I can see a couple of obvious approaches for getting Neulevel's attention
- Their web site lists two Registry Relationship Managers, one with popup contact info
Ivor Sequeira - Senior Manager, European, African, and Middle Eastern Regions
571-434-5776 ivor.sequeira@neulevel.biz
(That appears to be +1-571-434-5776 ...)
- Their whois entry for neulevel.biz lists
+1.5714345757 as their phone number, fax +1.5714345758,
and snailmail address list.
http://www.whois.biz/whois.cgi?TLD=biz&WHOIS_QUERY=neulevel.biz&TYPE=DOMAIN&Search=Submit+Query
- They've got a snailmail address, you've got a lawyer and Fedex,
they've got a Nasty Letter.... Since the requests to use
your DNS server were bogus, you could probably file a John Doe suit
and do discovery on Neulevel, but a Nasty Letter is probably enough.
- They've got an online trademark dispute process.
It's got pointers to ICANN dispute resolution mechanisms,
which are more likely to get their attention than random email.
Their entry point is stopsupport@neulevel.biz
Normally, if somebody registers that
annoying-little-spammer.com has nameserver 1.2.3.4,
you'd be using this to complain that you own the name
annoying-little-spammer.com, but you could try using it
to complain that you own 1.2.3.4, and maybe even contend that
since the registrant falsely listed you as the nameserver for the domain,
that it's theft of service and you ought to be awarded ownership of the name.
- You might also drop a note to ICANN about the lack of a phone number
on their web site and the lack of email responsiveness.
- Personally I like the suggestion that someone had that you
start serving DNS for the fake names, either pointing to 127.0.0.3
or to a CNAME pointing to Annoying-spammers-forged-their-DNS-again.com,
which is some disposable address block on which you run a web site
and stub email server explaining that it's not your fault.
Stewart, William C (Bill), RTSLS writes on 12/11/2003 8:37 PM:
- Personally I like the suggestion that someone had that you
start serving DNS for the fake names, either pointing to 127.0.0.3
or to a CNAME pointing to Annoying-spammers-forged-their-DNS-again.com,
which is some disposable address block on which you run a web site and stub email server explaining that it's not your fault.
That was my idea. And I would not recommend the "or" option about setting a clever sounding DNS record "annoying-spammers-forged-dns".
A lot of skript kiddies are out there with limited to zero email header reading / DNS skills, who still know just enough to download and launch rootkits and DoS attacks.
This is an old and time honored tradition to deal with lusers anyway, kind of like the warez.* "ftp servers" (though one of the more popular of these, warez.slashdot.org, seems to have found itself a non-localhost IP some months back) 
And more to the point, you don't waste your bandwidth dealing with DNS queries and bounced email hitting your customer's server.
srs
Looks sane to me once I resolved the name
Dns resolved neulevel.biz to 209.173.53.163
[IPv4 whois information on 209.173.53.163 ]
[Query Origin: Main Whois Query ]
[whois.arin.net]
OrgName: NeuStar, Inc.
OrgID: NEUS
Address: 45980 Center Oak Plaza
Address: Network Operations Center
City: Sterling
StateProv: VA
PostalCode: 20166
Country: US
NetRange: 209.173.48.0 - 209.173.63.255
CIDR: 209.173.48.0/20
NetName: NEUSTAR-BLK1
NetHandle: NET-209-173-48-0-1
Parent: NET-209-0-0-0-0
NetType: Direct Allocation
NameServer: OAK.NEUSTAR.COM
NameServer: PINE.NEUSTAR.COM
Comment:
RegDate: 2001-03-21
Updated: 2001-09-06
TechHandle: MT635-ARIN
TechName: Thomas, Mark
TechPhone: +1-312-928-4610
TechEmail: mark.thomas@neustar.com
OrgTechHandle: NETWO336-ARIN
OrgTechName: Network Engineering
OrgTechPhone: +1-866-638-6622
OrgTechEmail: wan.engineering@neustar.biz
ARIN WHOIS database, last updated 2003-12-11 19:15
Enter ? for additional hints on searching ARIN’s WHOIS database.
Looks like they set up a wildcard:
[westnet]:~$ host candreva.slashdot.org
candreva.slashdot.org has address 66.35.250.151
candreva.slashdot.org mail is handled (pri=10) by mail.osdn.com