On Thu, Oct 18, 2012 at 05:19:28PM -0400, Bill Owens wrote: > > So the question is, how did someone manage to change the servers in > the com zone, without changing the WHOIS records, and without > permission from the admin/technical contact?
My bet is that this is a consequence of the sponsorship -- either the registrar changed or the name was allowed to expire and then brought back from the dead or both. Here's the whois data from crystaltech.com: Domain Name: CRYSTALTECH.COM Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE Whois Server: whois.melbourneit.com Referral URL: http://www.melbourneit.com Name Server: WEBTERMINATOR1.CRYSTALTECH.COM Name Server: WEBTERMINATOR2.CRYSTALTECH.COM Status: ok Updated Date: 18-oct-2012 Creation Date: 08-sep-1996 Expiration Date: 07-sep-2022 The domain was updated today, and 7 Sept is 42 days in the past, which sounds suspiciously close to the 45 day auto-renew grace period. When you delete names in EPP, you are not allowed to delete the name if any subordinate host objects still exist. You cannot delete a host object if there is something using that host object as a name server (the host is linked). Since the current registrar of crystaltech.com is not the same as that of duckworksmagazine.com, this might have been the case earlier. In that case, presumably Melbourne IT renamed the host objects that were dependent on crystaltech.com, in order to make them "external" hosts and thereby to allow the deletion of crystaltech.com. Certainly, this is a pattern of use I saw in the .info and other related registries. A -- Andrew Sullivan [email protected] _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
