I have just had confirmation that Crazy Domains are changing Name Servers and suspending account now. Regards David Sent from my iPhone
On 19/10/2015, at 12:55 PM, Nathan Ward
wrote: Hi,
Yeah I managed to get through to Crazy Domains support which surprised me, and they have flagged it to their operations folks as well. It looks like they have yet to take action, over an hour later - the whois still shows the CloudFlare NSes.
Unfortunately, even when this is pulled, this will stay in the DNS for up to 24 hours if it’s already in your cache. Once it’s removed (perhaps someone can notify here, I’ll do that if I get told that it’s happened before I see info here) I encourage people to flush their recursive DNS caches if possible, and add dummy zones for these things if not.
You want to configure your servers to return bad data. Returning REFUSED won’t work in all cases, because hosts fail over to other DNS servers that are configured - I tested this by configuring my server, and 8.8.8.8 as DNS servers on my local machine. Then again, you might find that the number of people who have additional name servers configured that are not on your network is pretty small.
Perhaps 127.0.0.1 isn’t best, I’m not sure. Anyway, config for those who want it:
Unbound (tested on 1.5.1): local-zone: “orderkfc.co.nz.” static local-data: “www.orderkfc.co.nz. 300 IN A 127.0.0.1” local-data: “orderkfc.co.nz. 300 IN A 127.0.0.1”
Bind (tested on 9.8.something): named.conf: zone “orderkfc.co.nz." IN { type master; file “block”; };
Bind zone file ‘block’: @ IN SOA ns1 hostmaster ( 1 7200 120 86400 360 ) IN NS ns1 IN A 127.0.0.1 www IN A 127.0.0.1
-- Nathan Ward
On 19/10/2015, at 23:43, David Morrison
wrote: Hi Nathan,
We (NZRS) have reached out to contacts at Crazy Domains and pointed them to this list and the raised issue.
Kind regards
David
David Morrison Chief Marketing Officer NZRS Ltd
P +64 49316973 M +64 274366182 F +64 49316979 E david(a)nzrs.net.nz W www.nzrs.net.nz S david.morrisonnz T @dotnz
PGP 7A38 2F84 C7DF 8FF2 34F8 B4F2 BC54 10AE 2501 6600
On 19/10/2015, at 11:18 pm, Nathan Ward
wrote: Hi all
This is back again, this time under “orderkfc.co.nz”.
Same deal as last time.. though, anyone know anyone with Crazy Domains? In my experience they’ve been even harder to reach than registrars normally are.
-- Nathan Ward
On 18/10/2015, at 19:01, Nathan Ward
wrote: All,
You might’ve seen ‘kfcdelivery.co.nz’ pop up on social media today. It’s a scam.
If you have the ability to block this website so your users cannot reach it, please do so. If you have stuck your CC details in there, cancel your card.
It is hosted through CloudFlare, don’t block the IPs, but perhaps you can filter on your DNS or something.
I have reached out to the registrar for the domain to get it blocked (discount domains). If anyone has a contact there other than support@ to get it pulled ASAP, please use it - I don’t know anyone there.
The logic of the site is roughly: <snip> # Validate input and set error if validation fails
if(error){ "You must fill in the red fields" }else{ "Our servers are down due to heavy traffic, please try again later" }
# send data to servers anyway </snip>
-- Nathan Ward
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog