is doing some really sketchy stuff

PREFACE A lot of people read this and say “I read the Terms Of Service, and it says in shady language they can do that.” I read it too — and I actually went through it carefully, line by line. The TOS does not permit 3LD DNS Hijacking. As I explain in this follow-up posting An Open Letter to the TOS — in very clear terms — merely permits for 2nd Level “Parked Domains” as a default activity. In no way whatsoever does’s TOS suggest that they have the right to control 3rd Level domains if you use their DNS services.

Like many other people, I got frustrated with Aside from the founder being a jackass… there were endless upsells, constantly increasing prices, and a need to use crappy online ‘coupon’ sites whenever I renewed a domain. I decided to slowly move off them, and in the wake of their misguided SOPA/CISPA support I went with

I really regret that now. They seem to be jackasses too. They are Hijacking DNS ( aka squatting ) all 3rd level domains registered through them.

I registered a few domains with for a new project. One of them is for shortened urls The following illustrates why i’m pissed. uses’s nameservers (DNS), pretty standard when you use a registrar. I configured my account on to direct a handful of A records to specific IP addresses – which is also pretty standard.

If I whois the domain, I see these nameservers :


Great. Things appear to be working.

If I want to test my DNS records, I use another tool — dig — and I query their nameservers directly.

If I dig @NS4JPZ.NAME.COM , as expected, I get the DNS records that I’ve updated with Yay.

; <<>> DiG 9.6-ESV-R4-P3 <<>> @NS4JPZ.NAME.COM ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60866 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available



;; Query time: 43 msec ;; SERVER: ;; WHEN: Wed Feb 27 19:24:3

Now, this is where things get weird…

If I query a domain name that doesn’t exist, I’m supposed to see a failure. The status above should read NXDOMAIN and I’d get something like when I dig a non-existant domain from Microsoft using dig :

; <<>> DiG 9.6-ESV-R4-P3 <<>> ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 64226 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0


;; AUTHORITY SECTION: 3600 IN SOA 2013022601 300 600 2419200 3600

;; Query time: 521 msec ;; SERVER: ;; WHEN: Wed Feb 27 19:28:26 2013 ;; MSG SIZE rcvd: 95

Now, if i dig a non-existant third-level domain against, here is what i see ( dig @NS4JPZ.NAME.COM ):

; <<>> DiG 9.6-ESV-R4-P3 <<>> @NS4JPZ.NAME.COM ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46513 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available



;; Query time: 226 msec ;; SERVER: ;; WHEN: Wed Feb 27 19:31:23 2013 ;; MSG SIZE rcvd: 50

Instead of returning a NXDOMAIN status (non-existant domain), is returning a valid status and directing the user to the ip address of “” while still showing the domain name. That IP address displays a “parked domain” , managed by and filled with a mix of advertising and search engine marketing, which one of those two parties ( or controls. I use the phrase “directing” because you are not redirectied, and the original url still appears on the browser. is telling your computer that ip address corresponds to the domain, and the Sedo site is serving the marketing material off of your domain.

Instead of saying “This domain doesn’t exist” — as expected — has created a system where any wildcarded third-level domain name that fails a real DNS query is treated like a real domain… a real domain that I don’t control, but instead they do , and are trying to monetize.

In fact, if you make a DNS query against ANY fully qualified domain name ( FQDN ) that is not entirely configured on, you are redirected to the same marketing sites. You can try querying any domain registered elsewhere — they’ll all point to as the configured ip address for that domain. As far as is concerned, there doesn’t seem to be any such thing as a non-existant domain.

I am beyond mad:

  • I didn’t sign up for this.
  • There is no way to opt out of this on any of their screens.
  • This practice actively hurts the business and brands of domain owners by associating low-value content on third-level domains with the second-level domain.
  • This has serious security implications in regards to Cross-Site Scripting and how cookies are locked down into a domain.
  • This violates the IETF’s RFC 2308, which pretty much states “how dns should work”

I’m now looking to transfer these domain names elsewhere. I only found out about this, because of a typo.

I’ve put in a support request with to address this, I sure as hell don’t trust them do the right thing – this is a dirty and backhanded practice that should not have existed in the first place.

As a quick addendum: this practice is called “DNS HiJacking”. It’s popular with a handful of ISPs who try to monetize DNS failures. I’ve never heard of a Registrar doing this before. You can read about it more here:


After looking on Bing and Google against “” + “dns hijack”, it turns out this has been going on for a LONG time


and if you look on the GetSatisfaction site, it’s filled with people complaining over the same thing :

Update 2 - reached out over twitter, and pointed to a blog posting defending this practice on technical grounds and that it’s hidden in their TOS. I call bullshit. Hiding things in a TOS doesn’t make it right, and there are no technical grounds to trying to generate revenue.

Update 3 -

Apologies if you had trouble reading this. WordPress Caching was not enabled, and my server failed.

This entry was posted in Thoughts. Bookmark the permalink.

35 Responses to is doing some really sketchy stuff

  1. Kevin O'Hara says:

    Wow, this is shocking. It’s hard to find a company that will stoop lower than GoDaddy but these guys sure do. A registrar doing this is just baffling. Thanks for sharing.

  2. Nate Silva says:

    Those are the mass-market registrars. For someone like yourself who knows what you’re doing, you have choices:

    • Use a pro-grade registrar: DynDNS (expensive, full-featured, worth it); PairNIC (cheap, minimalist, high quality). I’m sure there are others, but as a rule: if you see stock photo banners anywhere on the site, or if have to click through upsell screens when you register, run away.

    • Keep using the low-end registrar, but point your DNS to Amazon Route 53 ($1/month + 50¢ per million queries).

  3. Nate Silva says:

    (Follow up) I noticed that is hosted on Linode. They offer free DNS hosting with your account. You could point to that.

  4. Pete Miller says:

    Whilst this is a bad practice, I find its best to use the registrars just for domain purchase, and to use specialist name server services for dns. The quality of name servers for registry is never the best. Amazon Route 53 for example gives the best control I’ve seen, but there are also some free services out there.

    However if you are looking for someone who handles domain purchases and DNS without any werd tactics (that I’ve noticed so far), try fasthosts. I was about to move away from them for someone with a slicker admin UI, but it looks like remaining with them for their service level is probably best.

  5. macshome says:

    Almost all ISPs do this now as does OpenDNS.

    It can cause real issues for systems that rely on something not being available really not being available. It wreaks havoc for somethings on OS X and iOS because the network reachability APIs depend on not being able to find a DNS resolution for a name. If EVERYTHING resolves to an IP then the APIs effectively stop working.

    You can turn some of them off, but asshats all around.

  6. Like I hear on podcasts, you might want to try instead.

  7. Andy says:

    This entire article could just be rewritten as “ squats 3rd level sub domains” :p

  8. wise says:

    you should have used gandi, they don’t do tricks.

  9. J says:

    I noticed this after transferring from godaddy as well and had to add an (A) record of * pointing to my ip address…

  10. coconutstudio says:

    I had transferred whole bunch of godaddy to namecheap recently. Glad I didn’t use

  11. Brian says:

    Honestly, I don’t see a problem with what they are doing. Granted, I’ve never ever used registrar DNS opting to create my own wildcard A records, but if it’s the difference between the visitor getting a shitty browser error message and something graphic, I’ll take the graphic.

    Having said that, you might consider checking these guys out.

    • Jonathan says:

      The problem is that there’s no way to realistically turn it off ( wildcard records are not a real solution ) and customers are put into this situation by default. By wildcarding the non-existant 3LDs to their servers, my 2LD name loses search engine equity due to their content. Additionally, any cookies for my 2LD that aren’t explicitly locked down to the FQDN are sent to their servers AND those servers are enabled for usage in Cross Site Scripting attacks against my domain. That last section is the really bad part, because it creates legal liabilities in many jurisdictions.

      If this was an opt-in service, or explicitly laid out for customers to opt-out of — I wouldn’t have an issue. Instead is completely hiding that they engage in this practice at-all, and trying to hide behind a Terms of Service clause that was written for Domain Parking. This is a sleazy action, being defended through a sleazier action.

      • Brian says:

        I hadn’t thought of the cross-site scripting issues, although most browsers have options to disable this if not disabled by default.

        I get that you’re pissed off at the discovery and yeah… it has a sleaze component to it, but for someone who clearly understands how use dig and gets DNS namespace, I’m surprised you weren’t managing your own DNS to start with. While irritating, this didn’t have to happen.

        Here… they’re not free, but they are extremely reasonable. Interface is great, support is responsive and skilled, and it’s another no-bullshit company I highly recommend (for DNS).

        My $0.02, for what it’s worth man.

  12. wedtm says:

    I use for DNS, amazing service, they even support some of the custom DNS records for AWS, i.e. ALIAS.

  13. a says:

    I transferred my stack to

    They ain’t saints either, but sure as hell don’t pull bullshit like that

  14. Nathan Kozyra says:

    “I didn’t sign up for this.”

    Yes, yes you did.

    • Jonathan says:

      @Nathan – No, I didn’t sign up for this. Their registration agreement covers parked domains. My domain is not parked. If you actually go through the language of their agreement , which I outline in this post , there is no way anyone could justifably construe DNS failures on third-level-domains as falling under their section of “Parked Domains”.

      • Nathan Kozyra says:

        Actually, if you review their TOS, there are at least five areas that would allow for this activity, with the usual blanket failsafe “reserves the right to change these terms, etc.”

        You did agree to it. It sucks, but you did.

        • Ross Rader says:

          Nathan – he signed up for a domain registration and some DNS services. He agreed to a TOS that technically permits this – and it wasn’t something he explicitly signed up for.

          As a registrar myself, I can share that there is a technical term for this practice – we call it “scumbaggery”.

          Registrars make such a bad name for themselves by exploiting the dark corners of their relationship with their customers and it just isn’t right. There’s a lot of money to be made in DNS and registrations – it just isn’t right to be hijacking that deal by selling it again to a third party so that useless adverts can be shown to random interlopers. Its shortsighted and unfortunately, all too typical in this business.

          • Jonathan says:

            Ross – if you go through their actual Terms of Service, it does not permit this : technically or legally. The TOS only permits them do do this as a default behavior on the 2nd level domain. This is a classic case of “Some asshole in marketing had an idea, the lawyer said ‘That sounds ok by our TOS!” and a company just trying turn their lawyers misunderstood belief into fact.

  15. Crane says:

    I point A record with value * to my IP to bypass hijack.

    My story: first, I move all domain from godaddy to name, now I move all name to reseller club. any suggest for best domain provider? thanks

  16. Even Worse says:
    1. Parked domain service All domain names registered via will automatically be provided a Parked Domain Service. All domains will default to our name servers unless and until you modify your default settings. At any time, you may disable the placeholder page by updating, modifying or otherwise changing the name servers for the relevant domain name.

    Domain names using our Parked Domain Service may display a placeholder page for your future website. These placeholder pages may include contextual and/or other advertisements for products or services. will collect and retain any and all revenue acquired from these advertisements, and you will have no right to any information or funds generated via the Parked Domain Service.

    You agree that we may display our logo and links to our website(s) on pages using the Parked Domain Service. will make no effort to edit, control, monitor, or restrict the content displayed by the Parked Page Service. Any advertising displayed on your parked page may be based on the content of your domain name and may include advertisements of you and/or your competitors. It is your responsibility to ensure that all content placed on the parked page conforms to all local, state, federal, and international laws and regulations.

    It is your obligation to ensure that no third party intellectual or proprietary rights are being violated or infringed due to the content placed on your parked page. Neither nor our advertising partners will be liable to you for any criminal or civil sanctions imposed as a direct or indirect result of the content or links (or the content of the websites to which the links resolve) displayed on your parked pages.

    As further set forth above, you agree to indemnify and hold and its affiliated parties harmless for any harm or damages arising from your use of the Parked Domain Service.

  17. CodeRanger says:

    I separate my name purchasing from my name management so I can swap registrars easily without reconfiguring all my dans records, therefore I have full control. I use the great which is very very reasonably price starting at about $50 a year for 50 domains ( and they were also great and imported all my existing domain records for 120+ domains right at the beginning which was amazing

  18. nimmen says:

    frankly im pretty happy with compared to any other provider ive been through. also try setting ‘*.domain’ to point to something, maybe thats the way to deal with hijacking your subdomains for someone elses profit

    • Jonathan says:

      No, that’s not. *.domain says “This domain exists” and redirects to another service. I don’t want that, and I shouldn’t have to do that.

  19. machbio says:

    I would suggest you use cloudflare for your DNS, they are the best in security and with openness with respect to the workings of their company.. you could setup any domain within minutes..

  20. Dino Angelov says:

    I thought it’s my ISP doing that and I was ready to blame them. I was moving servers when I noticed this – even now gives you a crappy page filled with links and ads.

    And to think their moto is “Giving a sh**”. I was about to transfer the rest of my GoDaddy domains to them as well. Too bad.

  21. bob says:

    here is response from Hello, Thank you for your email. Our system is set a specific way. To clarify, It is correct that all domains and sub-domains that use our Name Servers are automatically directed to a parking Page. We fully understand your concern about domains/sub-domains resolving to a parking page. The issue at hand has been escalated to our Management department for review. At this time, no decision has been made. However, we are more than happy to add records pointing a wild card subdomains, thus bypassing any parking pages in the meantime. Once again, we apologize for the inconvenience and appreciate your patience in this matter. Sincerely, …

  22. Richard says:

    Wow, I just discovered this too, just by chance. I just added a * to my ip address and it seemed to work, will be calling them up on Moday and seeing why the hell they have to redirect this, if in deed they have. I suspect that somehow the scumbags at parking company just did a lookup on their domain server and saw that they don’t have a wild card in there ???????

  23. Eugene OZ says:

    Thank you very much. Their behavior is just unacceptable and even if they will change that, I can’t trust them anymore.

  24. derp says:

    This is what allows you to set up wildcards in your DNS records on

    For example, on’s DNS manager, I can set an A record for * to always resolve to’s IP address. Then I can handle it on the server side. Combine this with dynamic subdomaining in apache, and it makes it really easy to set up something like on the fly. Otherwise, you have to find a DNS host who has an API that allows you to provision subdomain records in real time.

    So while you may get miffed at this, it’s a feature that really cuts development time. It’s not a bug, and it’s not sketchy.

    • Jonathan says:

      @anonymous derp

      No, it’s a bug. It breaks the RFCs for DNS spec and goes against ICANN’s regulations. As I’ve stated above, a wildcard DNS entry is not the same as having a NXDOMAIN status. While that might be a ‘feature’ to your own development style, it leaves the bulk of users in this situation:

      1) They don’t know that has hijacked their 3LD domain names , and are faced with potential security and branding issues 2) They do know that, and must create a wildcard entry and handle that appropriately on their end.

      The RFCs and ICANN are very clear about how DNS should and should not work.’s policies and procedures are clearly against established standards and best practices.

      • derp says:

        Because standards setting bodies clearly know what’s best… Google, Amazon, Microsoft, and all the major tech companies break standards all the time. Who cares? If you play in their garden, you’re stuck with their version of the rules. Don’t like it? Go somewhere else.

        Besides, can you give me a single use case where you would want to ignore a user looking for your brand, and give them an unbranded error message instead?

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>