A little note to Network Solutions

A few days ago, I posted an entry where I pointed out that two Network Solutions DNS servers were returning incorrect answers for non-authoritative domains. Matt Ho, a representative for Network Solutions posted two comments on that post stating that they weren't hacked, and that they were configured to return incorrect answers. He noted that Sedo, the domain parking company, and GoDaddy also do this, and that t

A few days ago, I posted an entry where I pointed out that two Network Solutions DNS servers were returning incorrect answers for non-authoritative domains. Matt Ho, a representative for Network Solutions posted two comments on that post stating that they weren't hacked, and that they were configured to return incorrect answers. He noted that Sedo, the domain parking company, and GoDaddy also do this, and that these servers are not meant to be resolvers. He was very gracious, and even noted that "We've debated time and time again internally about both whether this type of practice is ethical and appropriate." I humbly suggest that it is neither.

Then, this post appeared on Network Solutions' website, also stating these claims. The author says that I got it wrong:

"We respect InfoWorld and Paul, but it’s important to research and confirm the facts before simply stating an opinion. And in this case throwing the word hacked out there without proper homework seemed a little off kilter and unnecessarily causes false alarms when there is no need for them."

Note that I posted a comment to that page several days ago, but that comment has not appeared on the page as of this writing.

The post I published asked a question in the title: "Network Solutions DNS Servers hacked already?", and was posted a day after the DNS bug "hit". In that post, I stated

"I was just hipped to the fact that two DNS servers apparently operated by Network Solutions aren't returning valid results for some domains, notably www.google.com:"

I then pasted raw nslookup and whois output showing that querying those servers for 'www.google.com' returned incorrect responses, and they were part of Network Solution's network.

If you're going to purposefully violate RFCs and configure your nameservers to knowingly return incorrect information, then you cannot complain when someone points this out. My post contained absolutely correct information -- those nameservers aren't returning valid results. This practice may be used by other companies, but that obviously doesn't make it right. I seem to recall my mother saying something about all my friends jumping off a bridge...

Live by the sword, die by the same.

Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies