I decided it was time to find out what the heck is going on, and why it has not been addressed.
Yesterday, I received a DMCA notice for a .net domain which I had on Cloudflare and I had directed to an active .com website. I found my domain was no longer pointing at the correct website, and it appears there are two issues which lead to the redirection of my domain.
# 1 - Cloudflare had dropped the domain from my account.
The name servers for ~ snip ~ no longer point to Cloudflare. They now point to:
DNS1: [not set]
DNS2: [not set]
DNS3: [not set]
DNS4: [not set]
DNS5: [not set]
As this account was created a long time ago, the email assigned to it was not being monitored. I’m not the first person to receive a false positive.
http://www.reddit.com/r/webhosting/comments/4hzogn
http://forums.whirlpool.net.au/archive/2408904
So how much checking is actually done before dropping a domain from an account?
# 2 - Some other person was then able to add my domain back into the Cloudflare DNS system, and pass or bypass verification.
I first noticed this type of activity about a year ago with one of my domains, but didn’t think it was that wide spread until I noticed it again a few months ago. This is when I decided to do a little digging.
dig -t NS @a2.org.afilias-nst.info kettle.org ;; AUTHORITY SECTION: kettle.org. 86400 IN NS boyd.ns.Cloudflare.com. kettle.org. 86400 IN NS gwen.ns.Cloudflare.com. dig SOA @boyd.ns.Cloudflare.com kettle.org ;; ANSWER SECTION: kettle.org. 3600 IN SOA algin.ns.Cloudflare.com. dns.Cloudflare.com. 2025384261 10000 2400 604800 3600 dig -t NS @boyd.ns.Cloudflare.com kettle.org ;; ANSWER SECTION: kettle.org. 86400 IN NS algin.ns.Cloudflare.com. kettle.org. 86400 IN NS jule.ns.Cloudflare.com.
That’s not my domain, but is one of the others I found with identical website content and with their DNS in the same condition.
Domains have been set to one pair of Cloudflare nameservers,
while Cloudflare DNS shows a different pair of assigned nameservers.
http://hosixy.com/2016/12/15/Cloudflare-dns-compromises/
How has this problem remained quiet for so long? It doesn’t seem like something that would be flying under the radar.