Whois And Domain Registration And Domain Hijacking

Every top-level domain (i.e., example.com) has a DNS server associated with it. The upper-level specification of the DNS server, which usually belongs to the domain's owner, is maintained by the Domain Name Registrar that initially registered the domain (i.e., the entity where the domain was acquired). The databases storing domain ownership information can be queried with the WHOIS protocol (which is also used for IP addresses).

# whois google.com

[Querying whois.internic.net] [Redirected to whois.markmonitor.com]

Registrant:

Google Inc. (DOM-258879)

Please contact [email protected] 1600 Amphitheatre Parkway Mountain View CA

94043 US

Domain Name: google.com

Registrar Name: Markmonitor.com Registrar Whois: whois.markmonitor.com Registrar Homepage: http://www.markmonitor.com

Administrative Contact : DNS Admin

(NIC-14290820) Google Inc.

1600 Amphitheatre Parkway Mountain View CA

94043

[email protected] +1.6506234000 Fax- +1.6506188571 Technical Contact, Zone Contact : DNS Admin (NIC-1340144) Google Inc. 2400 E. Bayshore Pkwy Mountain View CA

94043 US

[email protected]

+1.6503300100

Fax- +1.6506181499

Created on : 1997-Sep-15.

Record last updated on..: 2006-Sep-07 10:17:02.

Domain servers in listed order:

NS3.GOOGLE.COM NS4.GOOGLE.COM NS1.GOOGLE.COM NS2.GOOGLE.COM

Different registrars have different policies and procedures for renewing and updating information related to a registered domain. Even though major weaknesses have been patched, some registrars still exhibit vulnerabilities that could allow attackers to brute-force their way into modifying anyone's records. Additionally, identity theft via falsified credentials (which can be accepted by fax machines or normal mail by most registrars) sometimes succeeds if the registrars adopt weak credentials checking or lack complete contact information for the real domain owner.

These are all good reasons for periodically checking the status of your domain and enforcing strong authentication mechanisms if the registrar provides you with that option. Also ensure that the registrar has a complete set of valid contact information and that it provides a 24x7 support contact for emergency inquires.

Another way to prevent unauthorized transfer of your domain is to ask your registrar to set the registrar-lock status code (which should be enabled by default). This prevents third-party transfer of your domain, which can be implicitly approved if your registrar doesn't refuse the request in five days. Usually registrars act promptly on such requests, but you never know.

The consequences of a successful DNS hijacking are of utmost importance and could lead to a total compromise of all public systems and a wide exposure of sensitive information. Needless to say, when registering a domain, use a respectable and well-known registrar.

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook


Post a comment