Re: (NSI) LAME-DELEGATION.ORG hijacking IP space ??

[william () elan net]

I commented on it once before on nanog actually...

Basicly LAME-DELEGATION.ORG is domain Network Solutions is using to move 
old host records to. If they have a domain that is expiring and scheduled
for deletion and it has host records in .com or .net zones (so called 
glue host records), then NSI would rename that host from 
somehost.experingdomain.com to lamexxxxx.lame-delegation.org

Then they can delete the domain and at some point later they check if 
there are any domains in their .com/.net zones that use that host
and if so they either keep that "lamexxxx.lame-delegation.org" or notify 
those domains and manually remove that extra host from the list of dns servers 
for each domain. Somewhere in the process the lamexxxx.lame-delegation.org 
I gather maybe changed from its previous ip to "1.1.1.1" and then probably 
deleted. To me using 1.1.1.1 seems inappropriate (this is not a special 
ip block to be used for such purpose and just reserved iana block which 
may be allocated, it may also creates unnecessory load on root servers, 
though in theory nobody is supposed to query that dns os use such host).

While the above process is better then just deleting the domains and 
and letting their host records remain (which can then be controlled by 
whoever reregisters the domains), it only protects .com/.net domains and 
not domains in any "country-level" or .biz or .info domains which may very 
well use those deleted hosts as well. I also have to note that its only 
networksolutions that is using lame-delegation.org and number of other 
registrars have similar system but using different domains to move hosts to.
Some dont do it at all and let the host remains even when domain is 
reregistered (giving control of the glue hosts to new domain owner).

Also another note I have to make about which I wondered couple months back - 
while previously it was easy for NSI to rename host names like above 
since they controlled .com, .net, .org. now that they no longer control 
.org, this may not be the same (though I suspect it really does not 
matter, all they change is glue record in zone files as well as whois and 
they do not necessarily need to control .org for that).

On Sat, 14 Jun 2003, John Brown wrote:

> could someone explain this
>
> shorts# nslookup LAME2850.LAME-DELEGATION.ORG
> Server:  ns1.chagres.net
> Address:  216.223.236.233
> Aliases:  233.236.223.216.in-addr.arpa
>
> Non-authoritative answer:
> Name:    LAME2850.LAME-DELEGATION.ORG
> Address:  1.1.1.1
>
>
>
>
> or this
>
>
>
> shorts# nslookup LAME41178.LAME-DELEGATION.ORG
> Server:  ns1.chagres.net
> Address:  216.223.236.233
> Aliases:  233.236.223.216.in-addr.arpa
>
> Non-authoritative answer:
> Name:    LAME41178.LAME-DELEGATION.ORG
> Address:  4.3.145.66
>
> shorts# nslookup 4.3.145.66
> Server:  ns1.chagres.net
> Address:  216.223.236.233
> Aliases:  233.236.223.216.in-addr.arpa
>
> Name:    lsanca1-145-066.biz.dsl.gtei.net
> Address:  4.3.145.66
>
>
> seems 4.3.146.66 is some DSL link in GTEI / BBN / Name today
>
>
>
> if NSI is going to use this as a way to deal with lame zones, fine,
> but how about using RFC 1918 space, or a public IP and a machine that
> returns NXDOMAIN..... 
>
> instead of what looks like random IP allocations, some of which may
> cause pain for others...
>
> Hey, better yet, why not just learn how to DELETE host records from 
> a zone ???