North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Detecting parked domains

  • From: Peter Dambier
  • Date: Thu Aug 03 14:31:19 2006


No, it does not look good :)


; <<>> DiG 9.1.3 <<>> -t any eoileon.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47446
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;eoileon.com.                   IN      ANY

;; ANSWER SECTION:
eoileon.com.            172800  IN      NS      ns11.chestertonholdings.com.
eoileon.com.            172800  IN      NS      ns1.chestertonholdings.com.

;; AUTHORITY SECTION:
eoileon.com.            172800  IN      NS      ns1.chestertonholdings.com.
eoileon.com.            172800  IN      NS      ns11.chestertonholdings.com.

;; ADDITIONAL SECTION:
ns1.chestertonholdings.com. 172800 IN   A       204.13.160.12
ns11.chestertonholdings.com. 172800 IN  A       204.13.161.12

;; Query time: 146 msec
;; SERVER: 192.168.48.227#53(192.168.48.227)
;; WHEN: Thu Aug  3 20:11:49 2006
;; MSG SIZE  rcvd: 145

No SOA. Of course not. It is my own resolver :)

but

; <<>> DiG 9.1.3 <<>> -t any eoileon.com @ns1.chestertonholdings.com.
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60197
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 13

;; QUESTION SECTION:
;eoileon.com.                   IN      ANY

;; ANSWER SECTION:
eoileon.com.            86400   IN      A       204.13.161.31

;; AUTHORITY SECTION:
com.                    86400   IN      NS      k.gtld-servers.net.
com.                    86400   IN      NS      l.gtld-servers.net.
com.                    86400   IN      NS      m.gtld-servers.net.
com.                    86400   IN      NS      a.gtld-servers.net.
com.                    86400   IN      NS      b.gtld-servers.net.
com.                    86400   IN      NS      c.gtld-servers.net.
com.                    86400   IN      NS      d.gtld-servers.net.
com.                    86400   IN      NS      e.gtld-servers.net.
com.                    86400   IN      NS      f.gtld-servers.net.
com.                    86400   IN      NS      g.gtld-servers.net.
com.                    86400   IN      NS      h.gtld-servers.net.
com.                    86400   IN      NS      i.gtld-servers.net.
com.                    86400   IN      NS      j.gtld-servers.net.

;; ADDITIONAL SECTION:
a.gtld-servers.net.     172800  IN      A       192.5.6.30
a.gtld-servers.net.     172800  IN      AAAA    2001:503:a83e::2:30
b.gtld-servers.net.     172800  IN      A       192.33.14.30
b.gtld-servers.net.     172800  IN      AAAA    2001:503:231d::2:30
c.gtld-servers.net.     172800  IN      A       192.26.92.30
d.gtld-servers.net.     172800  IN      A       192.31.80.30
e.gtld-servers.net.     172800  IN      A       192.12.94.30
f.gtld-servers.net.     172800  IN      A       192.35.51.30
g.gtld-servers.net.     172800  IN      A       192.42.93.30
h.gtld-servers.net.     172800  IN      A       192.54.112.30
i.gtld-servers.net.     172800  IN      A       192.43.172.30
j.gtld-servers.net.     172800  IN      A       192.48.79.30
k.gtld-servers.net.     172800  IN      A       192.52.178.30

;; Query time: 245 msec
;; SERVER: 204.13.160.12#53(ns1.chestertonholdings.com.)
;; WHEN: Thu Aug  3 20:12:12 2006
;; MSG SIZE  rcvd: 501


I wonder why bind did not say lame server?



; <<>> DiG 9.1.3 <<>> -t any eoileon.com @a.gtld-servers.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39156 ;; flags: qr rd; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;eoileon.com.                   IN      ANY

;; ANSWER SECTION:
eoileon.com.            172800  IN      NS      ns1.chestertonholdings.com.
eoileon.com.            172800  IN      NS      ns11.chestertonholdings.com.

;; AUTHORITY SECTION:
eoileon.com.            172800  IN      NS      ns1.chestertonholdings.com.
eoileon.com.            172800  IN      NS      ns11.chestertonholdings.com.

;; ADDITIONAL SECTION:
ns1.chestertonholdings.com. 172800 IN   A       204.13.160.12
ns11.chestertonholdings.com. 172800 IN  A       204.13.161.12

;; Query time: 160 msec
;; SERVER: 192.5.6.30#53(a.gtld-servers.net)
;; WHEN: Thu Aug  3 20:19:33 2006
;; MSG SIZE  rcvd: 145


And no, they are not authoritative either.


> check_soa eoileon.com

There was no response from ns11.chestertonholdings.com
ns1.chestertonholdings.com: expected 1 answer, got 0

; <<>> DiG 9.1.3 <<>> -t any eoileon.com @ns11.chestertonholdings.com.
;; global options:  printcmd
;; connection timed out; no servers could be reached


I should say the domain eoileon.com is at least broken if not broke :)



Cheers Peter and Karin



Duane Wessels wrote:

On Thu, 3 Aug 2006, Joe Abley said:


Do you have an example of a parked domain with no SOA record?


eoileon.com
tri-cityhearald.com


Surely for that to work for most of the domains we're talking about, the parking companies would need to be able to insert arbitrary records into zones such as "ORG", "NET" and "COM", which isn't something that any of the registries for those zones permit.


No, they just make up their own COM zone.

For example, the nameservers for eoileon.com are:

;; AUTHORITY SECTION:
eoileon.com. 145225 IN NS ns1.chestertonholdings.com.
eoileon.com. 145225 IN NS ns11.chestertonholdings.com.


If I ask one of their auth nameservers about COM I get:

$ dig +short @ns1.chestertonholdings.com com soa
a.gtld-servers.net. nstld.verisign-grs.com. 2006021701 3600 900 1209600 21600


Which almost looks good, except they didn't get the email about Verisign's
serial format change.

$ dig +short com soa
a.gtld-servers.net. nstld.verisign-grs.com. 1154620024 1800 900 604800 900

Duane W.



--
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP: sipgate.de)
mail: [email protected]
mail: [email protected]
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/