dns hijacked?

[kilobit]

My domain 42L.com quit working yesterday and I can not figure out what the problem is. Everything else on the server seems fine but when I do a dns lookup on 42l.com I get a dns loop with all kind of weird IP addresses that ate not mine.
The registrar has both of my direct admin name servers correctly and the dns on the server looks correct, my direct admin server is data-donkey.com
Anyone know what might be the problem?

 

[zEitEr]

Hello,

Check with this http://intodns.com/42l.com
Take care of those lines which are marked in red.

I guess your named configuration is messed a little bit:

C:\>nslookup 42l.com ns2.mobilisim.net
(root)  nameserver = l.root-servers.net
(root)  nameserver = m.root-servers.net
(root)  nameserver = a.root-servers.net
(root)  nameserver = b.root-servers.net
(root)  nameserver = c.root-servers.net
(root)  nameserver = d.root-servers.net
(root)  nameserver = e.root-servers.net
(root)  nameserver = f.root-servers.net
(root)  nameserver = g.root-servers.net
(root)  nameserver = h.root-servers.net
(root)  nameserver = i.root-servers.net
(root)  nameserver = j.root-servers.net
(root)  nameserver = k.root-servers.net
a.root-servers.net      internet address = 198.41.0.4
a.root-servers.net      AAAA IPv6 address = 2001:503:ba3e::2:30
b.root-servers.net      internet address = 192.228.79.201
c.root-servers.net      internet address = 192.33.4.12
d.root-servers.net      internet address = 128.8.10.90
d.root-servers.net      AAAA IPv6 address = 2001:500:2d::d
e.root-servers.net      internet address = 192.203.230.10
f.root-servers.net      internet address = 192.5.5.241
f.root-servers.net      AAAA IPv6 address = 2001:500:2f::f
g.root-servers.net      internet address = 192.112.36.4
h.root-servers.net      internet address = 128.63.2.53
h.root-servers.net      AAAA IPv6 address = 2001:500:1::803f:235
i.root-servers.net      internet address = 192.36.148.17
╤хЁ********хЁ:  UnKnown
Address:  213.128.73.50

╚ь*:     42l.com
Served by:
- e.gtld-servers.net

          com
- f.gtld-servers.net

          com
- g.gtld-servers.net

          com
- h.gtld-servers.net

          com
- i.gtld-servers.net

          com
- j.gtld-servers.net

          com
- k.gtld-servers.net

          com
- l.gtld-servers.net

          com
- m.gtld-servers.net

          com
- a.gtld-servers.net

          com

 

[kilobit]

I refreshed the dns entries but no go. Any idea on how to fix this? Or how out happened to begin with.

 

[kilobit]

My named conf and 42l.com.db are fine. Wonder if its possible if my domain was double registered? Im emailing registrar I think thats the problem.

 

[zEitEr]

Are these NS

ns1.mobilisim.net. ['213.128.72.146']
ns2.mobilisim.net. ['213.128.73.50']

those ones with which you delegate domain? Are the IPs correct?

If both answers are YES, then you should really re-check DNS server.

 

[kilobit]

My domain name was hijacked and transferred to another registrar. I use active-domain.com and they said i need to contact my new registrar. I created a ticket on their site but havent heard anytyhing. How can this be possible and is there anything else I can do to get it back?

 

[zEitEr]

I have no idea about that. Maybe somebody else can answer your questions here.

 

[nobaloney]

Some information here(websitesolution.com). Plenty of others. Try Googling retrieve stolen .com domain name (the word hijacking often refers to something else and won't get as many relevant hits).

Jeff

 

[kilobit]

yes apparently it was stolen and i they are investigating it. I am so pissed that this could happen. My whois info was right but someone brute forced my password on my registrar and changed the whois to their email then initiated the transfer. Such bs this is all my crap is broken and all my emails are being routed to some server in turkey. This just makes me want to kick someones ass.

 

[Kiekeboe100]

yes apparently it was stolen and i they are investigating it. I am so pissed that this could happen. My whois info was right but someone brute forced my password on my registrar and changed the whois to their email then initiated the transfer. Such bs this is all my crap is broken and all my emails are being routed to some server in turkey. This just makes me want to kick someones ass.

Really, if that's what happened (brute force your password), then you should really think about a better password, that isn't that easily found. Or find a new registrar that doesn't let 1000's of password tries without notifying you. Also, don't use the same e-mail address for your whois info and your registrar login. And if you use a username, get one that's not related to your domain, business name, ...

Oh, I don't think your mails are being routed to them. No MX or A records are configured for the domain, so mail would just be sent back to the sender.

Nevertheless, good luck in retrieving it back ...