Yeah. Finally, I’m back in charge of my main domain, uu.org. A short lessons learned.
Well, that was a not so nice incident. Left Gütersloh around 16:00 for the annual visit of the Christmas Market of Göttingen (it’s a private tradition for more than a decade now to meet with a good friend there), and when arriving there and trying to access my mail server, there was some odd error. Tried with an 3G connection, same issue, so nothing of my friend’s setup/ISP. Got my gear out, connected (via IP, not DNS) to my VPN service, and from there verified that somehow the DNS servers for uu.org at Network Solutions were changed to point to bluehost.com, an ISP I never heard of before, rendering uu.org, which serves as a service domain for other domains, unusable.
To make a long story short, due to this we were a bit late on the Christmas Market, so it was only one Glühwein this year and no fun for the kids, as everything was closing down around 20:30 already :-(
Well, back at my friend’s place, nothing has changed; Network Solutions still did not accept my ticket (due to technical reasons), so I went to insult them on twitter … Well, I pay twice the amount of money to NSI for uu.org that for any other of my com/net/org domains, and having them not accepting my ticket felt really embarrasing.
In a nutshell, NSI’s twitter account finally, on 2012-12-09, started to respond, and a slow dialogue was started.
On 2012-12-11, fucking three days after the incident, ‘Kevin’ from NSI call me at the mobile number I provided in the ticket, and things finally started moving. Today, five days after the incident, I’m back in control of my domain — and while I’m really glad, I’m pissed it took a fucking five days to get to this point.
How did this happen?
Well, from what I know as of now, I lost my domain 42.to in June this year, since I did not receive any renewal information and may have forgotten about my very first domain. In 2004, I made email@example.com the contact email for uu.org at NSI. In 2012 I lost access to that mailbox.
NSI has the option to recover one’s user ID by sending it to the email stored in the domain record. Knowing the user ID, NSI enables one to reset it’s password via sending an email link to the email address stored in the domain record. So, if you loose access to your mailbox on file with NSI, basically you are screwed. And this is what happened to me.
Nowadays, NSI supports for a ‘secret’ second mail address; that one gets all the important mails as well, but is not listed in the who is record. Unfortunately, NSI sends out this data as ‘To:’ both these email addresses, so in a case like mine where someone else took over one of the emails, they’ll get the information which account to attack next on the red carpet :-( This, of course, limits the value of that second email address. Nonetheless, I’ve pointed both now to something not related to the primary domain, but hopefully under my control for the time being …