Get your catchy domain at it.com

discuss Have your NameServers ever been changed by your registrar without knowing about it? And is this a security concern?

NameSilo

LoveCatchyDomains

Top Contributor
Impact
1,232
Given the recent news about a high rate of spam with certain registrars, security is all the more a concern for our domains.
On one registrar I use, there were issues with some of my domains resolving to an ad-parking service. It appears that the nameservers had been changed for the Ns1. The Ns2 nameservers were correct, but the Ns1 had been modified. And, even when I tried changing the NS back to the correct one, it later reverted back to the modified version.
Has anyone had this experience? As it turns out, that particular registrar had one of the highest spam ratings on a recent report, so one wonders if the unsolicited nameserver changes reflect part of the problem.
Also, are the registrars still required to contact the registrant if the nameservers are changed by someone other than that individual?
 
1 0
•••
The views expressed on this page by users and staff are their own, not those of NamePros.

bmugford

www.DataCube.comTop Contributor
Impact
42,447
The only time my nameservers were changed without my consent, is if the domain expires.

Outside that, it is not normal for nameservers to change without requesting it.

Brad
 

LoveCatchyDomains

Top Contributor
Impact
1,232
Tags
nameserver security Watch tag ad parking nameservers Watch tag registrar name servers Watch tag
The only time my nameservers were changed without my consent, is if the domain expires.

Outside that, it is not normal for nameservers to change without requesting it.

Brad
That's what I thought. The domins weren't even near expiration.
 

Hypersot

Top Contributor
Impact
3,026
Is there any chance you have created a Nameserver group that applies automatically on the default domain folder (or portfolio)?

I don't believe that is a script. I believe that the wrong NS have been stuck in the backend by the system (probably when you first added the domain to the registrar) whereas you, on the frontend, have no effect no matter the number of attempts you make.

Sorry if I missed it but, did you contact tech support?
 

LoveCatchyDomains

Top Contributor
Impact
1,232
Is there any chance you have created a Nameserver group that applies automatically on the default domain folder (or portfolio)?

I don't believe that is a script. I believe that the wrong NS have been stuck in the backend by the system (probably when you first added the domain to the registrar) whereas you, on the frontend, have no effect no matter the number of attempts you make.

Sorry if I missed it but, did you contact tech support?
Yes, I did contact tech support, but there was no explanation about the changes that had happened. I'll send them more detailed information, to hopefully have this problem clarified.

Checking my settings, there was no Nameserver group applied automatically to the domains. The default registrar Nameservers were in that setting.
Thanks for the tip about the backend issue. I'll address that with tech support. If it keeps reverting back, then perhaps that is the answer.
 

Hypersot

Top Contributor
Impact
3,026
Just for the record,
nbodis is registered with sav and resolves to a blank page (at least from where I live).

I checked with viewdns.info to see if there are any other domains on that NS but it didn't show any.
Not sure if that is correct but, if it is, at least it shows that the NS change is probably accidental and there wasn't anything tricky behind it (eg. someone with the intention to steal traffic)
 

LoveCatchyDomains

Top Contributor
Impact
1,232
Tags
bodis Watch tag nbodis Watch tag nameserver security Watch tag adparking Watch tag nameserver changes Watch tag
Just for the record,
nbodis is registered with sav and resolves to a blank page (at least from where I live).

I checked with viewdns.info to see if there are any other domains on that NS but it didn't show any.
Not sure if that is correct but, if it is, at least it shows that the NS change is probably accidental and there wasn't anything tricky behind it (eg. someone with the intention to steal traffic)
You really are a sleuth! Thanks for the insight. The corrections that I made appear now to be staying unchanged, and I've put extra security on, so hopefully any future changes will trigger an alert.
Thanks for your help with this, and I hope others realize that it may be important to monitor and have safeguards for your NameServer settings.
 

LoveCatchyDomains

Top Contributor
Impact
1,232
Tags
bodis Watch tag nbodis Watch tag bodis nameservers Watch tag ad parking nameservers Watch tag
I checked with viewdns.info to see if there are any other domains on that NS but it didn't show any.

Not sure if that is correct but, if it is, at least it shows that the NS change is probably accidental and there wasn't anything tricky behind it (eg. someone with the intention to steal traffic)
Note that these domains never had anything to do with Sav (were never registered there, never transferred there, etc). Now I wonder whether the domains were being redirected to them first, and for how long that was going on. Bodis and my registrar were notified yesterday of the problem, so there may not have been traffic at the time you checked. Is there any way of checking whether they were in fact receiving and redirecting bodis traffic for a period of time?
 

Hypersot

Top Contributor
Impact
3,026
Afaik, only those that own the NS can tell you whether there was traffic or not at a specific time of any day. I really doubt however that they will go to all that trouble. Since the problem is fixed, support has probably moved on to other issues..

Don't spend too much brain matter on issues like that or you'll end up with no brain matter at all :) .
I have spent countless hours checking my domains and finding issues, sometimes even a year later, and I have come to realise that, no matter how hard I try, there will always be issues that are beyond my ability to prevent.
 

branding

bra.nding.euTop Contributor
Impact
8,485
Yes. I have had this happen at sav.com. they changed my nameservers (non expired domains) without consent/notification.
 

LoveCatchyDomains

Top Contributor
Impact
1,232
Yes. I have had this happen at sav.com. they changed my nameservers (non expired domains) without consent/notification.

That's very disturbing. Did they ever apologize for this mishap? And to where did the domains get directed?
 

Bob Hawkes

Top Contributor
NameTalent
Impact
32,349
To my knowledge, it never happened to me, except at expiration or when I had not set them yet for newly registered.
 

LoveCatchyDomains

Top Contributor
Impact
1,232
I have spent countless hours checking my domains and finding issues, sometimes even a year later, and I have come to realise that, no matter how hard I try, there will always be issues that are beyond my ability to prevent.
In retrospect, the issue here may be some technical glitch with the registrar that has now been fixed. After all, if there was an intentional attempt to redirect traffic, one would presumably change both NS, not just NS1.
Thanks for reminding me that to save the cerebral matter for better things. Bodis does have a nameserver tool for monitoring the domains, and it's a simple way to periodically check and make certain all is well.
 
Last edited:

branding

bra.nding.euTop Contributor
Impact
8,485
That's very disturbing. Did they ever apologize for this mishap? And to where did the domains get directed?

They had an issue with a system update and rolled back to last known settings. Nameservers were pointed to another marketplace if I remember correctly, for a period of at least 2 weeks until I noticed.

They apologized but it's a severe issue if that happens without notifying your customer. Could have been a live site.
 

Surya Giri Kurniawan

Top Contributor
Impact
354
If it is in SAV, could be you listed the domains in SAV marketplace and thicked the box to change the landing page to SAV marketplace. Then when it is not sold in auction, it shown the SAV ads. Just might be..
 

LoveCatchyDomains

Top Contributor
Impact
1,232
They had an issue with a system update and rolled back to last known settings. Nameservers were pointed to another marketplace if I remember correctly, for a period of at least 2 weeks until I noticed.

They apologized but it's a severe issue if that happens without notifying your customer. Could have been a live site.
Glad to hear they apologized and that the problem was fixed.
If it is in SAV, could be you listed the domains in SAV marketplace and thicked the box to change the landing page to SAV marketplace. Then when it is not sold in auction, it shown the SAV ads. Just might be..
Apparently the problem was the system update, as noted above. Apparently, technical issues inadvertently affect the nameservers at a Registrar. The caveat here, I think, is to keep tabs on the NS in one's domain portfolio.
 

Daniel Owens

Top Contributor
Impact
1,311
The only time my nameservers changed without my consent, were if the domain was expired.

Outside that, it is not normal for nameservers to change without your permission.
 

forge

h8d dmnrTop Contributor
Impact
8,415
The only time my nameservers changed without my consent, were if the domain was expired.

Outside that, it is not normal for nameservers to change without your permission.

Dude, you just copied Brad's earlier post, verbatim. (perhaps changed a word or two).
 
Last edited:

LoveCatchyDomains

Top Contributor
Impact
1,232
Dude, you just copied Brad's earlier post, verbatim. (perhaps changed a word or two).
Because he knows that Brad is right!
 

Daniel Owens

Top Contributor
Impact
1,311
Dude, you just copied Brad's earlier post, verbatim. (perhaps changed a word or two).
Great minds think alike.
 

LoveCatchyDomains

Top Contributor
Impact
1,232
Well, the good news is that I switched all of the nameservers at this point to a different service. After reading about the prevalence of AdBlocking against certain nameservers, it was probably time.
All the Ns propagated in bulk correctly, as far as I can tell. Again, my inclination is to believe that the previous incident was a technical or pehaps even accidental matter.
Now all of the domains also resolve to the appropriate parked-page lander. Given the standing adBlocking issues with Sedo and Bodis, my choice was to move them elsewhere anyhow, until those matters are less of a concern.
 

Mytz.com

Domain [email protected] PITE.com GOZI.com JALI.com TOPU.comTop Contributor
Impact
1,342
Is your computer poisoned,
Looks like DNS hijacking
 

LoveCatchyDomains

Top Contributor
Impact
1,232
Is your computer poisoned,
Looks like DNS hijacking
Not sure. The problem appears to have resolved at this point. Definitely working on beefing up security as well.