Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.

New Nominet drop catching flaw revealed?

Discussion in 'Drop catching Domain Names' started by davedevelopment, Jul 30, 2020.

  1. davedevelopment

    davedevelopment Well-Known Member

    Joined:
    May 2009
    Posts:
    1,307
    Likes Received:
    86
    • Informative Informative x 3
  2. Domain Forum

    Acorn Domains Elite Member

    Joined:
    1999
    Messages:
    Many
    Likes Received:
    Lots
    IWA Meetup
     
  3. Murray

    Murray Well-Known Member

    Joined:
    Sep 2012
    Posts:
    4,261
    Likes Received:
    432
    Is this what @Hay discovered?
     
  4. foz

    foz Well-Known Member

    Joined:
    Oct 2006
    Posts:
    3,019
    Likes Received:
    36
    Burdensome flaw on the registry. Must get hammered.
     
    • Agree Agree x 1
  5. davedevelopment

    davedevelopment Well-Known Member

    Joined:
    May 2009
    Posts:
    1,307
    Likes Received:
    86
    Just confirmed it myself, my existing IPs (different data centres) all share the same limits, I added a new IP at another data centre and seemed to get a fresh set.

    Server A (existing): #usage,C,60,304,86400,309753
    Server B (existing): #usage,C,60,304,86400,309653
    Server C (new): #usage,C,60,1,86400,1
     
    • Like Like x 3
    • Informative Informative x 2
  6. Fred Steven Cyprus

    Fred Steven Member

    Joined:
    Jan 2020
    Posts:
    34
    Likes Received:
    8
    So would this flaw also allow simultaneous dac sockets from different IP addresses each with its own allowance
     
  7. lazarus

    lazarus Super Moderator Staff Member

    Joined:
    Feb 2013
    Posts:
    1,485
    Likes Received:
    409
    This one must have been around since the start? How lame is that, for a "World Leading" cyber security outfit.
     
    • Agree Agree x 2
  8. foz

    foz Well-Known Member

    Joined:
    Oct 2006
    Posts:
    3,019
    Likes Received:
    36
    Lame indeed. They're going to be in for one hell of shock (heavy demand) moving forward :)
     
  9. super-whois

    super-whois Active Member

    Joined:
    Oct 2008
    Posts:
    347
    Likes Received:
    86
    • Funny Funny x 2
    • Like Like x 1
    • Winner Winner x 1
  10. ukbackorder

    ukbackorder Active Member ukbackorder.com
    Bronze Member

    Joined:
    May 2020
    Posts:
    785
    Likes Received:
    147
    I brought this to their attention on the 25th May, 28th May, 9th June, 17th June, 24th June and on 17th July they confirmed that using it would breach their AUP. So they are aware but as they didn't fix it in 2 maintenances they probably don't care. I'm not getting dragged into a discussion here so just letting you know how they perceive it. Originally it worked by repeatedly disconnecting/reconnecting from the same server. I assumed it had been in use for a long time before I found it and told them. They attempted a 'patch' which stopped that but now allows some (doesn't work on all servers) to get two different quotas on IP4 and IP6 on the same server. I haven't seen it work on more than 2 quotas even over different datacenters - I guess it totals up IP4 and IP6 separately. However there may be even more flaws. But in the past 2 months with initially daily lengthy discussions, about problems and solutions, with nominet they haven't done anything. Why is that... could it be they don't care because they're going to an auction system soon?
     
    • Informative Informative x 4
    • Like Like x 1
    Last edited: Jul 30, 2020
  11. lazarus

    lazarus Super Moderator Staff Member

    Joined:
    Feb 2013
    Posts:
    1,485
    Likes Received:
    409
    Kudos to Greywing! for bringing it to light.
     
    • Agree Agree x 2
    • Like Like x 1
  12. Edwin

    Edwin Well-Known Member

    Joined:
    Apr 2005
    Posts:
    9,851
    Likes Received:
    617
    • Funny Funny x 2
  13. super-whois

    super-whois Active Member

    Joined:
    Oct 2008
    Posts:
    347
    Likes Received:
    86
    Sounds like it might be two load balanced servers, that keep separate usage counts.
     
  14. Hay

    Hay Active Member

    Joined:
    Jul 2019
    Posts:
    384
    Likes Received:
    97
    i reported this to Nominet weeks back, initially, you didn't need ipv6... There was a rouge server active in the cluster therefore due to a round-robin config on their LB's... all you needed to do was reconnect 4-5 times to land on the rouge server which would give you double quota.. and when you team this with TDDac you had 4 x the quota... I reported that to them and they fixed it but appear to have broken ipv6 in doing so... i also reported the IPV6 issue to them about a week or so ago so who knows why its been left in tact.
     
    • Informative Informative x 1
  15. 3gmedia

    3gmedia Active Member

    Joined:
    Sep 2017
    Posts:
    531
    Likes Received:
    101
    I wondered why I couldn't those great names. :(
     
  16. Ben Thomas

    Ben Thomas Well-Known Member

    Joined:
    Mar 2018
    Posts:
    2,621
    Likes Received:
    363
  17. Nigel

    Nigel Well-Known Member

    Joined:
    May 2005
    Posts:
    4,752
    Likes Received:
    120
    If nominet's own staff can't sort this then they need to contract it out. They should call off the consultation and focus on providing a fair and flaw free drop system. They clearly haven't got the level of expertise required, or the will power to sort it. If they want a consultation it should be one on their pay and bonuses which have rocketed in the past 6 years, whilst they trashed the .uk namespace, and provided an inadequate and unfair service to their members.
     
    • Agree Agree x 5
  18. Murray

    Murray Well-Known Member

    Joined:
    Sep 2012
    Posts:
    4,261
    Likes Received:
    432
    All that talk on the other thread about how can you prove anyone is cheating, well this seems fairly straight forward and easy lol

    Not that I would say this is cheating so much as exploiting a flaw
     
    • Agree Agree x 1
  19. super-whois

    super-whois Active Member

    Joined:
    Oct 2008
    Posts:
    347
    Likes Received:
    86
    So you believe that exceeding the limit set out in the DAC Contract isn't cheating?
     
  20. aZooZa

    aZooZa Well-Known Member

    Joined:
    Nov 2005
    Posts:
    4,875
    Likes Received:
    253
    Bring back Jay Daley.
     
    • Agree Agree x 3
  21. Murray

    Murray Well-Known Member

    Joined:
    Sep 2012
    Posts:
    4,261
    Likes Received:
    432
    If Nominet are giving you more quota than they should I can't blame anyone for using it
     
    • Agree Agree x 1