As the Department of Commerce Monday prepares to rule on a deal between the
Internet Corp. for Assigned Names and Numbers (ICANN) and VeriSign which
would allow that company to hold onto both its registrar and registry
businesses, reports of a high-profile foul-up related to the company’s
Network Solutions Inc. registrar business have surfaced on the Web.
On Friday, 2600 Magazine, a quarterly hacker magazine, discovered that its
2600.com domain had been hijacked.
“Imagine our surprise when we were told by readers that 2600.com no longer
belongs to 2600.com!” the company said Friday. “That’s the nightmare that we
were greeted with on Friday due to a bizarre foul-up with Network
Solutions.”
NSI has since fixed the problem and the site is now back in 2600’s hands.
The domain had been snapped up by a registrant known as NB Productions when
the 2600.com domain expired. But 2600 was never notified of the impending
expiration. Why? According to 2600, its registration information never found
its way onto NSI’s internal cosmetic database.
The magazine said the whole story began in June 2000, when someone managed
to transfer its domain records to NSI rival register.com using forged
e-mail. 2600 said it acted quickly and had register.com transfer the records
back to NSI, but something went wrong on NSI’s end.
According to WHOIS output from December, NSI was listed as the registrar,
but it also kicked back the error: “Domain not found locally, but Registry
points back to local DB. Local whois DB must be out of date.”
“Initially, NSI told us they had no record of our even being registered with
them, despite the information above,” 2600 said. “From the explanation we
eventually got from the techies at NSI, we had been entered into the
registry database but not into NSI’s internal cosmetic database. This
resulted in our site both existing and not existing at the same time. We
never got any notification when the domain was set to expire since we didn’t
exist in the billing section.”
While 2600 noted that the foul-up occurred on NSI’s end, it also credited
the company with moving quickly to resolve the situation.
“We have to acknowledge that NSI did a great job fixing the problem once it
became clear to the right people what the problem was,” the magazine said.
“We suggest keeping an eye out for this weird condition which could strike
any site, particularly when domains are being transferred to different
registrars. If your site appears to exist and not exist at the same time,
you can be sure trouble is on the horizon.”
Calls to VeriSign were not returned as of this writing.
This is not the first time a mix-up on NSI’s end has affected a domain
holder. Last October, an attacker apparently tricked the company into transferring the domain record for adobe.com —
owned by Adobe Systems Inc. — to Paycenter, an ICANN-accredited registrar
in China. adobe.com’s contact information and the name servers for the
address were modified.
And last June, InternetNews.com’s publisher, internet.com Corp., was one of
a number of companies whose domains were hija
cked in a spoofing attack. The attackers were apparently able to get
through NSI’s security to force a change in the public Internic record for
the company.
