Has Internic officially announced that they are only allowing 10
registrations per customer per day or is this another arbitrary change?
ObNetops: ip route 198.41.0.0 255.255.255.0 null0
Jeremiah
What? You mean they're limiting the number of registrations any one
contact can submit for any one day now? Are they looking at the submitting
email or the POC information? If it's the submitting email, what are
hosting providers going to do? We send in 8-10 a day, all from the same
address. We handle the InterNIC garbage for our clients since, even before
they made their sweeping changes, it was a fairly daunting process for the
uninitiated.
Simple. Set up one of your domains to map admin.*@example.com to
admin.contact@enterzone.net, billing.*@example.com to billing-contact,
etc. and just send the e-mail to register foobar.com FROM the fictitious
admin contact of, say, admin.foobar.com@example.com.
If InterNIC wants to be anal-retentive, let their Contacts database get
full, too.
And sure you can say "that's abuse, and you shouldn't condone it", but if
you think that the speculators aren't going to turn to this very same
procedure, you need to lay off the crack pipe.
We send in up to 100 a day for multiple clients, and it is daunting. For
some reason if you go to their webpage now, it says you can only register
10 per day. If you try to register the 11th from the same IP address, it
rejects you. I'm sure that it will work through email, so we'll just make
our own web forms so that our clerical people can continue to handle the
registration paperwork. I'm starting to agree with the people who have
been complaining about Internic and it's making me cranky.
Jeremiah
Actually, I don't like this "solution" to the problem.
First of all, not only does the InterNIC have to keep track of all the
contact handles but, so do we, the domain owners. Now that we have no way
of listing more than 10 records in whois (Thanks NetSOL... No, really.
Thanks. .!..) if you happen to lose the contact information for a domain,
you're screwed. You won't know who which contact to send any modifications
from.
Well, so much for that argument. They have changed their policy again.
The whois now lists more than 10 records again. (Thanks NetSOL... No,
really. Thanks. .!..)
They have taken the following away from us though:
root@Overkill primary]# whois "server NS17904-HST"
[rs.internic.net]
No match for server "NS17904-HST".
It worked a week ago, now, it doesn't.
The simple fact is that NetSOL is out of control. They seem to have the
notion that they OWN the database. They are stewards of the database, not
the owners. Until the community as a whole expresses their outrage of NSIs
heavy-handed actions towards the community, they are going to continue down
this path.
BTW: Where did ds.internic.net go? How about ftp.internic.net? I'll tell
you...
[root@Overkill primary]# host ftp.internic.net
ftp.internic.net is a nickname for ftp.ds.internic.net
ftp.ds.internic.net is a nickname for shutdown.ds.internic.net
shutdown.ds.internic.net has address 198.49.45.29
[root@Overkill primary]# traceroute ftp.internic.net
traceroute: Warning: Multiple interfaces found; using 209.41.244.2 @ eth0
traceroute to shutdown.ds.internic.net (198.49.45.29), 30 hops max, 40 byte
packets
1 Border-Core0-Fast-eth1.Columbus.EnterZone.Net (209.41.244.1) 4.276 ms
66.212 ms 1.805 ms
2 core1-eth0-ENTERZONE.Columbus.fnsi.net (209.115.127.21) 29.598 ms
12.102 ms 0.998 ms
3 core1-eth0-ENTERZONE.Columbus.fnsi.net (209.115.127.21) 0.995 ms !H *
1.188 ms !H
It's time to drop a clue-bomb on VA.
So now you need to set up a bunch of email aliases, hostmaster001,
hostmaster 002, hostmaster003...
You might also consider a letter on paper sent via snail mail to your
elected senator and congressional rep asking them to get the Dept. of
Commerce to put things right.
Michael Dillon wrote:
You might also consider a letter on paper sent via snail mail to your
elected senator and congressional rep asking them to get the Dept. of
Commerce to put things right.
What about the Million Geek March?
There are enough of us in the DC area to visit the hill.....
And we know enough journalists to get attention....
CC'd to Chuck Gomes, since I don't recall whether he reads this list or not.
To: Derek Balling <dredd@megacity.org>, nanog@merit.edu
From: John Fraizer <John.Fraizer@EnterZone.Net>
Subject: Re: more Internic nightmareActually, I don't like this "solution" to the problem.
First of all, not only does the InterNIC have to keep track of all the
contact handles but, so do we, the domain owners. Now that we have no way
of listing more than 10 records in whois (Thanks NetSOL... No, really.
Thanks. .!..) if you happen to lose the contact information for a domain,
you're screwed. You won't know who which contact to send any modifications
from.Well, so much for that argument. They have changed their policy again.
The whois now lists more than 10 records again. (Thanks NetSOL... No,
really. Thanks. .!..)
The simple fact is that NetSOL is out of control. They seem to have the
notion that they OWN the database.
They always have had that notion. Remember when they asserted that .COM
domains were their assets?
They are stewards of the database, not
the owners. Until the community as a whole expresses their outrage of NSIs
heavy-handed actions towards the community, they are going to continue down
this path.
I'm ready to.
To add fuel to the fire, I continue to get snail mail for the Forum for
Responsible and Ethical E-mail, from companies OTHER than NetSol. Now, I am
well aware that, for example, many mailing lists got the address of a
company I own from corporate filings and the information on my vendor's
license. However, FREE is not yet incorporated, and the only record of any
mailing address is on the domain record for spamfree.org.
I wonder what Chuck has to say about that?
hypotheses:
o the whois and zone data are needed for administrative and operational
purposes
o slime are abusing those data for spamming etc., which denizens of this
list seem to hate almost as much as they hate nsi
o slime are watching zone/whois changes to send immediate spam to new
registrants 'use our wonderful services'
o slime are doing massive domain squatting hoping to then extort high
prices from more legitimate applicants
o ...
if the above were true, and i believe that they are, what would the oh so
brilliant and deeply experienced in large scale production systems readers
of this list do to responsibly yet strongly inhibit such slimeful activity?
think about it seriously. i suspect there are no easy answers.
randy
I love it! We also need T-shirts that say:
Know what you call a Geek in the `90's? I prefer "Sir."
woah!
Where do you get this idea from?
I see that their online form won't let you sign up for more than 10
domains at the same time, but I see no problem with that.
Please don't post "oh, is the internic doing this" in a way that sounds
like you have some reason to think they are without giving that reason. It
leads to rampant speculation on things that probably have nothing to do
with reality.
I'm not saying they aren't doing this, but I am saying that it is silly to
post such a statement without posting a reason to back it up.
There are enough real reasons to vilify NSI.
At least they increased the maximumum number of records returned from 10
to 50 in response to me asking "so, just how can I see the whois record
for usa.net?" but that still, of course, doesn't fix the real problem of
it being impossible to do a whois lookup on a domain name by domain name,
not handle or company name.
Randy Bush wrote:
if the above were true, and i believe that they are, what would the oh so
brilliant and deeply experienced in large scale production systems readers
of this list do to responsibly yet strongly inhibit such slimeful activity
Sarcasm aside, to answer your 4th point, why not require payment (i.e. a
cleared check, or credit card) before registering? No grace period.
And so what if domain squatters want to squat? A) They paid the price,
and B) Netsol's current registration process for their $114.95 deal
encourages this (i.e. to quote their new web site: These Web Addresses
are also available! Register your name in all 3 extensions (.com, .net,
.org) to create a stronger online identity and keep your competitors
from using it. Just click the box next to each web address you want to
Reserve or Register (definitions below).
Points 1-3 have already been discussed before (the solution is
instituting a whois engine that allows the registrant to restrict who
can/can't read their contact data). Feel free to ask me about this if
you skipped the engine discussion.
/rlj
Randy we've been there - done that - the only answer is PREPAY. That
cleans the slate - if you want to speculate it'll cost you... The
abuse all stems from it being *FREE* to abuse the system - if it costs
something - even though you could still do it - it will correct itself -
cuz it will have a financial PENALTY to do so.
Randy we've been there - done that - the only answer is PREPAY.
that's one approach to the cybersquatter issue. like all solutions, it has
it's good and bad points. but i meets my needs, so what the heck.
but this does not address the miner/spammer issues.
randy
Let me correct the record then:
$ whois spamfree.org
Registrant:
The Forum for Responsible & Ethical E-mail (SPAMFREE5-DOM)
PO Box 94117
Cleveland, OH 44101-6117
There. Now there is a record of the mailing list in every archive of the
NANOG mailing list as well.
Actually it would if you also restrict whois to tech contacts. It would
only take a slight modification for the whois client to read and send the
uuid of the account doing the requesting. The whois server could then reply
or deny, based on that information. The fact that one then has to have a
domain in order to use the whois database, plus the pre-pay requirement,
should slow them down a bit.
Yes, this can be circumvented, but it would cost a lot more than the $70
for a domain registration. In addition, the whois server would know exactly
who is mining the data and would be able to track them, even if they spread
it out over months.
Yes, this can be circumvented, but it would cost a lot more than the $70
for a domain registration. In addition, the whois server would know
exactly who is mining the data and would be able to track them, even if
they spread it out over months.
i suspect they know who the slime are already. the patterns must be rather
clear. the problem is legally enforcable prevention or punisment which does
not also impact legitimate use.
e.g. folk railed against the current license-only access to zone files.
but, imiho, it is better than the old-boys policy which preceeded it, which
was better than the previous wide open policy. what is a good solution?
randy
Unless you're planning on enforcing passwords for contacts then I don't
think it'd take all that much to SIMULATE a client, choosing random people
from the whois database, and blaming other people for your whois queries.
An even more intelligent system would use the tech contact for the LAST
result as the requestor for the current one so that there would be no
visible pattern.
The source code for the client is going to be out there, so people will
figure out how it works, reverse engineer a version that uses a forged,
but existing, tech contact, and go on with their day.
D
>
>> Randy we've been there - done that - the only answer is PREPAY.
>
>that's one approach to the cybersquatter issue. like all solutions, it has
>it's good and bad points. but i meets my needs, so what the heck.
>
>but this does not address the miner/spammer issues.Actually it would if you also restrict whois to tech contacts. It would
only take a slight modification for the whois client to read and send the
uuid of the account doing the requesting. The whois server could then reply
or deny, based on that information. The fact that one then has to have a
domain in order to use the whois database, plus the pre-pay requirement,
should slow them down a bit.
This would only work using a local whois client. Web and telnet-based
whois would break due to their anonymity. OTOH, a limited response
might be implemented for those. Or not.... It still sounds like a lot
of work for the implementors who seem to have their hands full already.
-ls-