[rescue] whois advice needed

Mouse mouse at Rodents-Montreal.ORG
Tue Aug 28 14:25:01 CDT 2012

> It appears that dotster has copied my domain's nameserver config into
> someone else's domain.  Since the whois for _their_ domain is now
> returning _my_ nameserver config, I'm seeing lots of requests for a
> zone that I don't handle.


But note that it may not be dotster's doing; it may be that dotster's
customer is who provided the bogons.  From our perspective, it's
difficult to tell the difference.

> Surely there's a method for reporting this sort of thing?

There's probably supposed to be.  But there are supposed to be lots of
things in Internet governance which do not actually exist.

> (I bet you could DOS a small DNS server pretty quickly if you listed
> it as authoritative for google or facebook...)

Probably.  But doing so would break Google or Facebook.  If you use a
heavily popular domain, the breakage will get noticed; if you use a
small domain, it won't be so effective.

Personally, if I discovered someone doing that, I'd probably set myself
up to serve it, with data consisting of a very-long-TTL NS record
naming localhost, with a glue record giving as the address,
in a attempt to make querents go away.  I'd probably also add a TXT
record explaining the situation, or pointing to a fetchable file that
explains the situation, for humans investigating.

If the traffic started to reach DoS levels, I'd probably treat it as a
DoS attack....

I'd probably also send mail to the domains' contact address, but in the
catastrophe that is today's Internet governance, I wouldn't really
expect that to do any good - anyone who cares about doing things right
enough to get that right is probably not going to get the DNS wrong, or
is not going to tolerate a registrar getting it wrong, for long.

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse at rodents-montreal.org
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

More information about the rescue mailing list