife.org nameserver = ns2.ocdns.com
anarchsforlife.org nameserver = ns1.ocdns.com
ns1.ocdns.com internet address = 130.94.173.122
ns2.ocdns.com internet address = 130.94.173.124
>
[but this is telling us to ask ocdns.com]
---
Here's a clue (Score:2)
Whois on networksolutions.com
Registrant:
Chris Welsh
2792 W. Jasper Dr.
Chandler, Az 85224
US
Registrar: Dotster (http://www.dotster.com)
Domain Name: ANARCHSFORLIFE.ORG
Created on: 06-SEP-00
Expires on: 06-SEP-02
Last Updated on: 26-OCT-00
Administrative Contact:
Welsh, Chris koat@disinfo.net
2792 W. Jasper Dr
Chandler, Az 85224
US
602-254-6398
Technical Contact:
Welsh, Chris koat@disinfo.net
2792 W. Jasper Dr
Chandler, Az 85224
US
602-254-6398
Domain servers in listed order:
NS3.TOMORROW2.NET
NS4.TOMORROW2.NET
NS2.TOMORROW2.NET
NS1.TOMORROW2.NET
Re:Here's a clue (Score:1)
Registrar: Go Daddy Software (http://registrar.godaddy.com)
Domain Name: TRILUCID.COM
Domain servers in listed order:
NS1.TOMORROW2.NET
NS2.TOMORROW2.NET
but this is my old provider
Registrar: NETWORK SOLUTIONS, INC.
Organization: Netwrench
address: P.O. Box 880
Worthington, OH 43085 US
Admin contact: Hosting, One World
email: info@ONEWORLDHOSTING.COM
phone: 800 8460241
fax: 614 4363010
Tech contact: Hosting, One World
email: info@ONEWORLDHOSTING.COM
phone: 800 8460241
fax: 614 4363010
Nameservers: ns2.oneworldhosting.com
ns.oneworldhosting.com
ns2.owh.com appearently still has my information on it and somehow takes precedent from the one my registrar is pointing at.
Re:Here's a clue (Score:1)
The whois records are pointing to NS1.TOMORROW2.NET, NS2.TOMORROW2.NET, NS3...,NS4...
Given that, there is no way ns2.owh.com is being used by the clients to look up your domain.
ONEWORLDHOSTING.COM is probably just re-using your old IP address and your new DNS servers still have the old records.
You new provider may be to inept to figure out what the problem is. A lawyer would be a waste of time and money. It is not a problem with your old provider it is a problem with your DNS records or your new provider.
BTW, the DNS SOA record on NS1.TOMORROW2.NET has ns1.ocdns.com listed. I can't do a zone transfer of your domain but I would not be surprised if your DNS records were setup to do a zone transfer from ONEWORLDHOSTING.COM and your new provider can't figure this out.
Get your records fixed at your new provider and you should have no problem.
The following query shows that data is being retrieved from your new providers servers and it has the old IP address.
$ host -a www.anarchsforlife.org
Trying "www.anarchsforlife.org."
;; ->>HEADER- opcode: QUERY, status: NOERROR, id: 26950
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
;; QUESTION SECTION:
;www.anarchsforlife.org. IN ANY
;; ANSWER SECTION:
www.anarchsforlife.org. 171572 IN A 64.177.5.173
;; AUTHORITY SECTION:
anarchsforlife.org. 171572 IN NS NS3.TOMORROW2.NET.
anarchsforlife.org. 171572 IN NS NS4.TOMORROW2.NET.
anarchsforlife.org. 171572 IN NS NS1.TOMORROW2.NET.
anarchsforlife.org. 171572 IN NS NS2.TOMORROW2.NET.
;; ADDITIONAL SECTION:
NS1.TOMORROW2.NET. 171672 IN A 128.241.194.20
NS2.TOMORROW2.NET. 171672 IN A 128.241.194.21
NS3.TOMORROW2.NET. 171672 IN A 130.94.173.110
NS4.TOMORROW2.NET. 171672 IN A 130.94.173.111
Received 205 bytes from 209.9.172.254#53 in 64 ms
Chuck
Re:Here's a clue (Score:1)
If it's that important... (Score:1)
Re:If it's that important... (Score:1)
Use a thirdparty DNS site (Score:2)
It's much easier to use a third party DNS provider who is either really cheap or free.
There are quite a few cheap ones out there and a couple free ones, but of course, I won't cool my own.
-davidu
Re: (Score:3, Interesting)
Re:Use a thirdparty DNS site (Score:1)
Currently two places are attempting to use my domain name with one of the ip addresses that they "own". Only one of them is actually being pointed at by my registrar the other one is usurping it because of technical problems or worse. Would ICANN be a good place to contact?
Re:Use a thirdparty DNS site (Score:1)
You are confusing a couple different issues/problems.
-davidu
Re:Use a thirdparty DNS site (Score:1)
Chuck
Registar Can Solve this problem (Score:1)
But from the cursory checking of that domain, it seems to belong to neither party unless it does belong to oneworldhosting.com, but not sure about it. But you can change it to point to your new hosting provider DNS so it will updates it properly and use the much higher serial number to override the old one that is floating around which they might consider the valid DNS which it isn't. It happens a few times and it is not much of an issue if you change the serial number to be higher than the old one that existed on the old DNS Server.
Re:Registar Can Solve this problem (Score:1)
Re:Registar Can Solve this problem (Score:1)
Re:Registar Can Solve this problem (Score:1)
You records at your new provider are using stale data. (maybe doing a zone transfer from your old providers master) Get your entire DNS zone from your new provider and that will help.
How do you update your DNS records at the new provider?
Confirm with them that they are not doing a zone transfer from your old provider.
Make sure any changes you make with them include a new serial number for the zone file.
Chuck
DNS (Score:1)
Re:DNS (Score:1)
The DNS Info In Queston (Score:2)
Trying "anarchsforlife.org."
HEADER opcode: QUERY, status: NOERROR, id: 23812
flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 4, ADDITIONAL: 4
QUESTION SECTION:
anarchsforlife.org. IN ANY
ANSWER SECTION:
anarchsforlife.org. 172800 IN NS NS1.TOMORROW2.NET.
anarchsforlife.org. 172800 IN NS NS2.TOMORROW2.NET.
anarchsforlife.org. 172800 IN NS NS3.TOMORROW2.NET.
anarchsforlife.org. 172800 IN NS NS4.TOMORROW2.NET.
AUTHORITY SECTION:
anarchsforlife.org. 172800 IN NS NS1.TOMORROW2.NET.
anarchsforlife.org. 172800 IN NS NS2.TOMORROW2.NET.
anarchsforlife.org. 172800 IN NS NS3.TOMORROW2.NET.
anarchsforlife.org. 172800 IN NS NS4.TOMORROW2.NET.
ADDITIONAL SECTION:
NS1.TOMORROW2.NET. 172800 IN A 128.241.194.20
NS2.TOMORROW2.NET. 172800 IN A 128.241.194.21
NS3.TOMORROW2.NET. 172800 IN A 130.94.173.110
NS4.TOMORROW2.NET. 172800 IN A 130.94.173.111
Received 241 bytes from 198.142.0.51#53 in 352 ms
[mikem@nailbox mikem]$ whois anarchsforlife.org
[whois.crsnic.net]
Whois Server Version 1.3
Domain Name: ANARCHSFORLIFE.ORG
Registrar: DOTSTER, INC.
Whois Server: whois.dotster.com
Referral URL: http://www.dotster.com/help/whois
Name Server: NS1.TOMORROW2.NET
Name Server: NS2.TOMORROW2.NET
Name Server: NS3.TOMORROW2.NET
Name Server: NS4.TOMORROW2.NET
Updated Date: 18-dec-2001
>>> Last update of whois database: Wed, 26 Dec 2001 17:04:50 EST
The Registry database contains ONLY
Registrars.
[whois.dotster.com]
Registrant:
Chris Welsh
2792 W. Jasper Dr.
Chandler, Az 85224
US
Registrar: Dotster (http://www.dotster.com)
Domain Name: ANARCHSFORLIFE.ORG
Created on: 06-SEP-00
Expires on: 06-SEP-02
Last Updated on: 26-OCT-00
Administrative Contact:
Welsh, Chris koat@disinfo.net
2792 W. Jasper Dr
Chandler, Az 85224
US
602-254-6398
Technical Contact:
Welsh, Chris koat@disinfo.net
2792 W. Jasper Dr
Chandler, Az 85224
US
602-254-6398
Domain servers in listed order:
NS3.TOMORROW2.NET
NS4.TOMORROW2.NET
NS2.TOMORROW2.NET
NS1.TOMORROW2.NET
Register a domain name at www.dotster.com
End of Whois Information
only at /. .... (Score:1)
If that's not bad enough, only about two guys out of 20 had any clue what was going on in the first place. Get a lawyer?...that's rich...how 'bout a hostmaster with a clue?
His zone record was fucked up, but it's hardly hijacking.
seen this before (Score:1)