This is a case that I don't recall seeing before, and let me start by saying that I have only a tenuous relationship with these domain names; they're for an online store and magazine having to do with small boat building, and I've ordered a couple of things and read a bunch of articles but that's it, they aren't my domains or my websites.
The symptom is simple: neither domain, duckworksbbs.com and duckworksmagazine.com, will resolve, because the com servers have bogus NS records for them: [cookiemonster:~] owens% dig duckworksmagazine.com @a.gtld-servers.net ns ; <<>> DiG 9.8.3-P2 <<>> duckworksmagazine.com @a.gtld-servers.net ns ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26991 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;duckworksmagazine.com. IN NS ;; AUTHORITY SECTION: duckworksmagazine.com. 172800 IN NS doesnotexistwebterminator2.crystaltech.com.hu. duckworksmagazine.com. 172800 IN NS doesnotexistwebterminator1.crystaltech.com.hu. ;; Query time: 18 msec ;; SERVER: 2001:503:a83e::2:30#53(2001:503:a83e::2:30) ;; WHEN: Thu Oct 18 17:09:28 2012 ;; MSG SIZE rcvd: 139 Not only do those hostnames not exist (as one would expect), that domain isn't registered in hu. Here's the odd part. These changes have taken place without the permission of the domain owner, who I've contacted by email (he has a Gmail account, thankfully!) They seem to have happened a few hours ago; he told me that he has "been watching the sites go up and down all day." I confirmed that the web servers themselves are fine; this seems to be strictly a DNS issue. And WHOIS still shows the correct servers for both domains: Leinweber, Chuck Duckworks 608 Gammenthaler Harper, TX 78631 US Domain Name: DUCKWORKSMAGAZINE.COM ------------------------------------------------------------------------ Promote your business to millions of viewers for only $1 a month Learn how you can get an Enhanced Business Listing here for your domain name. Learn more at http://www.NetworkSolutions.com/ ------------------------------------------------------------------------ Administrative Contact, Technical Contact: Leinweber, Chuck [email protected] Duckworks 608 Gammenthaler Harper, TX 78631 US 830-864-4562 fax: 830-864-4197 Record expires on 18-Nov-2019. Record created on 18-Nov-1999. Database last updated on 18-Oct-2012 16:42:26 EDT. Domain servers in listed order: WEBTERMINATOR1.CRYSTALTECH.COM WEBTERMINATOR2.CRYSTALTECH.COM So the question is, how did someone manage to change the servers in the com zone, without changing the WHOIS records, and without permission from the admin/technical contact? Bill. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
