3

I got a new IP address block from my ISP; lets call it 2.2.2.0/25.

2.2.2.1 and 2.2.2.2 get frequent DNS traffic; looking at the traffic; it's destined for the nameservers ns1.tp.com and ns2.tp.com.

tp.com has ns1.tp.com and ns2.tp.com as their nameservers; so no content is available on that site.

ns1.tp.com and ns2.tp.com are registered with the zone authority for .com (is that ICANN?) --- how do I go about notifying the proper authority that those IP addresses are mine now and that this nameserver entry they've got is stale?

EDIT :

ns1.tp.com are A records; but they are name servers registered with whoever manages the .com zone. tp.com's nameservers are ns1.tp.com; which are my servers; so it's definitely not still being served up as an A record.

Rizwan Kassim
  • 539
  • 6
  • 20
  • Just to clarify: Do you own/control the domain "tp.com" ? (I realize that that is not the real domain name, but just an example.) – Steven Monday Oct 29 '10 at 05:18

7 Answers7

8

You shouldn't really have to notify anyone, beyond your own domain registrar.

If you intend to have nameservers at 2.2.2.1 and 2.2.2.2, just make certain that they only serve the names for which they are authoritative, and nothing else. Pretty quickly, clients of the old nameservers at 2.2.2.[12] will realize that they're not getting responses, and they'll stop sending queries.

If you don't have nameservers at 2.2.2.1 and .2 (and it's probably easier if you don't), then just let those incoming queries drop to the floor. Again, the clients at the sending end will very quickly get the hint that there's no point sending queries to your particular corner of the internet.

Steven Monday
  • 13,599
  • 4
  • 36
  • 45
  • Good answer ! As long as you are not flooded by DNS packets, there is no reason to worry too much. – Guillaume Oct 27 '10 at 07:25
  • Why should his domain registrar care? It's nothing to do with them if traffic for some other domain arrives at his IP space. – Alnitak Oct 27 '10 at 08:03
  • +1 Although OP's registrar won't be able to do anything about it; maybe contact the other registrar who is also not forced to do anything. But the DNS configuration and firewall suggestions make lots of sense. – Belmin Fernandez Oct 27 '10 at 11:40
  • Agree on the DNS and firwall concern - but the clients on the sending end still hit my firewall regularly and I've been dropping those queries to the floor for three weeks. – Rizwan Kassim Oct 27 '10 at 18:54
  • ns1.tp.com are A records; but they are name servers registered with whoever manages the .com zone. tp.com's nameservers are ns1.tp.com; which are my servers; so it's definitely not still being served up as an A record. – Rizwan Kassim Oct 27 '10 at 18:55
  • Maybe I'm misreading your comment but tp.com's nameservers are pdns[1-6].ultradns.[org|net|info|co.uk]. Or is tp.com just an example domain you're using? – Belmin Fernandez Oct 27 '10 at 19:07
  • Yes, it's a sample one. – Rizwan Kassim Oct 29 '10 at 04:44
  • Whois terrypearl.com Domain name servers listed in order: NS1.TERRYPEARL.COM NS2.TERRYPEARL.COM – Rizwan Kassim Oct 29 '10 at 04:44
5

Are you saying that ns1.tp.com and ns2.tp.com are A records to your IP?

If so, you could try to contact the owner of the domain by performing a whois command (there's several websites that perform the lookup but I normally use the command line tool). However, they are not forced to change the A record. If they chose to leave it that way maliciously or just because they are lazy, you're SOL.

Belmin Fernandez
  • 10,799
  • 27
  • 84
  • 148
  • ns1.tp.com are A records; but they are name servers registered with whoever manages the .com zone. tp.com's nameservers are ns1.tp.com; which are my servers; so it's definitely not still being served up as an A record. – Rizwan Kassim Oct 27 '10 at 18:53
5

I think this is an opportune time to teach someone a valuable lesson.

Configure the DNS server to respond to requests for that domain and give it a pretty little website :-)

Ash Palmer
  • 357
  • 1
  • 8
2

Or, you could have fun. Perhaps just give an answer that leads to a page that says domain is misconfigured.

Ronald Pottol
  • 1,703
  • 1
  • 11
  • 19
2

I'll echo and restate Nimmy's sentiment...

You can't control what the owner of tp.com sets his nameservers to, or what IPs his nameserver responds with when queried. If he wants to tell people to visit your IPs, he can.

As Ash mentioned, you do have the option of sending clients some informative results when they contact your servers, or malicious results if that's your thing.

Sparr
  • 770
  • 1
  • 5
  • 14
  • tp.com's nameservers are ns1.tp.com. See my issue? – Rizwan Kassim Oct 27 '10 at 18:56
  • So then that's even worse... If someone is still coming to you as ns1.tp.com then they have cached an old response from ns1.tp.com for ns1.tp.com, and you'd be stuck trying to convince a single internet user (or ISP, or whoever) to clear their DNS cache manually. – Sparr Oct 28 '10 at 00:01
  • As I understand DNS; isn't there a root .com zone file that lists all the servers that are considered name servers? – Rizwan Kassim Oct 29 '10 at 04:45
  • No. tp.com's registrar (who is a second level registrar, not the .com root authority) is the one who says that ns1.tp.com is a nameserver. – Sparr Oct 29 '10 at 18:01
1

You should check who is responsible by the domain, http://whois.arin.net/ui , or checking the SOA record and contact him to fix it.

VP.
  • 403
  • 3
  • 15
1

The best way to handle this might very well be to e-mail the owner of the domain, give them fair time to change their DNS setup (I'd say at least a few work days), and if it continues or if they prove unwilling, set up a DNS server serving an empty zone with a short negative TTL. Their customers starting to complain that their web site only works intermittently should get their attention, if gentle persuation on your part doesn't...

user
  • 4,335
  • 4
  • 34
  • 71