Slashdot Mirror

If Google will be quick to grab it, they'll be able to create their own version of an evil monopoly!

• Most of the "anonymous domain registration" schemes involve some dummy party actually being the domain owner. If you ever get into a dispute with that party, you have a problem.
• Those "indemnification" clauses really matter in a situation like this. If someone goes after the dummy party, you'll end up paying their legal fees.
• Operating a business anonymously is a criminal offense in many jurisdictions, including California.
• It's not clear what happens if someone files a Whois Data Problem Report for your "anonymous" domain. But you probably won't like what happens.
• If someone wants your domain, they could make a case under the UDRP that your registration was in bad faith.
• Some spam filters may blacklist mail from, or mail that mentions, anonymous domains. It's like putting up a sign that says "I am a slimeball".
• There are signs of a crackdown on anonymous business web sites. Microsoft is sueing "bullet proof web hosting" firms.

I have been running an experiment on spam reduction. I have been checking every spammers's whois and filing a report on false data at http://wdprs.internic.net/. If their email bounces or their US address are not in the http://zip4.usps.com/zip4/welcome.htm/ I rat them out. The results are not in yet but it has so far yielded about a 25% reduction. The 15 day waiting period is still pending on my largest sources of spam.

I at least have the pleasure of thinking that I have annoyed some spammer at least as much as they have annoyed me. When the new TV season starts I think I will loose interest in this but it is something to do for an hour when it is too hot outside.

It may annoy you that you have to have a valid whois but it is a useful tool to attack spammers with. No bucks comming in to a web site, not as much spam.

Want a whole bunch (most) registered domain names in the world? You'll need to fill out some forms and wait maybe a week (except edu), but it's worth it. Click for biz, edu, int, info, org, com, net. These files are whoppers for the most part. Perl would not read the com file under redhat 6 its' so big. I use them for my surf engine, iconsurf.com.

You're slipping Keith, Randy Bush usualy refers to me as a "dangerous psychopath", Paul Vixie refers to me as a "misguided lunatic" and never mind the fact that Vixies boss who funded the $2M of DEC's money for development of BIND is behind all that I do in this arena, as a follow on act to his creating of the back-then wildly unpopular alt newsgroups (which Vixie prediced would be the death of usenet.

Who exactly are you referring to as "paranoid lunatics" Keith?

The obvious technical argument to your first paragraph is to self-primary the root and do away with any reliance on the legacy root servers or NSI's operation of them.

Non-legacy tlds aside, anybody that uses the legacy root servers is not going to get as fast or reliable nameservice than if they do it for themselves.

This would be the first step to wean yourselves away from the tit of the US Government controlled DNS. If you used ORSC dns that would be nice, but you don't have to, you can use the legacy root.

ftp://internic.net/domain/root.zone.gz still works if your favorite flavour is vanilla.

ftp://rz.vrx.net/db.root also works if you like other flavours.

Cordially,
Richard Sexton

I'd suggest the following.

If there is obviously inaccurate information on Whois (eg letters in phone numbers), then Gandi should be contacted via email with a reference to someone violating their Terms and Conditions. Also read their FAQs topics, here and here. Note that you cannot submit anonymous complaints. Also note that Gandi helpfully tells you that you can complain to ICANN if Gandi isn't doing their job, see this too.

With spam, I'd think they need much more evidence than simply one complaint. After all, email can be forged. But as I said before, complain to ICANN if all else fails.

You should also give Gandi some slack. The fundamental problem with spam are open relays and web servers at the hosting company. Neither require domain names. I've seen plenty of spam websites with IP addresses only. Unless Gandi was directly hosting/forwarding the email/html, there's little they can do.

Also, if I was a customer of Gandi, I'd sue their arse off if they revoked my domain name without clear and unambigious evidence of any wrongdoing. That's what the court system is there for.

So short answer, complain to Gandi and wait 15 days or whatever. If they don't satisfy you, complain to ICANN.

Why are the nameservers for gmail.com different from those of google.com?

Why are the nameservers for gmail.com different from those of google.com?

I agree. I was contacted to block a website through our school district web filter.

www.martinlutherking.org

It's purely a hate/descrimination web site and the domain name is owned by a known white supremacist organization. But the kids that find sites like these view them as if they are fact! Kids don't do a whois search. It doesn't even enter into their minds that someone would post misleading and false information on the web. A simple Google search turns up all sorts of "information" that points to this "factual" website.

Part of me needs to block it, but kids need to see this stuff too, otherwise they'll leave school and suddenly vast swaths of the web are now "unhidden" and they won't know what to believe. Maybe I don't give kids enough credit, but it's a troubling thought that our censorship of the web might be doing more harm in the long run, and I'm a part of that.

Who runs egovos.org and what makes you think it's the government? According to whois, the registrant and administrative contact is Tony Stanco (don't know if that's really the same person).

I was trying to think of the further ramifications of recommending this change: increased load on the remaining servers (which we can do little about... except maybe by creating a commercial service where we hijack users enquiries and... no wait), increased latency for some users querying some domains, and marginally increased vulnerability to DDoS attacks.

It brings to mind the famous quote:
"The Internet interprets censorship as damage and routes around it."
-- L. Peter Deutsch

The latest named.ca is available from here.

Q.

According to Internic's who-is, the moontomars web site is registered by ANSER. I'm curious why the space panel couldn't get a .GOV address for this?

ANSER. could be a spam outfit for all I know.

heisthebest.com is available.

hey, if the miserable failure guys can do it and the french military victories guy can do it, so can you!

In the bad old days you and you alone were in control of name resolution. For those of you without receding and/or grey hairlines who may not know or remember this, you had a file called hosts.txt that contained all the mappings of names to IPs. That, obviously, didn't scale and DNS was developed and was widely deployed by about 86 or so.

The one big gotcha with DNS is it takes control out of your hands. That is, you may have your own DNS server locally, but you traditionally refer to other servers that serve up the root zone that tells your DNS server where all the TLD servers are. Somewhere along the line the decision was made to use other machines, not your own, for this.

This is wrong for many reasons:

1. It's slower than if you have your own local copy of the root zone
   
2. it's a point of failure you can live without - a DDOS on the legacy roots shouldn't take you down
3. it provides a political point of capture - he who controls the root controls all the DNS namespace, and it's currently under the aegis of the trademark lobby under the guise of an incompetant and gutless wonder we jokingly refer to as "ICANN".

But there are ways around this. The easiest if is you static route the 13 root server IPs to your own nameserver. Then you can run an unmodified copt of the legacy root zone on your own nameserver and the US government root servers can be backhoed or DDOS'd and you wouldn't even notice. ISP's are starting to figure this out, especiallly ones with expensive longhaul connections.

Or, you can modify your nameserver to declare youtself primary for the root zone (which you've dutifully downloaded) and edit out the declarations for "." in the legacy root zone.

Or you can use the ORSC root zone. If it's good enough for two ICANN board members, it's good enough for you.

Whatever you do, for God's sake dump bind and use DJBDNS. It really is so much better it's just not funny.

It's not a big file. Certainly smaller than the last hosts.txt.

It's here: ftp://internic.net/domain/root.zone.gz

Of course if you're feeling really frisky you could use this one: ftp://open-rsc.org/pub/db.root

Back in the good old days when her serene highness the Dalai Lauren worked there and Dave Holtzman was still VP I took the e-ticket tour. The facility is in a nondescript industrial mall a few miles from the NSI mothership.

"oh, you'll want to see this"

"what is it"

"A-ROOT"

"THAT tiny little thing?"

"Yup. Go ahead and touch it, everybody that comes here wants to do that. See where the paint has worn off the case?".

"Uh, ok"

"You use this thing Dave"

"Nah, I download the root zone from you".

"Cool, for that you can buy me lunch".

"Good idea. Thai okay?"

NSI was fun once and there's lots of good stories. When the FNCAC made the NSF tell NSI to start charging for domain names none of the freaks working at NSI could believe you could charge for this and lots of checks were just pinned up to a bulletin board in a "wait and see" holding pattern for a few months. There weren't so many domains back then.

Karl Aurbach also downloads the root zone from me and you should too. Or use OpenNIC's root or even *cough*ICANNs*cough* (ftp://internic.net/domain/root.zone.gz, or any root.zone you want but if you know what's good for you you won't rely any anybody but yourself to serve up the root zone so your computer can find pointers to the various TLD servers: primary the root for yourself and don't worry about DOS attacks on other peoples computers taking your machine off the air.

That really was the dumbest part of the change from hosts.txt to the DNS - it changed the paradigm from your computer knowing where everything was to making your computer rely on the "." zone to be able to find the computers that know where all names can be found and there's really no reason for it.

Certainly it does not scale for everybody to grab a copy of the root from one place, and Dan Bernstein has suggested a cryptographically signed root be distributed via usenet. To this end I've created news:alt.root.orsc and will begin doing just that this quarter.

Then go to the Internic problem report form and file a complaint. If all data is invalid and the owner cannot be contact the owner, the domain will be suspended.

ICANN is not actually in charge of that. Internic is responsible for policing that. You can submit a problem report at this link and they will take it to the registrar who then researches the information and complies.

One of the thirteen root servers is operated by Verisign. Good luck!

-Lucas

BTW, domain name disputes cost $1000 to $2000. So if the ISP is asking less than $1000, that may be your cheapest route out of this mess, as morally repugnant as that sounds.

Well,

"Amazing how the USA thinks they are ahead of everyone else... ;)"

M'kay I'll bite...

The last time I checked, the Samba team was in Australia (see whois samba.org ). And I challenge you to prove that Australia is part of the USA...

Hmm. Maybe it's not about what the USA thinks, but about what people outside the USA think?

Yummy. Brainfood!

online petition

you can file a complaint about Verisign to ICANN by using their:

Registrar Problem Report Form

mybox:~> host qawsedrf.net
qawsedrf.net A 64.94.110.11
mybox:~> whois qawsedrf.net

Whois Server Version 1.3

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

No match for "QAWSEDRF.NET".

The ICANN website has an online complaint form.

To quote from the site in question:

Although ICANN's limited technical mission does not include resolving individual customer-service complaints, ICANN does monitor such complaints to discern trends.

Let your voices be heard!

http://reports.internic.net/cgi/registrars/problem -report.cgi

Apparently msnbot.com has been owned by Go Daddy Software since April of 2002, according to the WHOIS entry. Maybe they knew something we didn't?

I'm sure when MS sues Go Daddy Software over this, it will show up here on /.

Errr... But how would you find the IP address of PepsiCo's nameserver? This sounds like a boot strapping problem.

I know the zone doesn't change all that often, and you can get it by FTP (example, here, but, I wouldn't want a stale copy of the zone mysteriously borking my networks.

TIA

I'd just like to point out that if anyone here believes any of the Domain Registration details are inaccurate, then the domain is in breach of the Domain Registration Agreement and should be reported using this form

Evil dictator or not, this is the Internet, and no one gives a rats ass if you're a dog.

Well, you guys can rest easy, i sent xant an email. I said:

"Hey xant,

I've attached the critical file you alluded to in your comment at http://slashdot.org/comments.pl?sid=43025&cid=4509 265.

Keep it on your hard drive in case we all need it. :)"

Heh. In case his hard drive goes, maybe a couple other people should get it from here.

(11:45am EDT Saturday 21-Sep-2002)

It's not just that a lot of domain names seem to have incorrect data: the whole VeriSign monster is one of the worst registrars one can dream of: you need to fill in papers and wait months to change domain ownership (unless you pay, of course), but my ISP could "steal" me my domain in two days, just sending an email to VS. And what about updating nameserver data for the 3 or 4 last domains I haven't yet moved to another registrar? You can't use the old email authentication procedure because they have been migrated to the new account system. wow... but they forgot to send us passwords, so our domains are pretty stuck with their old DNS info. Unless, of course, faxing authorization requests, and waiting, and waiting.
While most other registrars let you see DNS changes in seconds...
And maybe you get half the VS' prices...

Wonder why I bookmarked the Internic Registrar Problem Reports page?

I've been reporting some big-name spamvertized sites that hide behind phony domain registrations, and I encourage others to do so.

Since many people don't do DNS admin on a daily basis, the general public doesn't realize how awful and annoying things like OpenNIC or New.net really are. Alternate roots are the work of the devil!! :o) There's an interesting story at internic's site ( http://www.internic.net/faqs/authoritative-dns.htm l ) that explains about how authoritative roots are good, and New.net is bad.

"Friends don't let friends use alternate roots"

Except I wouldn't pay $35. There are plenty of places that charge less. Check internic.net for the full list.

You can also transfer an existing domain to another registrar to save money, but you need to transfer it before it expires.

I tried to go to http://www.petSWEARhouse.com/ but there seems to be no site there. Oh wait, it's not even registered. I wonder who will be the first slashdotter to register it and point it at ... well, you know where :-)

If you look at the image of the letter you will see that they blocked out the address, but not the postnet barcode.

To my eyes the POSTNET barcode looks like this to me : (where t represents a tall bar and s a short one)

t ttsss sstst sstts stsst tssst ssstt ssstt sstst ststs sstst ststs tssts t

This decodes into 0 2 3 4 7 1 1 2 5 2 5 8.

which is ZIP+4+2: 02347-1125-25 Checksum 8

The way the POSTNET checksum value is given by (10-((Summation of all digits) Mod 10)). The total of our digits 02347112525 = 32... (10-(32 mod 10)) = 8. The checksum is valid and our decoding is probably successful.

Next step... head to the usps website to find that 02347 is in Lakeville, MA. Mind you, a ZIP+4+2 code in most cases is a unique address. However, the USPS is not going to make this easy for us.

Lets try our friend Google instead... searching for 02347-1125 give us the personal web site of Steve Douillette.

But how can we be sure that this is the letter Mr. Douillette recieved and diligently forwarded to godaddy to warn other customers? I wonder where Steve registered his domain name steve-d.com.

If you want to be anonymous, please be careful with what you post online.

NSI is the worst registrar out there. Here is a list of registrars, any one of which is better than NSI. Personally, I use Bulk Register.

1ALpha7

Ok, enough of my fanboy/google ski11z/karma whoring shit already. I don't even play these games anymore. All I want is the next Mario Kart.

It there's going to be a major fork, how about we fix that other humongous problem. OpenBIND would certainly be nice if it included OpenNIC and OpenRootServers. ;-) The DNS system has got to be the funniest example of something sustained only by people's unwillingness and laziness to change to something else because what they have is "good enough". We're paying for domain names from companies because no one really bothers to implement a replacement that has gotten widespread enough support.

If you are going to bother paying money for registered domain names, because you are angry, you should be a bit more creative like this is. At least then, when they get the domain names back, their InterNIC lookup still looks funny.

Well, I guess THESE& lt;/a> guys are next.

You can look at some of the damage that was done to the DNS @ Internic as of 8:30 this morning.

If all you want is to do whois:

• the Internic have a fill-in form you can use; all the examples given above can be read this way. However, this only works with gTLDs.
• If you want to look up (almost) any domain regardless of its TLD, try using BW Whois, which is clever and asks the correct NIC automatically. It fails on some odd cases like names in .ac.uk, though.

If all you want is to do whois:

• the Internic have a fill-in form you can use; all the examples given above can be read this way. However, this only works with gTLDs.
• If you want to look up (almost) any domain regardless of its TLD, try using BW Whois, which is clever and asks the correct NIC automatically. It fails on some odd cases like names in .ac.uk, though.

MICROSOFT.COM.IS.SECRETLY.RUN.BY.ILLUMINATI.TERROR ISTS.NET
MICROSOFT.COM.IS.RULED.BY.HACKERJACK.COM
MICROSOFT.COM.INSPIRES.COPYCAT.WANNABE.SUBVERSIVES .NET
MICROSOFT.COM.HAS.NO.LINUXCLUE.COM
MICROSOFT.COM

APPLE.COM.IS.THE.CHOICE.OF.ALL.SELF.RESPECTING.TER RORISTS.NET
APPLE.COM

AOL.COM.KCAUTOWEB.COM
AOL.COM.IS.REGULARLY.HAX0RED.BY.INSIDE-AOL.COM
AOL.COM.EATMYSHIT.ORG
AOL.COM.AMSLIQUIDATORS.COM
AOL.COM

MICROSOFT.COM.IS.SECRETLY.RUN.BY.ILLUMINATI.TERROR ISTS.NET
MICROSOFT.COM.IS.RULED.BY.HACKERJACK.COM
MICROSOFT.COM.INSPIRES.COPYCAT.WANNABE.SUBVERSIVES .NET
MICROSOFT.COM.HAS.NO.LINUXCLUE.COM
MICROSOFT.COM

APPLE.COM.IS.THE.CHOICE.OF.ALL.SELF.RESPECTING.TER RORISTS.NET
APPLE.COM

AOL.COM.KCAUTOWEB.COM
AOL.COM.IS.REGULARLY.HAX0RED.BY.INSIDE-AOL.COM
AOL.COM.EATMYSHIT.ORG
AOL.COM.AMSLIQUIDATORS.COM
AOL.COM

MICROSOFT.COM.IS.SECRETLY.RUN.BY.ILLUMINATI.TERROR ISTS.NET
MICROSOFT.COM.IS.RULED.BY.HACKERJACK.COM
MICROSOFT.COM.INSPIRES.COPYCAT.WANNABE.SUBVERSIVES .NET
MICROSOFT.COM.HAS.NO.LINUXCLUE.COM
MICROSOFT.COM

APPLE.COM.IS.THE.CHOICE.OF.ALL.SELF.RESPECTING.TER RORISTS.NET
APPLE.COM

AOL.COM.KCAUTOWEB.COM
AOL.COM.IS.REGULARLY.HAX0RED.BY.INSIDE-AOL.COM
AOL.COM.EATMYSHIT.ORG
AOL.COM.AMSLIQUIDATORS.COM
AOL.COM

Or you could try:
http://whois.inter nic .net/cgi-bin/whois?whois_nic=microsoft.com
http://whois.internic. net /cgi-bin/whois?whois_nic=apple.com
http://whois.internic.ne t/c gi-bin/whois?whois_nic=aol.com
http://whois.inte rni c.net/cgi-bin/whois?whois_nic=whithouse.gov

Or you could try:
http://whois.inter nic .net/cgi-bin/whois?whois_nic=microsoft.com
http://whois.internic. net /cgi-bin/whois?whois_nic=apple.com
http://whois.internic.ne t/c gi-bin/whois?whois_nic=aol.com
http://whois.inte rni c.net/cgi-bin/whois?whois_nic=whithouse.gov