This is exactly the sort of issue that's supposed to be eliminated by DNSSEC validation.<p>The registrar's database gets corrupted? They are not hosting my DS records, anyway. That's in the top-level domain. You will be the least of anybody's worries if the top-level domain dies. And as long as the DS record is live, a validating nameserver can tell that the faulty DNS server is sending incorrect resource records, and should be disregarded.<p>Side note: My DNS server is a hidden master, that publishes zones via secondary servers, run by separate companies.<p>The corruption would still be disruptive, but it would not be such a disaster.
"Any request to <i></i>.js file resulted in a valid javascript. This script was loaded and executed instead of Qbaka tracking script."<p>Who would do that?<p>"The TTL value of the corrupted DNS record was one week."<p>For a parking page? <i>Who</i> would do that?
<i>we cannot call every single internet provider around the world and ask them to drop DNS record from cache</i><p>Google allows users to flush a record from their cache <a href="https://developers.google.com/speed/public-dns/cache" rel="nofollow">https://developers.google.com/speed/public-dns/cache</a> which is better than nothing, especially if you use Google's resolvers on your servers.
One semi-solution to that (which would have made the problem almost invisible to any webpage visitors) would be to only serve the script over HTTPS. Presumably the domain parking page was not using a cert that matched "cdn.qbaka.net", so a browser would fail to download anything due to a cert mismatch.