The main reason for the recent downtime of the SA Post Office website was the suspension of its domain due to non-payment.
However, this is only the tip of the iceberg that is the organisation’s problems.
The website was down for several days, and emails sent to @postoffice.co.za addresses bounced.
This downtime was disruptive for users and further hurt the organisation’s poor reputation.
The reason for the downtime is of concern, as the domain name renewal fee was R125.40 and the payment was outstanding for several weeks.
Browne highlighted the following in the buildup to the downtime:
- 1 February 2018 – An invoice was issued for the domain and sent to the current billing address: “[email protected]”. The email was successfully delivered.
- 1 March 2018 – An additional statement was sent, detailing the outstanding amount. The email was successfully delivered.
- 12 March 2018 – A final warning was emailed to all the whois records, along with the domain master email address.
- 19 March 2018 – The domain is suspended due to non-payment, by removing it from the co.za zone.
- 20 March 2018 – A payment is processed, and the domain is returned to the co.za zone.
The lack of payment was not the only issue, however.
Browne said the website remained down after the payment, as there were several errors with the “postoffice.co.za” zone setup.
He said the problems which were uncovered made it “quite remarkable that anything works at all” and contributed to the extended downtime.
Browne gave a detailed explanation of these problems, which included:
- There are seven nameservers, instead of the listed five in the registration.
- One of the nameservers – waterbok.postoffice.co.za – is not valid.
- The “postoffice.co.za” domain is susceptible to DNS cache poisoning and is vulnerable to being hacked to give out incorrect entries.
- One nameserver – gemsbok.postoffice.co.za – is not listed in the co.za zone.
- When Browne queried the “gemsbok” nameserver, “waterbok” had been replaced by “gemsbok” and “gemsbok.postoffice.co.za” was gone.
- The TTLs (Time To Live records) are different – on “gemsbok.postoffice.co.za” they are set to expire in one day (86,400 seconds), while “waterbok.postoffice.co.za” was 10 minutes (600 seconds).
Browne further uncovered that certain Internet Solutions nameservers are used for the postoffice.co.za domain.
However, when he tested the IS nameservers, they responded with “SERVFAIL”, which “basically means they know nothing about postoffice.co.za”.
“Basically, you have a bunch of misconfigurations in the postoffice.co.za domain, with errors across all of the listed nameservers,” said Browne.
“Two of five registered nameservers do not even know about the domain, and all of the ones that do answer contain weird nonsensical nameservers. And two of the nameservers cannot be trusted to serve the correct information.”
Browne said it is “no wonder things took so long to come back up once the domain was reinstated”.
Alarm bells should ring at the Post Office, as these errors appear to be replicated on “postbank.co.za” and other Post Office domains.