zlacker

[return to "Zoho.com CEO says domain with 40M users suspended for abuse complaint"]
1. foo101+75[view] [source] 2018-09-24 18:32:47
>>achyne+(OP)
Honest question: What exactly does it mean for a registrar to block a domain? I believed so far that for my browser to successfully connect to a web server running on a domain or for a mail server to deliver email to a domain, there should only be valid A, AAAA, MX, and/or CNAME records in the DNS.

Was it really a block at the registrar level or was it a block at the DNS level, i.e., the registrar also ran DNS service and their DNS service refused to return responses for zoho.com domains?

At what layer or at which stage of the protocol can a registrar disrupt this and take a domain offline?

◧◩
2. toast0+ya[view] [source] 2018-09-24 19:07:46
>>foo101+75
I'm not seeing a block at the moment. I did find a whois history page that claims their NS records in January, 2018 are the same as what I'm seeing now:

    ns1.vtitan.com
    pdns90.ultradns.net
    pdns90.ultradns.com
    dns1.p03.nsone.net
    dns2.p03.nsone.net
    nds3.p03.nsone.net
Those don't appear to be connected to the registrar (tierra.net); most likely the NS records were removed or replaced with servers that direct all queries to a parking page for abusive domains. The TLD servers for com. return a 2 day TTL for all glue records, and their SOA record indicates a 1 day negative TTL.

(Of course, some caching resolvers ignore TTLs :( )

[go to top]