A little over a year ago we detailed the laborious process by which we managed to bypass an incompetent dot-zm domain registrar — Realtime Technologies Ltd. / Hai Alive Telecommunications — to speak directly to ZICTA (the Zambia Information & Communications Technology Authority) about a problem caused by ZICTA and misdiagnosed by Realtime/HAI.
You may or may not believe this, but the exact same thing is happening again, but with a different dot-zm domain registered through Realtime/HAI.
We contacted ZICTA and Zambia CIRT, through the same channels we used last time, early on the morning of Saturday 10 December. Over forty-eight hours later we still have not received an acknowledgement of our email, and the problem persists.
With the domain redacted to protect our client’s privacy, the evidence that is much the same as for the problem last year is presented below. What is particularly interesting about the information reported by one of the dot-zm nameservers (hippo.ru.ac.za) is that it is still reporting the pch.nic.zm and ns1.coppernet.zm nameservers as being authoritative for the dot-zm ccTLD. (See the IANA website for the nameservers for the dot-zm ccTLD.) The former was the problem nameserver last year, and was apparently promptly decommissioned after our report. However, I see that it is now back online at a new location. Ironically, this time it is actually reporting the correct DNS information for this domain. The latter belongs to the now-defunct Coppernet; although there is still an A record pointing ns1.coppernet.zm to 41.222.240.15, that nameserver simply does not respond at all.
We’ll post further updates when (or if) this problem is resolved. However, we really cannot emphasise strongly enough that you should not register dot-zm domains, and if you have one, you should transition away from it as soon as possible.
Update, 2016-12-27: Posted an update.
[00:00:05 leftseat@wrathall ~]$ whois zxxx.org.zm Domain Name: zxxx.org.zm Domain ID: 11559-zicta WHOIS Server: whois.nic.zm Referral URL: Updated Date: 2016-11-29T11:40:45.292Z Creation Date: 2015-05-12T09:27:15.528Z Registry Expiry Date: 2017-05-12T09:27:15.611Z Sponsoring Registrar: Realtime (Z) Sponsoring Registrar IANA ID: Domain Status: ok Registrant Name: REDACTED Registrant Organization: REDACTED Registrant Street: lusaka Registrant City: lusaka Registrant State/Province: lusaka Registrant Postal Code: 10101 Registrant Country: ZM Registrant Phone: +260.REDACTED Registrant Phone Ext: Registrant Email: REDACTED Name Server: ns1.niner.net Name Server: ns2.niner.net DNSSEC: unsigned Additional Section Sponsoring Registrar URL: Sponsoring Registrar Country: ZM Sponsoring Registrar Phone: Sponsoring Registrar Fax: Sponsoring Registrar Customer Service Contact: Sponsoring Registrar Customer Service Email: Sponsoring Registrar Admin Contact: Sponsoring Registrar Admin Email: >>> Last update of WHOIS database: 2016-12-12T07:31:46.321Z <<< TERMS OF USE: You are not authorized to access or query our WHOIS database through the use of electronic processes that are high-volume and automated. THis WHOIS database is provided by as a service to the internet community. The data is for information purposes only. We do not guarantee its accuracy. By submitting a WHOIS query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes. The compilation, repackaging, dissemination or other use of this Data is expressly prohibited. [00:00:14 leftseat@wrathall ~]$ dig zxxx.org.zm ns ; <<>> DiG 9.9.5-3ubuntu0.10-Ubuntu <<>> zxxx.org.zm ns ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51871 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1280 ;; QUESTION SECTION: ;zxxx.org.zm. IN NS ;; ANSWER SECTION: zxxx.org.zm. 300 IN NS ns1.niner.net. zxxx.org.zm. 300 IN NS ns2.niner.net. ;; Query time: 4627 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Mon Dec 12 00:00:28 PST 2016 ;; MSG SIZE rcvd: 85 [00:00:28 leftseat@wrathall ~]$ dig zxxx.org.zm ns @ns1.niner.net ; <<>> DiG 9.9.5-3ubuntu0.10-Ubuntu <<>> zxxx.org.zm ns @ns1.niner.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34521 ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;zxxx.org.zm. IN NS ;; ANSWER SECTION: zxxx.org.zm. 300 IN NS ns1.niner.net. zxxx.org.zm. 300 IN NS ns2.niner.net. ;; ADDITIONAL SECTION: ns1.niner.net. 300 IN A 65.61.166.128 ns2.niner.net. 300 IN A 65.61.166.129 ;; Query time: 97 msec ;; SERVER: 65.61.166.128#53(65.61.166.128) ;; WHEN: Mon Dec 12 00:00:36 PST 2016 ;; MSG SIZE rcvd: 117 [00:00:36 leftseat@wrathall ~]$ dig zxxx.org.zm ns @hippo.ru.ac.za ; <<>> DiG 9.9.5-3ubuntu0.10-Ubuntu <<>> zxxx.org.zm ns @hippo.ru.ac.za ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51448 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 4 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;zxxx.org.zm. IN NS ;; AUTHORITY SECTION: org.zm. 86400 IN NS ns2.zamnet.zm. org.zm. 86400 IN NS pch.nic.zm. org.zm. 86400 IN NS ns1.coppernet.zm. org.zm. 86400 IN NS ns-zm.afrinic.net. org.zm. 86400 IN NS ns1.zamnet.zm. ;; ADDITIONAL SECTION: ns1.zamnet.zm. 86400 IN A 196.46.192.26 ns1.coppernet.zm. 86400 IN A 41.222.240.15 ns2.zamnet.zm. 86400 IN A 196.46.192.21 ;; Query time: 347 msec ;; SERVER: 146.231.128.1#53(146.231.128.1) ;; WHEN: Mon Dec 12 00:03:14 PST 2016 ;; MSG SIZE rcvd: 212 [00:03:14 leftseat@wrathall ~]$ dig zxxx.org.zm ns @ns1.zamnet.zm ; <<>> DiG 9.9.5-3ubuntu0.10-Ubuntu <<>> zxxx.org.zm ns @ns1.zamnet.zm ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5881 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;zxxx.org.zm. IN NS ;; AUTHORITY SECTION: zxxx.org.zm. 86400 IN NS ns1.niner.net. zxxx.org.zm. 86400 IN NS ns2.niner.net. ;; Query time: 330 msec ;; SERVER: 196.46.192.26#53(196.46.192.26) ;; WHEN: Mon Dec 12 00:03:35 PST 2016 ;; MSG SIZE rcvd: 85 [00:03:35 leftseat@wrathall ~]$ dig zxxx.org.zm ns @ns2.zamnet.zm ; <<>> DiG 9.9.5-3ubuntu0.10-Ubuntu <<>> zxxx.org.zm ns @ns2.zamnet.zm ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27780 ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;zxxx.org.zm. IN NS ;; ANSWER SECTION: zxxx.org.zm. 604800 IN NS ns2.zamnet.zm. zxxx.org.zm. 604800 IN NS ns5.zamnet.zm. ;; Query time: 337 msec ;; SERVER: 196.46.192.21#53(196.46.192.21) ;; WHEN: Mon Dec 12 00:03:42 PST 2016 ;; MSG SIZE rcvd: 83 [00:03:42 leftseat@wrathall ~]$ dig zxxx.org.zm ns @ns-zm.afrinic.net ; <<>> DiG 9.9.5-3ubuntu0.10-Ubuntu <<>> zxxx.org.zm ns @ns-zm.afrinic.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43162 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;zxxx.org.zm. IN NS ;; AUTHORITY SECTION: zxxx.org.zm. 86400 IN NS ns1.niner.net. zxxx.org.zm. 86400 IN NS ns2.niner.net. ;; Query time: 324 msec ;; SERVER: 196.216.168.44#53(196.216.168.44) ;; WHEN: Mon Dec 12 00:03:53 PST 2016 ;; MSG SIZE rcvd: 85 [00:03:53 leftseat@wrathall ~]$ dig pch.nic.zm any ; <<>> DiG 9.9.5-3ubuntu0.10-Ubuntu <<>> pch.nic.zm any ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 261 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1280 ;; QUESTION SECTION: ;pch.nic.zm. IN ANY ;; ANSWER SECTION: pch.nic.zm. 81758 IN A 204.61.216.73 ;; Query time: 10 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Mon Dec 12 00:16:20 PST 2016 ;; MSG SIZE rcvd: 55 [00:16:20 leftseat@wrathall ~]$ whois 204.61.216.73 # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # # If you see inaccuracies in the results, please report at # https://www.arin.net/public/whoisinaccuracy/index.xhtml # # # The following results may also be obtained via: # https://whois.arin.net/rest/nets;q=204.61.216.73?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2 # NetRange: 204.61.208.0 - 204.61.217.255 CIDR: 204.61.216.0/23, 204.61.208.0/21 NetName: WOODYNET-204-61-208-0-21 NetHandle: NET-204-61-208-0-1 Parent: NET204 (NET-204-0-0-0-0) NetType: Direct Assignment OriginAS: Organization: WoodyNet (WOODYN) RegDate: 1995-01-26 Updated: 2012-03-02 Ref: https://whois.arin.net/rest/net/NET-204-61-208-0-1 OrgName: WoodyNet OrgId: WOODYN Address: 2351 Virginia St City: Berkeley StateProv: CA PostalCode: 94709-1315 Country: US RegDate: 2001-05-16 Updated: 2013-04-02 Ref: https://whois.arin.net/rest/org/WOODYN OrgAbuseHandle: BW1324-ARIN OrgAbuseName: Woodcock, Bill OrgAbusePhone: +1-415-831-3103 OrgAbuseEmail: woody_AT_pch.net OrgAbuseRef: https://whois.arin.net/rest/poc/BW1324-ARIN OrgTechHandle: BW1324-ARIN OrgTechName: Woodcock, Bill OrgTechPhone: +1-415-831-3103 OrgTechEmail: woody_AT_pch.net OrgTechRef: https://whois.arin.net/rest/poc/BW1324-ARIN # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # # If you see inaccuracies in the results, please report at # https://www.arin.net/public/whoisinaccuracy/index.xhtml # [00:16:32 leftseat@wrathall ~]$ dig -x 204.61.216.73 ; <<>> DiG 9.9.5-3ubuntu0.10-Ubuntu <<>> -x 204.61.216.73 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46703 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1280 ;; QUESTION SECTION: ;73.216.61.204.in-addr.arpa. IN PTR ;; ANSWER SECTION: 73.216.61.204.in-addr.arpa. 900 IN PTR pch.nic.zm. ;; Query time: 1670 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Mon Dec 12 00:16:44 PST 2016 ;; MSG SIZE rcvd: 79 [00:16:44 leftseat@wrathall ~]$ dig zxxx.org.zm ns @pch.nic.zm ; <<>> DiG 9.9.5-3ubuntu0.10-Ubuntu <<>> zxxx.org.zm ns @pch.nic.zm ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10234 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;zxxx.org.zm. IN NS ;; AUTHORITY SECTION: zxxx.org.zm. 86400 IN NS ns2.niner.net. zxxx.org.zm. 86400 IN NS ns1.niner.net. ;; Query time: 11 msec ;; SERVER: 204.61.216.73#53(204.61.216.73) ;; WHEN: Mon Dec 12 00:17:20 PST 2016 ;; MSG SIZE rcvd: 85 [00:17:20 leftseat@wrathall ~]$ dig ns1.coppernet.zm any ; <<>> DiG 9.9.5-3ubuntu0.10-Ubuntu <<>> ns1.coppernet.zm any ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4953 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1280 ;; QUESTION SECTION: ;ns1.coppernet.zm. IN ANY ;; ANSWER SECTION: ns1.coppernet.zm. 86375 IN A 41.222.240.15 ;; Query time: 11 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Mon Dec 12 00:36:07 PST 2016 ;; MSG SIZE rcvd: 61 [00:36:07 leftseat@wrathall ~]$ whois 41.222.240.15 % This is the AfriNIC Whois server. % Note: this output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to '41.222.240.0 - 41.222.241.255' % No abuse contact registered for 41.222.240.0 - 41.222.241.255 inetnum: 41.222.240.0 - 41.222.241.255 netname: CUNET-LSK-01 descr: Allocation to CopperNET Solutions, an ISP in Zambia. country: ZM admin-c: KWC1-AFRINIC tech-c: KWC1-AFRINIC status: ASSIGNED PA remarks: Please send abuse notification to abuse@coppernet.zm mnt-by: COPSOL-MNT source: AFRINIC # Filtered parent: 41.222.240.0 - 41.222.243.255 person: Kasopa W Chisanga address: Silicon House, Kantanta Street address: P.O Box 22149, Kitwe address: ZM phone: +260-212-245011 phone: +260-212-245200 phone: +260-212-245222 nic-hdl: KWC1-AFRINIC remarks: CopperNET Solutions. source: AFRINIC # Filtered [00:36:20 leftseat@wrathall ~]$ dig -x 41.222.240.15 ; <<>> DiG 9.9.5-3ubuntu0.10-Ubuntu <<>> -x 41.222.240.15 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 11716 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1280 ;; QUESTION SECTION: ;15.240.222.41.in-addr.arpa. IN PTR ;; Query time: 1916 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Mon Dec 12 00:36:30 PST 2016 ;; MSG SIZE rcvd: 55 [00:36:30 leftseat@wrathall ~]$ traceroute 41.222.240.15 traceroute to 41.222.240.15 (41.222.240.15), 30 hops max, 60 byte packets 1 192.168.1.1 (192.168.1.1) 0.372 ms 0.780 ms 0.781 ms 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * [00:37:15 leftseat@wrathall ~]$ dig zxxx.org.zm ns @ns1.coppernet.zm ; <<>> DiG 9.9.5-3ubuntu0.10-Ubuntu <<>> zxxx.org.zm ns @ns1.coppernet.zm ;; global options: +cmd ;; connection timed out; no servers could be reached [00:38:21 leftseat@wrathall ~]$