Unauthorized Name Server Use

Currently there is no system in place to prevent unauthorized use of your name servers.  In other words anyone can put “dns.help.org” as a DNS server for their domain.

This situation can lead to large amounts of traffic to a DNS server.  The traffic appears like a “dictionary attack” looking for different host names and much of the traffic came from Google’s network from domain 1e100.net .  Google would not respond to inquiries as to why all this traffic was coming from them.  The traffic was about 75% of the total DNS traffic.

The came the problems of getting the unwanted entries removed.  The entries were from many years ago and are associated with domains not under my control.  They are scattered throughout different domain TLD’s such as .com, .org, .info,etc.  The proper complaint process in a situation like this is to follow the various contractual relationships.  The registrant to contact their registrar who, in turn, contact the various registries such as .org, ,com, ,info, etc.  Since this is a coordination issue between different TLD’s the ICANN should have a policy in place to deal with it.

In practice nobody knows what to do and everybody wants someone else to handle it.  In some cases the entries were deleted within a day or two.  In the case of GoDaddy/Wild West Domains they have had the issue for 17 days finally “fixed” the problem.  However, instead of just changing the nameservers they replaced it with “Name Server: NS1.SUSPENDED-FOR.SPAM-AND-ABUSE.COM.”   It is amazing how it takes them 17 days to do something stupid such as incorrectly accusing their own customer of Spamming AND Abuse when that is not the case.

At first ICANN stated they would ensure GoDaddy/Wild West Domains complied with the request.  But once that didn’t happen ICANN staff refused to help and just sent me to the general registrar complaint box at Internic.net.  So far ICANN won’t provide any type of policy for registrars to follow in these situations so nobody knows what to do even though this security flaws has existed for many years.  At least 50 e-mails have been sent to various parties to try to get these entries removed.  Eventually Godaddy updated the records.

The worst response is the Afilias registry who refuses to do anything.  Their chief technology officer, Ram Mohan, has so many complaints his voice mail is full.  Afilias is even refusing to give me a list of domains using my nameserver even though they claim they have the list.  Most of time they won’t respond but I can see they get the messages because they visit this web page for updates.  They claim Melbourne IT registered the unauthorized nameserver with them.  of course they won’t answer any inquiries.

The ICANN Registrar Accrediation Agreement (RAA) section 3.2.2 requires the registrar to notify the registry of changes within 5 business days (ICANN staff has tried to claim this only fits under the innacurate whois section 3.7.7 whcih does not require the registrars, or ICANN, to do anything.  As usual, ICANN is searching for reasons not to do anything rather than correct the problem).

With unauthorized nameservers domains could be mistakenly be attributed to an innocent party.  For instance, criminals could use a domain for illegal activity and then point the domain to innocent parties to throw law enforcement off the track.  An unscrupulous trademark owner could register well known trademarks using whois privacy and use your nameservers then claim you are involved in pattern of such conduct.