Re: domainmonger.com with wildcard NS?
just me <[EMAIL PROTECTED]> writes: > On 14 Oct 2003, Robert E. Seastrom wrote: > > just me <[EMAIL PROTECTED]> writes: > > > In theory this doesnt break anything, since the nameservers in > > question aren't providing recursive service to anyone. Any questions > > they see are the result of a followed delegation. So I don't see why > > this would cause problems anywhere. > > I'd sure hate to be the poor fellow having a zone being served from > those nameservers when the inevitable configuration error causes the > zone to get dropped on the floor (for instance an accidental removal > from named.conf). NXDOMAIN or SERVFAIL sure beats a wildcard match > going to the wrong place. > > I think (don't hold me to this, I might be wrong) the trick, when > you're a registrar, is to not lose domains? History demonstrates that registrars are human too. ---Rob
RE: domainmonger.com with wildcard NS?
This is for domain parking. Users can configure their domains (or use a default I assume) to use these name servers, which in turn point everything to a parking page. My guess is the parking page is a) down b) fat fingered IP c) intentionally left blank. I have seen hosting companies do this to automatically point all domains to their hosting machines without the need for zone maintenance. -Mike -Original Message- From: Rick Ernst [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 14, 2003 10:07 AM To: [EMAIL PROTECTED] Subject: domainmonger.com with wildcard NS? This was brought to my attention by a friend. It looks like ns1.domainmonger.com and ns2.domainmonger.com are doing wildcard A records for all zones, including those that already exist. If you go to their site and try to register a domain, it properly shows if the domain exists or not. I'm trying to figure out what the reasoning is behind this. My friend alo pointed out this CERT alert, but I'm not sure how it relates: http://www.kb.cert.org/vuls/id/109475 Rick --- ; <<>> DiG 9.2.3rc4 <<>> @ns1.domainmonger.com www.esdfsadfsdftreet.com a ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50340 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.esdfsadfsdftreet.com. IN A ;; ANSWER SECTION: www.esdfsadfsdftreet.com. 1200 IN A 216.52.102.86 ;; AUTHORITY SECTION: com.1200IN NS ns1.domainmonger.com. com.1200IN NS ns2.domainmonger.com. ;; Query time: 37 msec ;; SERVER: 216.98.150.33#53(ns1.domainmonger.com) ;; WHEN: Tue Oct 14 09:59:24 2003 ;; MSG SIZE rcvd: 107 - ; <<>> DiG 9.2.3rc4 <<>> @ns2.domainmonger.com www.legendz.com a ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40110 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.legendz.com. IN A ;; ANSWER SECTION: www.legendz.com.1200IN A 216.52.102.86 ;; AUTHORITY SECTION: com.1200IN NS ns1.domainmonger.com. com.1200IN NS ns2.domainmonger.com. ;; Query time: 91 msec ;; SERVER: 216.122.4.81#53(ns2.domainmonger.com) ;; WHEN: Tue Oct 14 10:01:28 2003 ;; MSG SIZE rcvd: 98
Re: domainmonger.com with wildcard NS?
On 14 Oct 2003, Robert E. Seastrom wrote: just me <[EMAIL PROTECTED]> writes: > In theory this doesnt break anything, since the nameservers in > question aren't providing recursive service to anyone. Any questions > they see are the result of a followed delegation. So I don't see why > this would cause problems anywhere. I'd sure hate to be the poor fellow having a zone being served from those nameservers when the inevitable configuration error causes the zone to get dropped on the floor (for instance an accidental removal from named.conf). NXDOMAIN or SERVFAIL sure beats a wildcard match going to the wrong place. ---Rob I think (don't hold me to this, I might be wrong) the trick, when you're a registrar, is to not lose domains? matto [EMAIL PROTECTED]< Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include
Re: domainmonger.com with wildcard NS?
just me <[EMAIL PROTECTED]> writes: > In theory this doesnt break anything, since the nameservers in > question aren't providing recursive service to anyone. Any questions > they see are the result of a followed delegation. So I don't see why > this would cause problems anywhere. I'd sure hate to be the poor fellow having a zone being served from those nameservers when the inevitable configuration error causes the zone to get dropped on the floor (for instance an accidental removal from named.conf). NXDOMAIN or SERVFAIL sure beats a wildcard match going to the wrong place. ---Rob
Re: domainmonger.com with wildcard NS?
Some of the more pedantic registries require that nameservers for a new domain reg be up and available. In theory they are also supposed to answer auth for the new domain being registered, but I am not sure how many actually check for an SOA. Afternic used to wildcard NS records for that reason, so the practice isn't anything new. In theory this doesnt break anything, since the nameservers in question aren't providing recursive service to anyone. Any questions they see are the result of a followed delegation. So I don't see why this would cause problems anywhere. matto On Tue, 14 Oct 2003, Rick Ernst wrote: This was brought to my attention by a friend. It looks like ns1.domainmonger.com and ns2.domainmonger.com are doing wildcard A records for all zones, including those that already exist. If you go to their site and try to register a domain, it properly shows if the domain exists or not. I'm trying to figure out what the reasoning is behind this. My friend alo pointed out this CERT alert, but I'm not sure how it relates: http://www.kb.cert.org/vuls/id/109475 Rick [EMAIL PROTECTED]< Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include
domainmonger.com with wildcard NS?
This was brought to my attention by a friend. It looks like ns1.domainmonger.com and ns2.domainmonger.com are doing wildcard A records for all zones, including those that already exist. If you go to their site and try to register a domain, it properly shows if the domain exists or not. I'm trying to figure out what the reasoning is behind this. My friend alo pointed out this CERT alert, but I'm not sure how it relates: http://www.kb.cert.org/vuls/id/109475 Rick --- ; <<>> DiG 9.2.3rc4 <<>> @ns1.domainmonger.com www.esdfsadfsdftreet.com a ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50340 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.esdfsadfsdftreet.com. IN A ;; ANSWER SECTION: www.esdfsadfsdftreet.com. 1200 IN A 216.52.102.86 ;; AUTHORITY SECTION: com.1200IN NS ns1.domainmonger.com. com.1200IN NS ns2.domainmonger.com. ;; Query time: 37 msec ;; SERVER: 216.98.150.33#53(ns1.domainmonger.com) ;; WHEN: Tue Oct 14 09:59:24 2003 ;; MSG SIZE rcvd: 107 - ; <<>> DiG 9.2.3rc4 <<>> @ns2.domainmonger.com www.legendz.com a ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40110 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.legendz.com. IN A ;; ANSWER SECTION: www.legendz.com.1200IN A 216.52.102.86 ;; AUTHORITY SECTION: com.1200IN NS ns1.domainmonger.com. com.1200IN NS ns2.domainmonger.com. ;; Query time: 91 msec ;; SERVER: 216.122.4.81#53(ns2.domainmonger.com) ;; WHEN: Tue Oct 14 10:01:28 2003 ;; MSG SIZE rcvd: 98