IT.COM

discuss Have your NameServers ever been changed by your registrar without knowing about it? And is this a security concern?

NameSilo
Watch

LoveCatchyDomains

Daring to LiveTop Member
Impact
3,024
Given the recent news about a high rate of spam with certain registrars, security is all the more a concern for our domains.
On one registrar I use, there were issues with some of my domains resolving to an ad-parking service. It appears that the nameservers had been changed for the Ns1. The Ns2 nameservers were correct, but the Ns1 had been modified. And, even when I tried changing the NS back to the correct one, it later reverted back to the modified version.
Has anyone had this experience? As it turns out, that particular registrar had one of the highest spam ratings on a recent report, so one wonders if the unsolicited nameserver changes reflect part of the problem.
Also, are the registrars still required to contact the registrant if the nameservers are changed by someone other than that individual?
 
1
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
The only time my nameservers were changed without my consent, is if the domain expires.

Outside that, it is not normal for nameservers to change without requesting it.

Brad
 
5
•••
The only time my nameservers were changed without my consent, is if the domain expires.

Outside that, it is not normal for nameservers to change without requesting it.

Brad
That's what I thought. The domins weren't even near expiration.
 
0
•••
Is there any chance you have created a Nameserver group that applies automatically on the default domain folder (or portfolio)?

I don't believe that is a script. I believe that the wrong NS have been stuck in the backend by the system (probably when you first added the domain to the registrar) whereas you, on the frontend, have no effect no matter the number of attempts you make.

Sorry if I missed it but, did you contact tech support?
 
4
•••
Is there any chance you have created a Nameserver group that applies automatically on the default domain folder (or portfolio)?

I don't believe that is a script. I believe that the wrong NS have been stuck in the backend by the system (probably when you first added the domain to the registrar) whereas you, on the frontend, have no effect no matter the number of attempts you make.

Sorry if I missed it but, did you contact tech support?
Yes, I did contact tech support, but there was no explanation about the changes that had happened. I'll send them more detailed information, to hopefully have this problem clarified.

Checking my settings, there was no Nameserver group applied automatically to the domains. The default registrar Nameservers were in that setting.
Thanks for the tip about the backend issue. I'll address that with tech support. If it keeps reverting back, then perhaps that is the answer.
 
0
•••
Just for the record,
nbodis is registered with sav and resolves to a blank page (at least from where I live).

I checked with viewdns.info to see if there are any other domains on that NS but it didn't show any.
Not sure if that is correct but, if it is, at least it shows that the NS change is probably accidental and there wasn't anything tricky behind it (eg. someone with the intention to steal traffic)
 
2
•••
Just for the record,
nbodis is registered with sav and resolves to a blank page (at least from where I live).

I checked with viewdns.info to see if there are any other domains on that NS but it didn't show any.
Not sure if that is correct but, if it is, at least it shows that the NS change is probably accidental and there wasn't anything tricky behind it (eg. someone with the intention to steal traffic)
You really are a sleuth! Thanks for the insight. The corrections that I made appear now to be staying unchanged, and I've put extra security on, so hopefully any future changes will trigger an alert.
Thanks for your help with this, and I hope others realize that it may be important to monitor and have safeguards for your NameServer settings.
 
3
•••
I checked with viewdns.info to see if there are any other domains on that NS but it didn't show any.

Not sure if that is correct but, if it is, at least it shows that the NS change is probably accidental and there wasn't anything tricky behind it (eg. someone with the intention to steal traffic)
Note that these domains never had anything to do with Sav (were never registered there, never transferred there, etc). Now I wonder whether the domains were being redirected to them first, and for how long that was going on. Bodis and my registrar were notified yesterday of the problem, so there may not have been traffic at the time you checked. Is there any way of checking whether they were in fact receiving and redirecting bodis traffic for a period of time?
 
0
•••
Afaik, only those that own the NS can tell you whether there was traffic or not at a specific time of any day. I really doubt however that they will go to all that trouble. Since the problem is fixed, support has probably moved on to other issues..

Don't spend too much brain matter on issues like that or you'll end up with no brain matter at all :) .
I have spent countless hours checking my domains and finding issues, sometimes even a year later, and I have come to realise that, no matter how hard I try, there will always be issues that are beyond my ability to prevent.
 
2
•••
Yes. I have had this happen at sav.com. they changed my nameservers (non expired domains) without consent/notification.
 
6
•••
Yes. I have had this happen at sav.com. they changed my nameservers (non expired domains) without consent/notification.

That's very disturbing. Did they ever apologize for this mishap? And to where did the domains get directed?
 
1
•••
To my knowledge, it never happened to me, except at expiration or when I had not set them yet for newly registered.
 
1
•••
I have spent countless hours checking my domains and finding issues, sometimes even a year later, and I have come to realise that, no matter how hard I try, there will always be issues that are beyond my ability to prevent.
In retrospect, the issue here may be some technical glitch with the registrar that has now been fixed. After all, if there was an intentional attempt to redirect traffic, one would presumably change both NS, not just NS1.
Thanks for reminding me that to save the cerebral matter for better things. Bodis does have a nameserver tool for monitoring the domains, and it's a simple way to periodically check and make certain all is well.
 
Last edited:
1
•••
That's very disturbing. Did they ever apologize for this mishap? And to where did the domains get directed?

They had an issue with a system update and rolled back to last known settings. Nameservers were pointed to another marketplace if I remember correctly, for a period of at least 2 weeks until I noticed.

They apologized but it's a severe issue if that happens without notifying your customer. Could have been a live site.
 
4
•••
If it is in SAV, could be you listed the domains in SAV marketplace and thicked the box to change the landing page to SAV marketplace. Then when it is not sold in auction, it shown the SAV ads. Just might be..
 
1
•••
They had an issue with a system update and rolled back to last known settings. Nameservers were pointed to another marketplace if I remember correctly, for a period of at least 2 weeks until I noticed.

They apologized but it's a severe issue if that happens without notifying your customer. Could have been a live site.
Glad to hear they apologized and that the problem was fixed.
If it is in SAV, could be you listed the domains in SAV marketplace and thicked the box to change the landing page to SAV marketplace. Then when it is not sold in auction, it shown the SAV ads. Just might be..
Apparently the problem was the system update, as noted above. Apparently, technical issues inadvertently affect the nameservers at a Registrar. The caveat here, I think, is to keep tabs on the NS in one's domain portfolio.
 
1
•••
The only time my nameservers changed without my consent, were if the domain was expired.

Outside that, it is not normal for nameservers to change without your permission.
 
1
•••
The only time my nameservers changed without my consent, were if the domain was expired.

Outside that, it is not normal for nameservers to change without your permission.

Dude, you just copied Brad's earlier post, verbatim. (perhaps changed a word or two).
 
Last edited:
3
•••
Dude, you just copied Brad's earlier post, verbatim. (perhaps changed a word or two).
Because he knows that Brad is right!
 
3
•••
Dude, you just copied Brad's earlier post, verbatim. (perhaps changed a word or two).
Great minds think alike.
 
4
•••
Well, the good news is that I switched all of the nameservers at this point to a different service. After reading about the prevalence of AdBlocking against certain nameservers, it was probably time.
All the Ns propagated in bulk correctly, as far as I can tell. Again, my inclination is to believe that the previous incident was a technical or pehaps even accidental matter.
Now all of the domains also resolve to the appropriate parked-page lander. Given the standing adBlocking issues with Sedo and Bodis, my choice was to move them elsewhere anyhow, until those matters are less of a concern.
 
0
•••
Is your computer poisoned,
Looks like DNS hijacking
 
0
•••
Is your computer poisoned,
Looks like DNS hijacking
Not sure. The problem appears to have resolved at this point. Definitely working on beefing up security as well.
 
0
•••
Back