Due to an outbreak of cluelessness in the world domain registrar community there may be a period of
DNS flakiness on chapmancentral. This address will work:
http://chapmancentral.demon.co.uk (http://chapmancentral.demon.co.uk/)
<insert humorous reference to lemon-soaked paper napkins>
Guy
===
** WARNING ** This posting may contain traces of irony. http://chapmancentral.demon.co.uk (http://chapmancentral.demon.co.uk/)
"Just zis Guy, you know?" <guy.chapman@spamcop.net> wrote in message
news:gob8mvol9ccu72bkbselndnqbm5liglohe@4ax.com...
> Due to an outbreak of cluelessness in the world domain registrar community there may be a period
> of DNS flakiness on chapmancentral. This address will work:
>
> http://chapmancentral.demon.co.uk (http://chapmancentral.demon.co.uk/)
>
> <insert humorous reference to lemon-soaked paper napkins>
>
does anyone here have any idea what on *earth* is going on with DNS these days? I have noticed for
the best part of a week now that many DNS queries are just being rejected with no reply.
At first I thought this was just NTL being pants as usual; but it is only affecting *some* sites
rather than the entire NTL DNS boxes falling over
[1] - and Guy is on Demon via BT ADSL...
is there some big snafu with DNS in general, and if so has anyone actually "gathered the fruit of
the clue tree" yet? I'm surprised even the media haven't picked up on this; or is it just some
localised problem within the UK?
Alex
[2] which happens every so often..
Mr R@t (2.3 zulu-alpha) [comms room 2] wrote:
> does anyone here have any idea what on *earth* is going on with DNS these days? I have noticed for
> the best part of a week now that many DNS queries are just being rejected with no reply.
>
> At first I thought this was just NTL being pants as usual; but it is only affecting *some* sites
> rather than the entire NTL DNS boxes falling over
> [1] - and Guy is on Demon via BT ADSL...
>
> is there some big snafu with DNS in general, and if so has anyone actually "gathered the fruit of
> the clue tree" yet? I'm surprised even the media haven't picked up on this; or is it just some
> localised problem within the UK?
>
Not sure whats going on but have problems on ntl as well enough to make me set up bind so all sites
visited ips are cached locally for later retrieval.
Ivor Cave
"Mr R@t \(2.3 zulu-alpha\) [comms room 2]" <ratsnest23@sovtel.su> writes:
> "Just zis Guy, you know?" <guy.chapman@spamcop.net> wrote in message
> news:gob8mvol9ccu72bkbselndnqbm5liglohe@4ax.com...
> > Due to an outbreak of cluelessness in the world domain registrar community there may be a period
> > of DNS flakiness on chapmancentral. This address will work:
> >
> > http://chapmancentral.demon.co.uk (http://chapmancentral.demon.co.uk/)
> >
> > <insert humorous reference to lemon-soaked paper napkins>
> >
> does anyone here have any idea what on *earth* is going on with DNS these days? I have noticed for
> the best part of a week now that many DNS queries are just being rejected with no reply.
>
> At first I thought this was just NTL being pants as usual; but it is only affecting *some* sites
> rather than the entire NTL DNS boxes falling over
> [1] - and Guy is on Demon via BT ADSL...
>
> is there some big snafu with DNS in general, and if so has anyone actually "gathered the fruit of
> the clue tree" yet? I'm surprised even the media haven't picked up on this; or is it just some
> localised problem within the UK?
Nominet seem to have recently cleared out a lot of domains which haven't had their renewal fees paid
- it happened to one of mine, much to my embarrassment.
--
simon@jasmine.org.uk (Simon Brooke) http://www.jasmine.org.uk/~simon/
Anagram: I'm soon broke.
James wrote:
>
>
>> "Mr R@t \(2.3 zulu-alpha\) [comms room 2]" <ratsnest23@sovtel.su> writes:
>>
>>
>>> "Just zis Guy, you know?" <guy.chapman@spamcop.net> wrote in message
>>> news:gob8mvol9ccu72bkbselndnqbm5liglohe@4ax.com...
>>>
>>>> Due to an outbreak of cluelessness in the world domain registrar community there may be a
>>>> period of DNS flakiness on chapmancentral. This address will work:
>>>>
>>>> http://chapmancentral.demon.co.uk (http://chapmancentral.demon.co.uk/)
>>>>
>>>> <insert humorous reference to lemon-soaked paper napkins>
>>>>
>>> does anyone here have any idea what on *earth* is going on with DNS these days? I have noticed
>>> for the best part of a week now that many DNS queries are just being rejected with no reply.
>>>
>>> At first I thought this was just NTL being pants as usual; but it is only affecting *some* sites
>>> rather than the entire NTL DNS boxes falling over
>>> [1] - and Guy is on Demon via BT ADSL...
>>>
>>> is there some big snafu with DNS in general, and if so has anyone actually "gathered the fruit
>>> of the clue tree" yet? I'm surprised even the media haven't picked up on this; or is it just
>>> some localised problem within the UK?
>>
>>
>>
>> Nominet seem to have recently cleared out a lot of domains which haven't had their renewal fees
>> paid - it happened to one of mine, much to my embarrassment.
>>
> This might be a part of the problem.
>
>
> ------------------------------------------------------------------------
>
> 17 September 2003 Updated: 12:10 GMT
>
> <http://www.theregister.co.uk/> (http://www.theregister.co.uk/)
>
>
>
>
> *Register Services* *Register ISP* <http://www.vcisp.net/> (http://www.vcisp.net/) *Reg Jobsearch*
> <http://www.jobsite.co.uk/theregister> (http://www.jobsite.co.uk/theregister) *Reg Merchandise* <http://www.cashncarrion.co.uk/> (http://www.cashncarrion.co.uk/)
> *Bookstore* <http://www.pearson-books.com/registerbookstore/> (http://www.pearson-books.com/registerbookstore/) *Mobile, Wireless, PDA Store*
> <http://www.expansys.com/register.asp> (http://www.expansys.com/register.asp) *Reg Reader Studies* </content/58/index.html>
>
> *Sections* *Front Page* </content/1/index.html> *Software* </content/4/index.html> *Enterprise
> Systems* </content/53/index.html> *Servers* </content/61/index.html> *Storage*
> </content/63/index.html> *Personal Hardware* </content/54/index.html> *Semiconductors*
> </content/3/index.html> *Internet* </content/6/index.html> *Security* </content/55/index.html>
> *Virus News* </content/56/index.html> *Business* </content/7/index.html> *Networks*
> </content/5/index.html> *Bootnotes* </content/28/index.html> *This Week's Headlines*
> </content/29/index.html>
>
> <http://www.rackspace.co.uk/index.php?committed=true&CMP=PAC-committed> (http://www.rackspace.co.uk/index.php?committed=true&CMP=PAC-committed)
>
> *Wireless - Operators* </content/59/index.html> *Wireless and Mobile Devices*
> </content/68/index.html> *Wireless - WLAN* </content/69/index.html> *Wireless - 3G*
> </content/64/index.html> *Broadband* </content/22/index.html> *The Mac Channel*
> </content/39/index.html> *Channel Flannel* </content/51/index.html> *Small Business*
> </content/67/index.html> *BOFH* </content/30/index.html> *Letters* </content/35/index.html> *Site
> News* </content/31/index.html> *Contact us* </content/62/index.html>
>
> *The Reg Newsletter* Enter your email address here for our daily news update. Privacy Policy
> </content/31/28796.html>
>
>
> Get the Reg Screensaver. <http://www.theregister.co.uk/content/31/17656.html> (http://www.theregister.co.uk/content/31/17656.html)
>
> Join the Reg SETI group.
> <http://setiathome.ssl.berkeley.edu/cgi-bin/cgi?cmd=team_join_form&id=145855> (http://setiathome.ssl.berkeley.edu/cgi-bin/cgi?cmd=team_join_form&id=145855)
>
>
> Join Reg Cancerbusters. </content/31/30699.html>
>
>
>
> ------------------------------------------------------------------------
> Verisign DNS change broke my HP printer By John Leyden <mailto:john.leyden@theregister.co.uk> (mailto:john.leyden@theregister.co.uk)
> Posted: 17/09/2003 at 10:24 GMT
>
> *Letters*/Reg/ readers have plenty of say about Verisign's controversial move to direct surfers
> who get lost on the Web to a search site run by the company. Our coverage provoked a large number
> of letters, almost all hostile, about Versign's audacious typo-squatting land grab.
>
> All your Web typos are belong to us <http://www.theregister.co.uk/content/6/32852.html> (http://www.theregister.co.uk/content/6/32852.html)
>
> Martin Ward is the first to fire brickbats at the company, which /Reg/ readers have rechristened
> as "VeriSlime".
>
> *Verisign are essentially "squatting" on every unregistered domain name, and using them for
> profit. How many trademarked names does that include? What are the fines for squatting on just
> *one* trademark for commercial exploitation?*
>
> Roger Thomas worries about the implications if other DNS providers adopt Verisign's tactics.
>
> *That's a worrying article, and just thinking about the issues raised I can see the following:
>
> 1) If it’s good enough for Verisign to mess about with the root servers I can see other DNS
> providers doing the same, by redirecting users to their own systems.
>
> 2) This will poison DNS servers across the world as they will end up caching the SOA records
> created by Verisign for these 'dynamic' DNS entries. While the time to live on these records is
> short, real entries will be dropped as the junk entries are added to the database. There is now
> a new DNS attack were nodes on the internet create vast numbers of random DNS look up requests
> so clearing the DNS caches of all the DNS servers they access.
>
> Oh life if going to be fun.*
>
> Let's start a campaign against Verisign, reader Steve Foster, suggests.
>
> *I think we need to start a global campaign to black-list Verisign if they don't back off.*
>
> Pete Farrow favours more direct action.
>
> *This means that the basic "sender domain does not resolve" check in Sendmail and many other mail
> server software is now obsolete because any .net and .com now resolves. This will open the
> internet up to more spam.
>
> But there is a solution, perhaps mail servers should check to see if the sender domain for a
> particular piece of email resolves to the Ip above. If it does, forward the email to Verisign, any
> of the email addresses on this page should do :
>
> http://www.verisign.com/corporate/about/contact/index.html?sl=060104
>
> If the email sender domain resolves to the bogus Verisign wildcard entry, then its only fair that
> the email gets forwarded back to them, as it’s obviously spam and it resolves to their address.
>
> If the internet community applies such a rule, then I think this wildcard DNS nonsense will soon
> be retired. You could also check the web site at Verisign automatically to see if they change
> their email addresses just to make sure you always forward the unresolving mail to a real
> mailbox.*
>
> Adrian Wilkins seconds the motion.
>
> *Bloody 'ell... so where can we get the home addresses of the "pigtastic" monopolisers of the
> internet?
>
> I'm only asking because, as a responsible sysadmin, I believe that all mis-addressed surface mail
> should get redirected to there as well... :) *
>
> And what of the wider implications of Verisign's audacious domain land grab? Abby Patel is worried
> about privacy.
>
> *Thanks for running the Verisign story on the Register. As an ISP, this is of great concern to
> us, as you rightly pointed out, this un-announced and unwarranted change is breaking services. As
> an example, we provide SPAM filtering for our broadband customers. One of the many checks we do
> is to ensure mail is coming from actual registered domains. With a single action, this test no
> longer works, adding to the already difficult war on the volumes of SPAM that our customers have
> to deal with.
>
> However, the other worry is the data retention that Verisign admits it is carrying out if you look
> at their terms and conditions. Amazingly enough, they in their PDF file discussing the change,
>
> "2.4 Monitoring and Communication
>
> VeriSign actively monitors all traffic associated with Site Finder, including DNS queries matching
> the wildcard entries in .com and .net and associated responses, and all traffic sent to the
> response server. This traffic is correlated and monitored in real time, 24 hours a day, seven days
> a week, by VeriSign's Network Operations Centre... complete traffic stream to the .com and .net
> name servers and the response server, as well as rolled up statistics, are stored for analysis."
>
> So, you mistype a domain name, and suddenly to have agreed to Verisign’s T&C's to let them collect
> information about you. What if the URL was mistyped but had some personal information in it, e.g.
> http://dummysite-that-is-not-real-at-all.com/userid=mylogin,mypassword=password
>
>
> Similarly, the SMTP service that replies with the 550 error only does so after you have specified
> the recipient. What will Verisign do with all the "from" mail addresses that they will be logging?
> A ready made list of live e-mail addresses for selling on to marketing companies perhaps?
>
> However, it seems that the T&C's might help us to stop this abuse. If you do not agree to the
> T&C's the only option they have is to not redirect your netblock to their site. So, give them a
> call on 0800-032-2101, select 2 to speak to their support department and once you get a human,
> tell them that you don't agree to their T&C's and can they remove your netblocks!*
>
> Nick Ryan picks up the theme.
>
> *Gah. Note the thinly veiled threats in their whitepaper..
>
> Bah, it has cut'n'paste disabled, of course.
>
>
> Verisign actively monitors all traffic ... 24 hours a day, 7 days a week ... Anomalous events are
> escalated to engineering staff ... Several hours of the complete traffic stream are stored for
> analysis.
>
>
> Reading between the lines ; "Try to DoS attack us at your peril, punks"
>
>
> While this monitoring data will not be public available at the launch of Site Finder, Verisign is
> considering making this information available in the future
>
>
> "If we get a lot of hits for particular unregistered domains, we might consider selling them to
> interested parties for inflated prices (via a front company, naturally)"*
>
> Will anybody defend Verisign? Only reader Justin Cordesman has anything positive to say about
> Verisign's radical changes.
>
> *For some reason I think there was forewarning of this, as a response to typo squatting. Which
> is worse, your customer getting a search page (and not one that pops up zillions of ads and
> tries to make itself your default) when they mistype your address, or getting a porn site or pop
> ups or an error?*
>
> Although Verisign suggested it might be making changes a few weeks ago it was only when the
> changes were made this week, without specification notification or debate on the technical and
> commercial implications on the move, that things really kicked off.
>
> But who cares for the wider implications, when your printer stops working. Reader Daniel Salzedo
> relates his tale of woe.
>
> *Thanks for your article "All your Web typos are belong to us", because without it I would
> probably never have realized why my networked HP printer was refusing to print.
>
> I have an HP Deskjet 6127 which has a built-in NIC and TCP/IP printing capability. Just a basic
> printer used by one small department and it's been working fine since it was setup. I have a
> simple LAN with one main W2K Server running DHCP and DNS. I usually setup any shared printer on
> this server, so installed the HP software which sets up a TCP/IP local port and points it at the
> printer. As the printer was setup to use DHCP for ease of use the TCP/IP printer port maps via the
> printer's name.
>
> Today, for no apparent reason, print jobs just stuck in the queue for a few minutes before timing
> out. To make a long and tedious set of troubleshooting steps short, it turned out the problem was
> the Verisign DNS change. Due to the way DNS is setup on the server (Because it is the LAN's
> top-level DNS server) a search for the local printer was being routed via the Internet. I guess it
> must always have worked this way, but because the printer would never resolve to a routable IP
> address it must have then tried a local lookup.
>
> Anyhow now, thanks to Verisign, my server always resolves the printer to the external IP address
> for their search service, hence the dead print jobs, forcing me to move the printer share to a
> different server.* ®
>
> Click here to request your FREE Oracle9iAS Release 2 J2EE Developer CD <http://ad.doubleclick.net- (http://ad.doubleclick.net-/)
> /clk;5900302;3439904;c?http://ad.uk.doubleclick.net/clk;5865077;8242027;o?http://www.oracle.com/g-
> o/?&Src=1769049&Act=40> Intentia & Sun deliver midmarket collaboration solution <http://ad.double- (http://ad.double-/)
> click.net/clk;6113889;3439904;t?http://s0b.bluestreak.com/ix.e?hy&s=210788&a=149772> Rackspace is
> the first Host to offer Red Hat Enterprise, exclusive special offer click here!
> <http://www.theregister.co.uk/offers/hosting/linux.html> (http://www.theregister.co.uk/offers/hosting/linux.html) Reg Rubberwear - designer PVC for the
> discerning punter at Cash'n'Carrion
> <http://www.cashncarrion.co.uk/?listPos=&op=catalogue-products-null&prodCategoryID=21> (http://www.cashncarrion.co.uk/?listPos=&op=catalogue-products-null&prodCategoryID=21) The Reg
> Mobile/ PDA store - for all your wireless needs <http://theregister.co.uk/pz/?mobilestore> (http://theregister.co.uk/pz/?mobilestore) Your
> signature is an IT industry mark of excellence - Jobsite <http://theregister.co.uk/pz/?jobsite2> (http://theregister.co.uk/pz/?jobsite2)
>
>
>
Whoops sorry did'nt mean to send the page...
Sorry again....I'll get my coat!!
