[sf-lug] sf-lug.{org,com} & Network Solutions / Web.com

Fri Jul 10 00:44:47 PDT 2015

Quoting Asheesh Laroia (asheesh at sandstorm.io):

> I called Network Solutions, waited on hold for half an hour, on and off,
> and then got both domains into good shape without paying anyone anything. I
> think the customer service people who helped me out went above and beyond
> what they would normally do, so I'm hesitant to say a lot more in writing,
> but basically some people are surprisingly helpful. I can talk more in
> person.

Fabulous, and my thanks to you and to Network Solutions Customer
Service.

I did a quick check on the contents of the zonefiles, verifying that all
nameservers respond, that they give the same answers, that there are no
stealth or lame nameservers, that all nameservers accept TCP (and not
just UDP) queries, that the NS list in the served zone matches the NS list
in the parent zone, that all nameservers are (now) authoritative, that
none of the nameservers accept recursive queries from the public (which
is bad security practice), and that the SOA values are reasonable.

For sf-lug.com, the SOA RETRY and REFRESH values are both 3600, which is
wrong.  RETRY needs to be less than or equal to half the REFRESH.`

For sf-lug.org, the SOA EXPIRE value is 604800.  RFC1912 suggests a
value between 1209600 to 2419200.

Those are minor problems at worst (though they should be fixed).
And....

> So anyway, if you check the WHOIS, all should be well.

...Small problems also exist in the whois records (which can be fixed
via the customer login for the domain at NetSol):

sf-lug.com
----------

Registrant Email: no.valid.email at worldnic.com
Admin Email: sflug.org at gmail.com
Tech Email: sflug.org at gmail.com
Billing Email: (not shown)

1.  It's risky to use non-deliverable e-mail addresses for any of the
domain contact.  Reason:  Might not receive crucial mails.

2.  I recommend having the four contacts allocated to at least two
individuals preferably using different e-mail paths / providers.
Reason:  prevent single point of failure.

3.  I recommend avoiding 'role' e-mail addresses or names that aren't
visibly each that of a specific individual.  Reason:  transparency and
accountability.

Registrant Phone: +1.5108830772
Admin Phone: +1.5108830772
Tech Phone: +1.5108830772
Billing Phone: (not shown)

4.  It's better if the displayed domain contacts include at least two 
distinct, real, telephone numbers.  Reason:  prevent single point of
failure.

sf-lug.org
----------

Registrant Email:no.valid.email at worldnic.com
Admin Email:sflug.org at gmail.com
Tech Email:sflug.org at gmail.com
Billing Email: (not shown)

Registrant Phone: +1.5108830772
Admin Phone: +1.5108830772
Tech Phone: +1.5108830772
Billing Phone: (not shown)

Same comments as for sf-lug.com.