Jump to content

Why is this still resolving?


bobbear

Recommended Posts

I've actually managed to get Joker to suspend the fraudsters domain aegis-capital.org, (30th. April), and it is listed as "hold,infringe-3rd-parties" and supposedly out of the zone with nameserver data pulled. TLD5.ULTRADNS.INFO. (an authoritative nameserver for org.) says that there are no A records for aegis-capital.org, and that the hostname aegis-capital.org does not exist. I cannot find any stored caching of it anywhere.

So, why is the crook's website still resolving for me on its Yahoo network??? (It's not locally cached).

Server Response (Yahoo Site Host IPs)

yns2.yahoo.com [216.109.116.20] 68.142.212.117 68.142.212.137 68.142.212.138 68.142.212.139

68.142.212.140 68.142.212.141

yns1.yahoo.com [66.218.71.205] 68.142.212.117 68.142.212.118 68.142.212.119 68.142.212.139

68.142.212.140 68.142.212.141

I originally thought that it was just cached somewhere & it would disappear in 24 hours - that was on April 30th.

Is it resolving for others? There's got to be a record somewhere I guess, even if it's just my ISP's DNS...

Yahoo seem to have reverted to 'clueless' mode & are not responding in a timely manner to abuse reports. The above network appeared to be being used by all sorts of spammers & crooks last time I looked.

Link to comment
Share on other sites

Is this resolving for your local machine? It is not at mine or several other DNS servers I use including OpenDNS.com and my local ISP Charter.net. Some servers may be set for much longer cache times than normal as well.

You (or I, since I also sent them reports on this site) have pulled the higher level DNS so that people looking for the site don't know where to find the ns servers for it. That does not pull the records from the hosting DNS servers, just nobody can find them unless they are using yahoo's name servers directly.

A lookup would start at the .org level to find the name servers for aegis-capital.org. Currently, that would fail. If it succeeded, the next lookup would be at those name servers, where the records still exist.

You (and I) have not convinced Yahoo that they need to remove this spammer. We basically "went over their heads".

Link to comment
Share on other sites

I'm not sure what is going on with Yahoo - their networks seem to be more and more in a mess and the abuse response is suddenly almost non-existent. I've had domains on that network closed down before, but all of a sudden Yahoo are not responding. Certainly their hosting of that site and numerous others is still live despite what must be numerous reports, (certainly from me & you!).

I'm pretty sure what the problem is is that my ISP, (Newnet), has either a DNS server problem or an A record TTL in excess of two days....I've got a query out to them. I don't know what the RFC's have to say on DNS A record TTL's, if anything - my old brain's hurting too much at the moment to start getting that involved. I'll have to look it up when my head stops pounding..

I've scanned around & used many other DNS servers and not found another record, so I'm pretty sure that's it, but it's always nice to get confirmation... Certainly Newnet couldn't get it from the authoritative .org servers as that record disappeared on April 30th. unless of course there's one lurking somewhere which is where the confirmation is always handy...

Edit: You'll probably find if you use these DNS servers it will resolve for you too...

* Primary DNS server: 212.87.64.7

* Secondary DNS server: 212.87.64.10

Edit2: mmm - I think I see the problem. Using the nslookup shell to query the SOA on the primary DNS server I get:

expire = 7084000 (81 days 23 hours 46 mins 40 secs) That seems rather a long expire time. Is that normal does anyone know?? The secondary DNS server appears to have expired....

Link to comment
Share on other sites

Edit: You'll probably find if you use these DNS servers it will resolve for you too...

* Primary DNS server: 212.87.64.7

* Secondary DNS server: 212.87.64.10

Edit2: mmm - I think I see the problem. Using the nslookup shell to query the SOA on the primary DNS server I get:

expire = 7084000 (81 days 23 hours 46 mins 40 secs) That seems rather a long expire time. Is that normal does anyone know?? The secondary DNS server appears to have expired....

Your primary DNS server seem to be blocked for me or not working at this moment:

> server 212.87.64.7

DNS request timed out.

timeout was 2 seconds.

Default Server: [212.87.64.7]

Address: 212.87.64.7

Your edit2 seems to be a problem with that server.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...