VISA domains Problem

updated: Wed Jun 14 12:56 JST 2005

For Japanese

このページは当初連絡のとれなかったVISAに状況を伝えるために作成したものです。事後、手を加え解説としました。オリジナルはここ

5/19 0時頃まで、そしてさらに(客観的にみて)e-ontap.comを取得した人物に悪意があった場合、5/21夕刻までVISA.CO.JPは危険な状態にあったといえます。
NSの一つを管理するe-ontap.comの消滅を5/18深夜に気づき、5/19未明に当方で取得、保護させていただいておりましたが、VISA.CO.JPにとっては無用になったようです。(21 May 19:00)
krとhrのVISAドメインは6/2未明まで問題が残りました。

Logs for VISA

This page was written for DNS operators concerned about VISA domains.

And edited for explain the trouble. (Original is here)

notes: "dnsq ns visa.co.jp a.dns.jp" is used instead of using "dig @a.dns.jp visa.co.jp ns +norec"

history

For a very long time, escdns01.e-ontap.com was a lame server of VISA.CO.JP.
$ dnsq ns visa.co.jp a.dns.jp
authority: visa.co.jp 86400 NS ccdnsi01.singtel-expan.com
authority: visa.co.jp 86400 NS escdns01.e-ontap.com

I sent mails to visa.co.jp on 15 Mar.

May 9

I found escdns01.e-ontap.com answers nxdomain for visa.co.jp.
1/2 clients ought to have missed visa.co.jp. 
$ dnsq ns visa.co.jp escdns01.e-ontap.com
2 visa.co.jp:
75 bytes, 1+0+1+0 records, response, authoritative, nxdomain
query: 2 visa.co.jp
authority: . 2560 SOA ns hostmaster 1115563229 16384 2048 1048576 2560

--- Whois DB on 9 May ----

Registrant:
   Unasi Management Inc. (E-ONTAP-COM-DOM)
   <script>open('http://free-rent-a-car.net');</script>
   .
   Zona 5, Panama 5235
   Panama
   +1.3094067818
   <script>open('http://E-ONTAP.COM');</script>
   +1.3094067818
   info@domaincar.com

   Domain Name: E-ONTAP.COM
   Status: PROTECTED

   Administrative Contact:
      Unasi Management Inc. info@domaincar.com
      .
      Zona 5, Panama 5235
      Panama
      +1.3094067818
      Fax- +1.3094067818

   Technical Contact, Zone Contact:
      Unasi Management Inc. info@domaincar.com
      .
      Zona 5, Panama 5235
      Panama
      +1.3094067818
      Fax- +1.3094067818

   Record last updated on 07-May-2005.
   Record expires on 05-May-2006.
   Record created on 05-May-2005.

   Domain servers in listed order:

   Name Server: NS1.DR-PARKINGSERVICES.COM
   Name Server: NS2.DR-PARKINGSERVICES.COM

May 18 23:40 2005 JST

Then, I found the e-ontap.com expired. 
 $ whois e-ontap.com
 No match for "E-ONTAP.COM"

May 19 00:00 2005 JST

I got this domain unwillingly to keep away from phishing(pharming).
And I started up the DNS servers for e-ontap.
Those servers only answered ...
authority: visa.co.jp 86400 NS ccdnsi01.singtel-expan.com
(This was a message that I'm NOT a authority of visa.co.jp.) 
$ date ; dnsq ns visa.co.jp a.dns.jp
Thu May 19 04:35:38 JST 2005
2 visa.co.jp:
99 bytes, 1+0+2+0 records, response, noerror
query: 2 visa.co.jp
authority: visa.co.jp 86400 NS ccdnsi01.singtel-expan.com
authority: visa.co.jp 86400 NS escdns01.e-ontap.com

May 19 07:29 2005 JST

In the early morning, the NS record on *.dns.jp was changed. 
$ date ; dnsq ns visa.co.jp a.dns.jp
Thu May 19 07:29:35 JST 2005
2 visa.co.jp:
103 bytes, 1+0+2+0 records, response, noerror
query: 2 visa.co.jp
authority: visa.co.jp 86400 NS pricus.starhub.net.sg
authority: visa.co.jp 86400 NS ccdnsi01.singtel-expan.com

--------------

But!, ccdnsi01.singtel-expan.com also still answered escdns01.e-ontap.com.

$ date; dnsq ns visa.co.jp ccdnsi01.singtel-expan.com
Fri May 20 05:59:46 JST 2005
2 visa.co.jp:
115 bytes, 1+2+0+1 records, response, authoritative, noerror
query: 2 visa.co.jp
answer: visa.co.jp 3600 NS escdns01.e-ontap.com
answer: visa.co.jp 3600 NS ccdnsi01.singtel-expan.com
additional: ccdnsi01.singtel-expan.com 28800 A 203.208.224.91
--------------

pricus.starhub.net.sg was a cache server ! it still answered e-ontap.

$ date; dnsq ns visa.co.jp pricus.starhub.net.sg
Thu May 19 08:26:39 JST 2005
2 visa.co.jp:
131 bytes, 1+2+0+2 records, response, weird ra, noerror
query: 2 visa.co.jp
answer: visa.co.jp 2721 NS escdns01.e-ontap.com
answer: visa.co.jp 2721 NS ccdnsi01.singtel-expan.com
additional: escdns01.e-ontap.com 5845 A 202.41.218.229
additional: ccdnsi01.singtel-expan.com 117452 A 203.208.224.91

May 20

No action.
According to the SOA record, escdns01.e-ontap.com was a master nameserver and the data had not been updated from 2004/02/06. 
$ dnsq soa visa.co.jp ccdnsi01.singtel-expan.com
6 visa.co.jp:
163 bytes, 1+1+2+1 records, response, authoritative, noerror
query: 6 visa.co.jp
answer: visa.co.jp 3600 SOA escdns01.e-ontap.com visadnslist.e-ontap.com 2004020601 3600 1800 7200 600
authority: visa.co.jp 3600 NS escdns01.e-ontap.com
authority: visa.co.jp 3600 NS ccdnsi01.singtel-expan.com
additional: ccdnsi01.singtel-expan.com 28800 A 203.208.224.91

May 21

According to the log (May 20 23:16 2005 JST), singtel-expan.com browsed this page. And they? corrected within the night. 
$ dnsq ns visa.co.jp ccdnsi01.singtel-expan.com
2 visa.co.jp:
119 bytes, 1+2+0+1 records, response, authoritative, noerror
query: 2 visa.co.jp
answer: visa.co.jp 28800 NS pricus.starhub.net.sg
answer: visa.co.jp 28800 NS ccdnsi01.singtel-expan.com
additional: ccdnsi01.singtel-expan.com 28800 A 203.208.224.91

$ dnsq soa visa.co.jp ccdnsi01.singtel-expan.com
6 visa.co.jp:
169 bytes, 1+1+2+1 records, response, authoritative, noerror
query: 6 visa.co.jp
answer: visa.co.jp 28800 SOA ccdnsc01.singtel-expan.com root.ccdnsc01.singtel-expan.com 2005052103 3600 1800 604800 600
authority: visa.co.jp 28800 NS pricus.starhub.net.sg
authority: visa.co.jp 28800 NS ccdnsi01.singtel-expan.com
additional: ccdnsi01.singtel-expan.com 28800 A 203.208.224.91
(Though, pricus.starhub.net.sg was cache.)

Other trouble domains

These domains were same status. But corrected along with visa.co.jp. 
visa.com.au
visa.com.cn
visa.com.tw
visa.com.vn
Though, these domains remained escdns01.e-ontap.com on registry's name servers. 
mymoneyskills.co.kr
mymoneyskills.com.hk

May 27 05:42 2005 JST

mymoneyskills.co.kr was corrected in early morning on 27 May. 
$ date ;dnsq ns mymoneyskills.co.kr a.dns.kr
Fri May 27 05:42:29 JST 2005
2 mymoneyskills.co.kr:
108 bytes, 1+0+2+0 records, response, noerror
query: 2 mymoneyskills.co.kr
authority: mymoneyskills.co.kr 86400 NS ccdnsi01.singtel-expan.com
authority: mymoneyskills.co.kr 86400 NS escdns01.e-ontap.com

Jun 1 - Jun 2 2005 JST

Finally, mymoneyskills.com.hk was corrected in early morning on 2 Jun.
T.Suzuki, a beginner admin at e-ontap.com / since 19 May 2005