[conspire] Once again: How to diagnose 'host [foo] can't be reached'
Rick Moen
rick at linuxmafia.com
Sun Dec 20 17:43:10 PST 2015
----- Forwarded message from Rick Moen <rick at linuxmafia.com> -----
Date: Sun, 20 Dec 2015 17:27:48 -0800
From: Rick Moen <rick at linuxmafia.com>
To: hangout at nylxs.com
Subject: Re: [Hangout-NYLXS] [hangout] Re: [fairuse-discuss] [nyc-geeks]
Fwd: Interview with a congressman (fwd)
Organization: If you lived here, you'd be $HOME already.
On Sun, 5 May 2002, Jonathan Bober wrote:
> What is nyc-geeks?
>
> Google immediately gives www.nyc-geeks.org, but the "host could not
> be found." Is this a temporary thing or is there another URL?
It's depressing that nobody seems to know how to use whois and dig
(or even whois and nslookup) as basic tools to investigate fundamental
reasons _why_ hosts cannot be reached. More on that in a minute:
Quoting Ruben Safir (ruben at mrbrklyn.com):
> On 05/05/2002 02:14 AM, Alan Wiess wrote:
> >
> > They are Geeks in NYC
> > Duh..
>
> no more linuxfreemail.com
Well, the domain expired. Both domains did. The owners failed to
renew.
{sigh}
Let's go through this again.
Point 1: Start with WHOIS data.
First stop in investigating these matters is to use /usr/bin/whois or
(a similar tool) /usr/bin/jwhois, to check the domain record. Note that
some domains (such as .au) return uselessly limited information over the
public WHOIS channel, reportedly to protect the privacy of domain
owners. (WHOIS is an IANA-defined public information service offered
over 43/tcp, as specified in RFC 3912.) Some other TLDs (top-level
domains) don't have public WHOIS service at all. Yet other TLDs offer
only whois data via NOC Web sites, so they can shovel advertising at
querents. /usr/bin/jwhois can usually query those via its ability to
operate over HTTP.
Anyway, selected WHOIS data for the two domains:
1 of 2:
$ whois nyc-geeks.org
[...]
WHOIS Server:
Referral URL: http://www.bluerazor.com
Updated Date: 2015-08-12T11:07:29Z
Creation Date: 2006-08-11T18:51:31Z
Registry Expiry Date: 2016-08-11T18:51:31Z
Sponsoring Registrar: Blue Razor Domains, LLC
Sponsoring Registrar IANA ID: 612
As the WHOIS service has evolved through Internet bureaucratic changes
and politics (DARPA, DARPA NIC, InterNIC, ICANN, IETF), some queries are
treated centrally by a WHOIS server that knows all about the namespace
-- the 'thick' server model, while others use a method of referring/delegating
queries for fractions of the namespace -- the 'thin' server model used
by, e.g., .org . In this case, the top-level WHOIS server for .org
delegated my query to a WHOIS server run by domain registrar Blue Razor
Domains.
Point 2: The date information in WHOIS can be misleading, and must be
interpreted skeptically.
The three 'Date' lines are where things become misleading, and this is
where many observers fool themselves. As the domain registrar business
has evolved, registrars have taken steps to _monetise expiring domains_,
and one of the ways, for some years, is to tack an artificial one-year
extension onto the advertised expiration date, while (in many cases)
operating behind the scenes to sell it to the highest bidder rather than
letting normal expiration occur.
Point 3: The main reason WHOIS data can mislead is that it's not
historical.
The reason this is so confusing to people is that WHOIS historical data
aren't offered, only current data -- so you cannot easily see what it
-used- to say. This is a point I'll return to, further on.
The 'Updated Date' of August 12th is when the domain record was last
substantively changed. I'm betting that the change was to deprive the
erstwhile owner, on the day of expiration, of functional control, while
tacking on the artificial additional year of runtime to the domain term
so that Blue Razor Domain could be the de-facto owner while trying to
monetise it. Hold that thought:
Point 4: Pay close attention to domain status flags.
Domain Status: clientDeleteProhibited https://www.icann.org/epp#clientDeleteProhibited
Domain Status: clientRenewProhibited https://www.icann.org/epp#clientRenewProhibited
Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://www.icann.org/epp#clientUpdateProhibited
Each of these four ICANN-defined domain status flags is explained at the
indicated URL. The first two are strong indicators that the registrar
has seized control.
clientDeleteProhibited: This status code tells your domain's registry
to reject requests to delete the domain. This status indicates that it
is not possible to delete the domain name registration, which can
prevent unauthorized deletions resulting from hijacking and/or fraud. If
you do want to delete your domain, you must first contact your registrar
and request that they remove this status code.
clientRenewProhibited: This status code tells your domain's registry to
reject requests to renew your domain. It is an uncommon status that is
usually enacted during legal disputes or when your domain is subject to
deletion. Often, this status indicates an issue with your domain that
needs resolution. If so, you should contact your registrar to resolve
the issue. If your domain does not have any issues, and you simply want
to renew it, you must first contact your registrar and request that they
remove this status code.
The latter two are normal for in-use domains, and are safeguards to
prevent hijacking of a domain by one registrar to steal a customer from
an incumbent registrar (called 'domain slamming').
Point 5: Avoid the bonehead error of creating a domain contact SPoF.
Registrant ID: CR32304654
Registrant Name: Jared Klett
Registrant Organization: Pokkari, Inc.
Registrant Street: 117 West 25th St.
Registrant Street: Floor 2
Registrant City: New York
Registrant State/Province: New York
Registrant Postal Code: 10001
Registrant Country: US
Registrant Phone: +1.8776047388
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: pokkari at gmail.com
This is the erstwhile domain owner ('Registrant'). 'Registrant' is one
of the four contact roles associated with a domain. The other three are
Administrative Contact, Technical Contact, and Billing Contact. For
some reason, Billing Contact appears (these days) to be never shown in
the publicly advertised WHOIS data for domains, only the other three.
Admin ID: CR32304656
Admin Name: Jared Klett
Admin Organization: Pokkari, Inc.
[...]
Tech ID: CR32304655
Tech Name: Jared Klett
Tech Organization: Pokkari, Inc.
[...]
For brevity's sake, I've cut short the Administrative Contact and
Technical Contact blocks, but Mr. Klett listed himself identically for
all three of the publicly published roles: Same name, same street
address, same e-mail address, same telephone number.
That is a bonehead error. Never do that. Listing identical contact
information for all three publicly advertised roles is a classic SPoF
(single point of failure) error. You thereby ensure that if _one_
e-mail address fails to receive renewal notices, or 'Dude, there's a
problem with your domain' mails, etc., nobody can be told vital
information. People lose their domains this way, all the time.
Do _not_ use the same e-mail address or the same contact telephone
number for all of a domain's contacts. If necessary, find a
domain-owning friend to be your secondary contact, and you can be his or
hers.
Name Server: NS07.DOMAINCONTROL.COM
Name Server: NS08.DOMAINCONTROL.COM
'domaincontrol.com' is where GoDaddy does outsourced DNS for customers
and resellers.
So, there you have it. I'm 99% sure that either intentionally or
accidentally, erstwhile owner Jared Klett let the domain expire, and
2015-08-11 was the real expiration date, not the 2016-08-11 now being
shown to the public. Now, domain registrar Blue Razor Domains is
playing games with the domain, trying to find a buyer.
The normal expiration process takes 75 days[1], so nyc-geeks.org
_should_ have dropped into the public pool on 2015-10-25. It did not,
because Blue Razor Domains has swooped in and trying to either hold the
domain for itself or auction it off.
2 of 2:
$ whois linuxfreemail.com
Domain Name: LINUXFREEMAIL.COM
Registry Domain ID: 106542227_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.uniregistrar.net
Registrar URL: http://uniregistry.com
Once again, the 'thin' model, delegating the query to a WHOIS server
operated by domain registrar Uniregistrar Corp.
Updated Date: 2015-11-10-T05:32:27Z
Creation Date: 2003-11-12-T19:17:47Z
Registrar Registration Expiration Date: 2016-11-12-T19:17:47Z
As I've suggested, one needs to be wary about interpreting the date
records, as they are often caused to be misleading by registrars wishing
to monetise expiring domains. Even before looking at the other lines, I
can confidently predict that this is another case of an artificial
one-year claimed extension of an actually-expired domain. In this
case, it'll end up being 2015-11-10 expiration.
Registry Registrant ID: UNIREG1SUUSSH85
Registrant Name: PRIVACYDOTLINK CUSTOMER 772073
Registrant Organization:
Registrant Street: PO BOX 30485
Registrant City: SEVEN MILE BEACH
Registrant State/Province: GRAND CAYMAN
Registrant Postal Code: KY1-1202
Registrant Country: KY
Registrant Phone: +1.3457495465
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: 772073 at PRIVACY-LINK.COM
Registry Admin ID: UNIREG1SUUSSH85
(The entries for Administrative Contact and Technical Contact show the
same data.)
This is _either_ another case of the registrar being tricky about
published data on an expired domain, _or_ reflects the erstwhile owner
having used 'privacy proxy' services. Either way, we are not being
permitted to see the erstwhile domain owner's name, address, e-mail
address, or telephone number.
Many registrar companies offer customers a 'privacy proxy' option for
their domains, whereby the three publicly advertised contacts are
obscured, showing registrar-specific contact data again. The registrar
promises to pass along non-spam inquiries, or something like that. If
you use privacy proxy services, you are putting a lot of trust in your
registrar. I definitely would _not_ take that bet.
Some registrars, when a domain expires, change the three contacts to
proxy data, hiding who the erstwhile owner is/was. Whether so intended
or not, this makes it quite difficult to notify the erstwhile owner that
he/she has only a limited time (~2 months) to revived the domain or will
lose it.
So, we don't know who is going to lose linuxfreemail.com around January
24, 2016. Whoever it is, he/she _might_ be permitted to revive the
domain by paying renewal + extra fees to Uniregistrar Corp.
Domain Status: clientDeleteProhibited
Domain Status: clientRenewProhibited
Domain Status: clientTransferProhibited
Once again, the 'clientTransferProhibited' flag is normal customer
protection, but the other two are strong indicators that the registrar
has seized control and won't permit the erstwhile owner to assert
administrative functions.
Name Server: buy.internettraffic.com
Name Server: sell.internettraffic.com
These are nameservers used by Uniregistrar Corp. for 'parked domains',
as you can verify by looking at http://linuxfreemail.com/ .
I hope this small tutorial helps people investigate '[x] host can't be
reached' problems a bit more intelligently.
[1] Some registrars implement a 'grace period' of 30 days after
expiration during which the erstwhile owner can revive the domain for
only a regular renewal fee, then 40 days of 'redemption period' in which
it costs markedly more. In all cases, the expiration process is
supposed to end around day 75 after a 'locked' of 5 days where the
registrar is preparing to drop it into the public pool, no longer
registered. The details of this process differ amount registrars,
however. See 'Domain Expiration' on
http://linuxmafia.com/kb/Network_Other/ for more.
----- End forwarded message -----
More information about the conspire
mailing list