i've been dealing with a large sketchy, disreputable hosting company (iPowerWeb) for one of my clients recently. Some of their frustrating practices that i've encountered are:

• providing webapps (phpbb in this case) that they are not willing to maintain or take any responsibility for. This resulted in a compromise of a section of my client's web site. The company had basically installed an old version of phpbb for my client and never updated it, never applied security patches, and never indicated to my client that any sort of maintenance was needed. it's no surprise that the site was compromised.

• playing weird shennanigans with DNS: Whatever they did to get DNS pointing at their servers, they screwed up the WHOIS registration, providing obviously false data for many of the fields. It took me quite a while to get all of that sorted out and back under our direct control. During the worst of this, it appeared to me that the domain name had actually been hijacked, particularly because the sketchy, disreputable hosting company claimed that they had nothing to do with the DNS registration. The registrar they used (onlineNIC.com) finally pointed me back in their direction, explaining that since the registration was done through a "reseller", i really did need to work through them in the first place.

My first step upon regaining control of the DNS registration was to stop using the nameservers of the sketchy, disreputable hosting company.

i set up an account for my clients with a high-quality, progressive, tech-savvy, responsible and responsive hosting group (MayFirst/PeopleLink), and asked them to set up nameservice for the required domain name.

Once that was done, i accessed the DNS registration control panel that had finally been offered to me via onlineNIC and iPowerWeb, and repointed the two primary nameserver records to the mayfirst nameservers. Things seemed to work fine from there.

However, i later found that some machines would still occasionally resolve according to the old, nasty nameservers. a bit of digging around turned up the reason: there were 3 NS RRs reported by the TLD nameserver, and i'd only put in two. the third was was still an old nameserver running from the shitty host. Going back to the DNS registration control panel provided by onlineNIC through iPowerWeb, there were only two slots for NS RRs, however. they labeled these fields "DNS1" and "DNS2", and they both pointed at the nameservers i wanted (the ones from mayfirst.org). There was no clear way to even view a tertiary NS record, let alone delete or modify one.

Fortunately, i can edit HTML. i saved a local copy of the source of the form provided, altered the POST action so that it would point back to onlineNIC.com, and started reading through it.

There were two hidden variables: old_dns_1 and old_dns_2, and a pair of text entry fields named dnsname1 and dnsname2.

my first try at editing was to add a third pair of variables: a hidden var named old_dns_3 and a regular input var named dnsname3. i set the value of old_dns_3 to the name server i wanted to get rid of, and dnsname3 to the empty string. Then i submitted the form. OnlineNIC's processing engine reported that it had gone through! But checking the TLD nameservers directly with dig showed that the pesky iPowerWeb NS RR was still present. yuck.

My second try was to leave it with the two pairs of DNS variables, but change old_dns_2 to the iPowerWeb nameserver, and set dnsname2 to the empty string. OnlineNIC's processing engine rejected this request, reporting that i couldn't leave the second nameserver blank.

So my third try was to keep the two pairs of variables, but change old_dns_2 to the iPowerWeb nameserver, but change dnsname2 to the other MayFirst/PeopleLink nameserver. And as they say, third time's the charm! the .org TLD servers no longer report the iPowerWeb nameserver at all.

Sadly, before i decided to try hacking the web form, i spent about 30 minutes on various iPowerWeb phone queues trying to talk with someone about this. My reward at the end of the various phone queues was (of course) a voicemail system. did i mention that i hate iPowerWeb yet? i'll be glad to be rid of them for this client. and i should probably try to move the DNS registration away from OnlineNIC.com as well. their forms look slick, but you shouldn't have to edit their source by hand to do basic DNS administration.