Tell HN: Network Solutions Is a Scam
My uncle has been paying 60+ dollars PER YEAR to renew his domain for the past three years on Network Solutions.
Told him that's basically a scam and transferred him to cloudflare: ~8 per year.
They also did whatever they could to stop me from transferring, including taking forever to send transfer codes and making it hard to send it in the first place.
Screw that site.
28 comments
[ 2.5 ms ] story [ 59.5 ms ] threadThat's...interesting
Thanks!
And yes, I know those who swear by them (and their workers, and storage, etc)
But they provide zero security with DNS - I had someone try to hijack a couple of my domains' DNS a while back
Fortunately, my registrar had decent security, and they weren't able to transfer the domains and completely change DNS entries for them
But Cloudflare'll let anyone register an account and start setting up DNS entries - whether you own the domains or not
I don't really get what Cloudflare did wrong here. Someone tried to transfer your domain name and your registra blocked it because you hadn't authorised it, what exactly was the problem?
Not a shill for them or anything, but I don't really understand what you're expecting them to do differently to everyone else.
Whomever was trying to steal access to my domains was trying to overrule the authoritative status of my registrar's DNS servers
As you mentioned in your other comment though, which you hadn't mentioned previously, cloudflare's DNS resolver started using their records before they'd actually received control of the domain (which was of course rejected). That's really bad and surprising, but allowing someone to setup DNS records for a domain name isn't a problem and is required in some situations for DNS migrations.
That happens
Activating said DNS record when you have no authority to do so?
That's bad
Very bad
Cloudflare refused to engage with the problem, offloading their legal responsibility (for enabling theft and fraud) onto me - the domain registrant
As it was, for a few days (because Cloudflare's developed a reputation of being "trustworthy"), my domains mostly didn't resolve - and not just for people who use Cloudflare's public DNS resolver
I, for one, am not OK with Cloudflare enabling this kind of fraud
Right this makes total sense as to why you're frustrated with them, I would be to. From what you'd said previously it sounded like you were annoyed they wouldn't take responsibility for something they're not the registra for which seemed a bit unfair on them. If they actually started diverting traffic in some way before the transfer had been rejected then that's pretty bad.
They did
And continued to do so for ~1 week until I was able to claim back the fraudulent account (thankfully the scamsters had used a real email associated with me (but not with the domains, oddly enough), so I was eventually able to enable 2fa on it and shut it down
For what it's worth, if you see registrars charging less than $10-15/yr/tld varies by TLD then they are making their money from their customers by up-selling other services. All of the registrars are obligated to pay a non-negotiable base fee per domain based on the TLD.
I am not a lawyer but have dealt with dozens of registrars in the US and EU. When moving domains and getting unlock codes, always do this on the phone with their customer support team. Log names and ticket numbers. If they stall or push back, tell them you need the name of their legal council for your legal team to reach out to. Also give them your ticket number to add to the case. (fictitious is ok, just make up a JIRA number). Do this without any emotion. If they say this is not a business account, mention that it is a legacy account being wrapped up into a new account. At the same time and less likely to be effective path but very likely to get their attention would be to start the process of removing their registrar accreditation, especially if you have many people in a similar situation.
Isn’t the base fee like $1-2? Did it really go up to $10?
So that’s $8, plus credit card fees of ~$0.30 and their own hosting, ICANN fixed costs, etc.
I would say $8.50 is almost definitely below break, and $9-10 probably so.
That should be illegal. (I have not bothered testing if their system still does this)
What would be their overhead for doing that? Seems like it's something that could be fun to subvert until they stop (e.g. do lookups of UUIDs in a loop).