20i Domains

New Nominet drop catching flaw revealed?

Discussion in 'Drop catching Domain Names' started by davedevelopment, Jul 30, 2020.

  1. davedevelopment

    davedevelopment Well-Known Member

    Joined:
    May 2009
    Posts:
    1,320
    Likes Received:
    89
    • Informative Informative x 3
  2. Domain Forum

    Acorn Domains Elite Member

    Joined:
    1999
    Messages:
    Many
    Likes Received:
    Lots
    articles.co.uk
     
  3. Murray

    Murray Well-Known Member

    Joined:
    Sep 2012
    Posts:
    4,201
    Likes Received:
    401
    Is this what @Hay discovered?
     
  4. foz

    foz Well-Known Member Exclusive Member

    Joined:
    Oct 2006
    Posts:
    3,041
    Likes Received:
    35
    Burdensome flaw on the registry. Must get hammered.
     
    • Agree Agree x 1
  5. davedevelopment

    davedevelopment Well-Known Member

    Joined:
    May 2009
    Posts:
    1,320
    Likes Received:
    89
    Just confirmed it myself, my existing IPs (different data centres) all share the same limits, I added a new IP at another data centre and seemed to get a fresh set.

    Server A (existing): #usage,C,60,304,86400,309753
    Server B (existing): #usage,C,60,304,86400,309653
    Server C (new): #usage,C,60,1,86400,1
     
    • Like Like x 3
    • Informative Informative x 2
  6. Fred Steven Cyprus

    Fred Steven Member

    Joined:
    Jan 2020
    Posts:
    32
    Likes Received:
    8
    So would this flaw also allow simultaneous dac sockets from different IP addresses each with its own allowance
     
  7. lazarus

    lazarus Well-Known Member Exclusive Member

    Joined:
    Feb 2013
    Posts:
    1,263
    Likes Received:
    281
    This one must have been around since the start? How lame is that, for a "World Leading" cyber security outfit.
     
    • Agree Agree x 2
  8. foz

    foz Well-Known Member Exclusive Member

    Joined:
    Oct 2006
    Posts:
    3,041
    Likes Received:
    35
    Lame indeed. They're going to be in for one hell of shock (heavy demand) moving forward :)
     
  9. super-whois United Kingdom

    super-whois Active Member

    Joined:
    Oct 2008
    Posts:
    204
    Likes Received:
    43
    • Like Like x 1
    • Funny Funny x 1
    • Winner Winner x 1
  10. sigh Malta

    sigh Member

    Joined:
    May 2020
    Posts:
    22
    Likes Received:
    11
    I brought this to their attention on the 25th May, 28th May, 9th June, 17th June, 24th June and on 17th July they confirmed that using it would breach their AUP. So they are aware but as they didn't fix it in 2 maintenances they probably don't care. I'm not getting dragged into a discussion here so just letting you know how they perceive it. Originally it worked by repeatedly disconnecting/reconnecting from the same server. I assumed it had been in use for a long time before I found it and told them. They attempted a 'patch' which stopped that but now allows some (doesn't work on all servers) to get two different quotas on IP4 and IP6 on the same server. I haven't seen it work on more than 2 quotas even over different datacenters - I guess it totals up IP4 and IP6 separately. However there may be even more flaws. But in the past 2 months with initially daily lengthy discussions, about problems and solutions, with nominet they haven't done anything. Why is that... could it be they don't care because they're going to an auction system soon?
     
    • Informative Informative x 4
    • Like Like x 1
    Last edited: Jul 30, 2020
  11. lazarus

    lazarus Well-Known Member Exclusive Member

    Joined:
    Feb 2013
    Posts:
    1,263
    Likes Received:
    281
    Kudos to Greywing! for bringing it to light.
     
    • Agree Agree x 2
    • Like Like x 1
  12. Edwin

    Edwin Well-Known Member

    Joined:
    Apr 2005
    Posts:
    9,956
    Likes Received:
    595
    • Funny Funny x 2
  13. super-whois United Kingdom

    super-whois Active Member

    Joined:
    Oct 2008
    Posts:
    204
    Likes Received:
    43
    Sounds like it might be two load balanced servers, that keep separate usage counts.
     
  14. Hay

    Hay Active Member Exclusive Member

    Joined:
    Jul 2019
    Posts:
    377
    Likes Received:
    96
    i reported this to Nominet weeks back, initially, you didn't need ipv6... There was a rouge server active in the cluster therefore due to a round-robin config on their LB's... all you needed to do was reconnect 4-5 times to land on the rouge server which would give you double quota.. and when you team this with TDDac you had 4 x the quota... I reported that to them and they fixed it but appear to have broken ipv6 in doing so... i also reported the IPV6 issue to them about a week or so ago so who knows why its been left in tact.
     
    • Informative Informative x 1
  15. 3gmedia United Kingdom

    3gmedia Active Member Exclusive Member

    Joined:
    Sep 2017
    Posts:
    482
    Likes Received:
    81
    I wondered why I couldn't those great names. :(
     
  16. Ben Thomas

    Ben Thomas Well-Known Member

    Joined:
    Mar 2018
    Posts:
    1,721
    Likes Received:
    219
    The end is near.
     
  17. Nigel United Kingdom

    Nigel Well-Known Member

    Joined:
    May 2005
    Posts:
    4,362
    Likes Received:
    89
    If nominet's own staff can't sort this then they need to contract it out. They should call off the consultation and focus on providing a fair and flaw free drop system. They clearly haven't got the level of expertise required, or the will power to sort it. If they want a consultation it should be one on their pay and bonuses which have rocketed in the past 6 years, whilst they trashed the .uk namespace, and provided an inadequate and unfair service to their members.
     
    • Agree Agree x 5
  18. Murray

    Murray Well-Known Member

    Joined:
    Sep 2012
    Posts:
    4,201
    Likes Received:
    401
    All that talk on the other thread about how can you prove anyone is cheating, well this seems fairly straight forward and easy lol

    Not that I would say this is cheating so much as exploiting a flaw
     
    • Agree Agree x 1
  19. super-whois United Kingdom

    super-whois Active Member

    Joined:
    Oct 2008
    Posts:
    204
    Likes Received:
    43
    So you believe that exceeding the limit set out in the DAC Contract isn't cheating?
     
  20. aZooZa

    aZooZa Well-Known Member Exclusive Member

    Joined:
    Nov 2005
    Posts:
    4,855
    Likes Received:
    203
    Bring back Jay Daley.
     
    • Agree Agree x 3
  21. Murray

    Murray Well-Known Member

    Joined:
    Sep 2012
    Posts:
    4,201
    Likes Received:
    401
    If Nominet are giving you more quota than they should I can't blame anyone for using it
     
    • Agree Agree x 1