Honest question: What exactly does it mean for a registrar to block a domain? I believed so far that for my browser to successfully connect to a web server running on a domain or for a mail server to deliver email to a domain, there should only be valid A, AAAA, MX, and/or CNAME records in the DNS.
Was it really a block at the registrar level or was it a block at the DNS level, i.e., the registrar also ran DNS service and their DNS service refused to return responses for zoho.com domains?
At what layer or at which stage of the protocol can a registrar disrupt this and take a domain offline?
There are several layers where a registrar has control over DNS resolution.
Terms:
ICANN: The organization responsible for coordinating the maintenance of the domain name system (among other things).
Registrar: A company authorized to update ICANN database on behalf of registrants. Google, GoDadddy, Enom, etc are registrars
Registrants: An entity that wants to register a domain name. In this case, Zoho is a registrant, but it could also be an individual. This is your role if you 'own' a domain.
Authoritative Name Server: A domain name server that is considered authoritative for a specific domain.
Stuff registrars can do (among other things):
1.) They can update the ICANN database to disable a domain completely[1]
2.) They can replace your authoritative name servers with their own or someone else's (ex: botnet domains being reassigned to a security company for dismantling via court order)[2]
3.) If the authoritative name servers for a domain are owned by the registrar, then the registrar can merely change the DNS entries themselves to point to something other than the domain owner's wishes.
The registrar maintains the records that specify which nameservers, i.e. DNS servers, will resolve names for that domain. The registrar simply changes that record to point to nameservers that they operate, and with DNS entries that “take it offline”.
I'm not seeing a block at the moment. I did find a whois history page that claims their NS records in January, 2018 are the same as what I'm seeing now:
Those don't appear to be connected to the registrar (tierra.net); most likely the NS records were removed or replaced with servers that direct all queries to a parking page for abusive domains. The TLD servers for com. return a 2 day TTL for all glue records, and their SOA record indicates a 1 day negative TTL.
(Of course, some caching resolvers ignore TTLs :( )
Am I seeing things or is dig really telling me their NS records pointed to vtitan.com? Who the hell is vtitan? Route53 with AWS would run them what, $100 a month for their level of traffic?
> vTitan, an international company with offices in California, Singapore and Tamil Nadu, is engaged in the development, manufacture, distribution and sales of a broad range of medical devices and consumables used in global healthcare markets.
Zoho appears to have funded it along with a few other companies. Unfortunately, the Indian news page that reported on the launch is even worse than news sites in the US with popups, pop-ins, pop-overs, pop-rocks, etc, so I can't in good conscience link it here.
Was it really a block at the registrar level or was it a block at the DNS level, i.e., the registrar also ran DNS service and their DNS service refused to return responses for zoho.com domains?
At what layer or at which stage of the protocol can a registrar disrupt this and take a domain offline?