0

Handshake / Namebase (web3) domains routed to Godaddy aftermarket sales

I own two Namebase tlds: rloc and ysec
Both do not work with web3 enabled on NextDNS. The interesting part is that while they do not resolve at all with a google DNS (8.8.8.8) they resolve to godaddy/afternic with NextDNS enabled.

Not resolved with google DNS:

dig vpn.rloc @8.8.8.8

; <<>> DiG 9.10.6 <<>> vpn.rloc @8.8.8.8
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;vpn.rloc.                      IN      A

;; AUTHORITY SECTION:
.                       86334   IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2024040200 1800 900 604800 86400

;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Apr 02 09:44:05 EDT 2024

With NextDNS pointing to godaddt/afternic:

dig vpn.rloc @45.90.28.83

; <<>> DiG 9.10.6 <<>> vpn.rloc @45.90.28.83
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;vpn.rloc.                      IN      A

;; ANSWER SECTION:
vpn.rloc.               3600    IN      A       13.248.169.48
vpn.rloc.               3600    IN      A       76.223.54.146

;; SERVER: 45.90.28.83#53(45.90.28.83)
;; WHEN: Tue Apr 02 09:41:49 EDT 2024

curl http://vpn.rloc/lander -v
*   Trying 76.223.54.146:80...
* Connected to vpn.rloc (76.223.54.146) port 80
> GET /lander HTTP/1.1
> Host: vpn.rloc
>
< HTTP/1.1 307 Temporary Redirect
< Location: https://www.afternic.com/forsale/vpn.rloc?utm_source=TDFS_DASLNC&utm_medium=parkedpages&utm_campaign=x_corp_tdfs-daslnc_base&traffic_type=TDFS_DASLNC&traffic_id=daslnc&
<
<a href="https://www.afternic.com/forsale/vpn.rloc?utm_source=TDFS_DASLNC&amp;utm_medium=parkedpages&amp;utm_campaign=x_corp_tdfs-daslnc_base&amp;traffic_type=TDFS_DASLNC&amp;traffic_id=daslnc&amp;">Temporary Redirect</a>.

What I would expect:

dig vpn.rloc @44.231.6.183

; <<>> DiG 9.10.6 <<>> vpn.rloc @44.231.6.183
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;vpn.rloc.                      IN      A

;; ANSWER SECTION:
vpn.rloc.               300     IN      CNAME   app.dummy.net.

;; SERVER: 44.231.6.183#53(44.231.6.183)
;; WHEN: Tue Apr 02 10:00:46 EDT 2024

How does this kidnapping of DNS records happen? 

2 replies

null
    • R_P_M
    • 3 wk ago
    • Reported - view

    It’s the web3 service that NextDNS uses that’s replying to it. There was a post about this very thing awhile ago. Not sure how to search for it though, it might appear under web3 but it’s not guaranteed to show up. 

      • germafab
      • 3 wk ago
      • Reported - view

      I think you are referring to: https://help.nextdns.io/t/h7y3wqk which describes the issue when "block parked domains" is active. In my case that is not the case. I am wondering if the NextDns resolver just falls back to godaddy for records it doesn't find. (I really hope that this is not the case.)

Content aside

  • 3 wk agoLast active
  • 2Replies
  • 36Views
  • 2 Following