92 comments

[ 3.1 ms ] story [ 157 ms ] thread
It's really not that hard to run your own nameserver. While I obviously disagree with what they're doing, I think you should have been running your own in the first place.
Why bother? ZoneEdit works great. I've been using them for, geez, over 15 years I think.
ZoneEdit now charge. They grandfathered old users in at a free tier (first 5?) but now all new users have to pay either $1/month/domain or less if you buy a lot of "credits."
I'm still sad that they discontinued their free tier. It was awesome..just like google apps was awesome.

:(

As i haven't seen them mentioned before in this thread i'll mention http://freedns.afraid.org/ - While i don't have any current experience, i've used them a few years back and they've also been top notch... Only downside is their interface which is showing its age...
Easy but for single-server setups also silly.

If your server falls off of the net your DNS goes boom too and you have no shot of redirecting people to a landing page or similar "oh shit" activities.

Now you could re-point your nameserver records but in my experience that takes longer to propagate than a new A record with a short TTL.

I take the opposite viewpoint: if the machine is down, I wouldn't be able get to the machine anyway even if DNS was working, so I don't care.
Can't you just do a CNAME entry with a wildcard pointing to your primary domain?
yes, you can enter a wildcard record yourself, and that will override the name.com wildcard. Is it irritating that they do that? Sure. Should they be doing? probably not. But it does have a pretty simple fix.

Personally, I use a third-party dns service. Seen too many registrars play with DNS. Don't know why anyone would trust them.

>> Don't know why anyone would trust them.

I don't know about you, but i give everyone the benefit of doubt and unless someone violates this trust, i'd think most people do too.

Also, at least i tend to think of registrars as some kind of neutral entity that i, indeed, can trust - guess there are some exceptions to the rule.

How many years and years of abuse has it taken for people to notice what GoD*ddy has been doing all that time and finally cause some sort of mass-defect to other registrars..

Hopefully, the level of tolerance for this behavior is of an all-time low so registrars simply can't afford to abuse the trust of their customers any longer.

"I don't know about you, but i give everyone the benefit of doubt and unless someone violates this trust, i'd think most people do too."

True.. and I used to trust registrars to manage my DNS.. but over the years, this is at least the 3rd or 4th time this has happened with a registrar I am on (yes, I have domains at name.com).

Since I don't have time to interrogate every registrars DNS server when I sign up, I just assume it's useless these days. + I end up having to pay for a DNS service anyway, to avoid the bad registrars DNS.. so it's easier to use a single DNS service for all of the domains.

This is what happened. For example, I previously gave Name.com the benefit of the doubt and sent them an email asking them to fix the issue. They did not, so now I mention this every time I see their service mentioned. They are scum just like GoDaddy but on a lower scale.
The wildcard fix is annoying when you have everything on SSL but don't want to handle a wildcard cert[1]. When someone typos https://foo.example.com I'd like the UX to be a browser's "could not connect to server" error, not "this site is untrusted, run away as fast as you can".

--

[1] IMO, the use of wildcard certs is a dangerous practice[2] made obsolete by SNI.

[2] If the cert gets stolen from one server, the thief can impersonate any server on that domain.

Given that no means currently exists to safely hand out a certificate for example.org that can in turn sign separate certificates for arbitrary foo.example.org subdomains, some sites still need wildcards. If you hand customers their own subdomain, and you automatically mint new customer subdomains when new customers sign up, you can't get a separate CA certificate for each one even if SNI does work; you really do need a wildcard for that.
Bluehost puts ads on subdomains and directories that you haven't set up yet.
I caught Hover.com doing something similar[1] a couple of years ago. They were adding forwards not for subdomains but paths of the root domain. I actually switched to Name.com for this very reason, troubling to see another pulling this stuff.

[1]http://matthewphillips.info/posts/no-thanks-hover.html

At the end of the post you say you fully believe their explanation (that those are added as forwarding examples on new accounts). Which one is it?
What do you mean? I believed their explanation but wanted to leave anyways. I don't want them redirecting my domains regardless of intent.
I moved quite a few domains to Hover within the last 2 months. I went and immediately checked the forwards section after reading your comment. Thankfully, there are ZERO forwards setup. I'm guessing they stopped pre-configuring example forwards for demonstration purposes.
They did. I use Hover now, and while they still have a dumb landing page for unused subdomains (which I disable immediately on first login), they aren't doing the forwards by default.
The more stories like this I read the happier I am that I use a paid service (Route 53).
dnsmadeeasy is a fine service too.
I LOVE Route53, it is just expensive. At least compared to other similar services (e.g. ZoneEdit). Route53 is basically $1/month/domain - most other services can match or beat that.
Even worse; their customer agreement seems to indicate that you are responsible for the content. They also refuse to turn it off if you send them an email. What a shitty little company to be inflicting this on their customers.
Some previous discussion on this issue (almost 2 years ago):

http://news.ycombinator.com/item?id=2443710

I'll say the same thing I said then:

As an anecdotal counterpoint, I'm an extremely happy Name.com customer. I transfered several domains to them a year or so ago from GoDaddy. They support two-factor authentication, their interface is uncluttered, I pay them less money than I paid GoDaddy, and I haven't had a single issue. I would highly recommend them to anyone looking for a registrar.

That being said, I don't use them for DNS. If this is a feature of their nameservers, I do find it strange that they don't offer a way to opt out (other than using alternative nameservers).

I am still an incredibly happy Name.com customer and would recommend them as a registrar to anyone who asks. I just would point them somewhere else for DNS hosting.

May I ask where do you do your DNS hosting ? Do you host it yourself ? Or do you use a third party ?
for domains I'm actively using, I use Route53. For domains I'm not actively using, I don't mind name.com is parking.
For anyone who doesn't want to park inactive domains, you can just remove a domain's nameservers, and users will just get a DNS error. (NXDOMAIN)
I didn't mind name.com parking my domains either.

I do mind the idea of them treating ever possible 3LD as a parked domain, when my domain is not parked (and configured using their Name Servers).

The hosting companies I've used (eg: Linode, Dreamhost for smaller projects) all provide DNS services. I trust them to manage a DNS infrastructure more than I trust myself.
I don't quite understand why people have this allergy to running their own DNS. If you just want a single text file and don't need anything major, dnsmasq will serve records out of /etc/hosts. Slightly up the chain in terms of power, MaraDNS lets you use a text file, and finally there's PowerDNS (which I use) lets you use SQL databases, embed Lua, or read from a pipe. (Being able to use a regular RDBMS is nice for things like writing a little cron job to do your own dynamic DNS, or doing self-service hosting for people.)

If you've never done it, it is a couple of hours of reading and fiddling, but very quick if you have set up DNS before. I'm actually a bit curious about why people (even some sysadmins!) tend to spend time clicking on some clunky web interface to update records manually when it's actually easier to do it yourself. (Mail servers, on the other hand...)

A bit surprised not to see Bind mentioned here, as it's a kind of an industry standard.

Personally, I got Bind installed on all my machines, both for DNS zones and resolving. The only exception is my phone, and that is only because I couldn't find a package for it.

For those that do not want to deal with config files, there is also GUIs like gadmin-bind.

Sorry for the omission; I think Bind is actually a bit tricky to configure by comparison to the other three mentioned.
In my case all of my domains are on name.com (and I haven't had a problem with them so far either); for my smaller personal sites the DNS is managed by my shared hosting provider and for others Route 53.
Check out CloudFlare, they provide some great DNS services with some added bonuses.
My workaround for this was to add a TXT record for *.mydomain.com that just returns a string like "Unused". This seems to stop them from hijacking any subdomains, and it's not an A record so undefined subdomain names do not resolve, just like if you had not defined them in the first place.

(Workaround shouldn't be necessary of course, but this kind of bullshit is par for the course with cheap hosting companies.)

Just fyi, mydomain.com is a real domain, example.com is better to use for illustrative purposes.
Amusingly mydomain.com is a domain registrar. I wonder how many people stumble upon it by accident.
example.com isn't just better: it's actually specified in RFC 2606 as one of the domains "reserved for use in private testing, as examples in documentation, and the like."
This is a good workaround, and I am voting you up in the hopes that others see it.
Confirmed to work with name.com

Before: Parked page After: Bing search (thanks IE)

While it is probably not relevant for must users, there is a subtle difference between "There exists no A record for x.example.com" and "There is no x.example.com".
A workaround for this is to make *.example.com a CNAME for something.invalid. ".invalid" is a reserved TLD guaranteed not to exist so this should force all queries for non-existent domains to come back with NXDOMAIN.
A workaround? As opposed to simply switching registrars with something decent?
yeah, the best workaround is namecheap.com
I don't like being with resellers.
What do you think of http://en.gandi.net/ guys? I'm on name.com as well but this thing is really bugging me.
I'm with gandi, there's a few things I don't like but overall they've been super stable with very little headaches. I think in the 3+ years I've been with them I've had one slight issue that was dealt with in <24 hours.
I typically just do a *.example.com @A record to the IP address, works just as well and would fix the specific problem in the link (unless he's worried about having to extract individual subdomains to go separate places later).
This applies to customers of DomainSite too (same company). Annoying, as they've been really good otherwise for many years.
Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@destructuring.net and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.

By default, every 404 page hosted with HostGator puts an advertisement for HostGator hosting on your site.
That's only shared hosting though I would think.
Name.com is surprisingly open about this spammy practice, and even highlights methods for circumventing it:

http://www.name.com/blog/general/domains/2012/01/pro-tip-how...

Of course, it would be better for them to simply charge a bit more and get rid of it altogether, especially since it breaks standards.

I am boycotting Name.com so hard right now. Actually they just jumped ABOVE GoDaddy on my boycott list. At least GoDaddy said sorry and pretended.

Still using NameCheap here.

name.com is very usable and otherwise handy; I don't like this policy, but I wouldn't wish GoDaddy on my worst enemy.

(OK, maybe I would)

EDIT: I really don't understand your thinking; I am the opposite. I respect name.com for being forward about it and not acting like a politician (treating me like a child).

> I really don't understand your thinking; I am the opposite. I respect name.com for being forward about it and not acting like a politician (treating me like a child).

I respect them for sharing their reasons. I think it is professional.

My issue is two fold:

- This kind of activity "breaks the internet" on the purest sense possible. It is against spec' for a very good reason, IT IS STUPID. Going to a null domain should give you a null reply. It breaks software and it breaks user's expectations (e.g. if you hit that page because you typo-ed the domain you might assume the domain has gone out of business or been "hacked").

- Their work-around(s) are silly. They are essentially "then use someone else" or "register every single possible sub-domain." No opt-out.

They might be very good at business and marketing but they fail on every technological ground you can fail. Someone who fails that badly at understanding the internet isn't someone I want running my DNS of all things...

> - Their work-around(s) are silly. They are essentially "then use someone else" or "register every single possible sub-domain." No opt-out.

"Use someone else" is the opt-out, whether you take it to mean "use another registrar" or use "other, non-gratis DNS services.

Your other option is to use a wildcard, as I think you understand (though your "register every single possible sub-domain" is a bit misleading).

This behavior sucks, but if it's something that bothers you, you're probably the type that should be using a better DNS provider, anyways. That said, I'm a happy customer of name.com.

Using a different nameservice provider only treats the symptom. Name.com is still breaking the internet with this practice.
Switched from godaddy to namecheap for my 20+ domains a couple years ago. I couldn't be happier.
Second on namecheap. I use them for all my domains and they don't do any wildcard routing.
Well domain.com uses 'parked' domains to ear themselves advertising dollars until you 'use' them so it seems most domain registrars are in on the 'racket'.
Thanks. That was my post. Sad to see others have dealt with this before. I went through their TOS, and there's no way in hell their "Parked Domains" clause is applicable to DNS failovers. What they are doing is just totally wrong. I wrote a second post about it as an Open Letter to them here : http://www.destructuring.net/2013/02/28/an-open-letter-to-na...
This is generally why I stay clear of using the "free DNS" provided by registrars. But then again, they can still be more reliable than hosting your own.
I ran into the same issue several years ago. Now I actively recommend against name.com because of this practice, which I consider very dodgy. Their support was unable to provide any real resolution to this and so I moved elsewhere. On recollection, I should have asked for my money back. Not for the meaningful amount that it cost, but to highlight how stupid this practice is. I'd encourage anyone with name.com to do the same as a form of protest.

A previous series of support emails:

--

I own the joshka.net domain registered with name.com. When I attempt to resolve a subdomain that does not exist I expect this to return a NXDOMAIN result. Instead, the name.com name servers return an IP address of spammers.

How can I setup my account to return NXDOMAIN for this domain?

--

Hello Joshua,

I have set your domain to a wildcard 'A' record, that accepts any subdomain, and points it to your hosting IP address. I ran a 'dig' [ping] command on 'stuff.joshka.net' as a test, please see the results below:

--

I think we have a slight misunderstanding. I do not want a wildcard A record (and have removed the record that was setup). Resolving any subdomain that I have not explicitly created a DNS record should return a NXDOMAIN result. This expectation is in line with ICANN's memorandum titled "Harms and Concerns Posed by NXDOMAIN Substitution (DNS Wildcard and Similar Technologies) at Registry Level" at http://www.icann.org/en/announcements/announcement-2-24nov09... Providing this default wildcard service where it is not requested or required is a disservice. I can't imagine why I would want or need this.

--

Hello Joshua,

I apologize for the misunderstanding with the wildcard DNS record. We have had multiple customers request this in the past, and this feature was used with success in those cases. I have consulted our management team to see if there is a different option that we can provide you. Please look for a response concerning this issue tomorrow.

--

Thanks Elicia, I'll look forward to hearing from you. It's not the wildcard DNS itself that I couldn't see the use of. I understand why that would be useful in narrow situations. What I don't understand is why name.com provide the default wildcard A record redirecting to a site full of advertising. I don't know how this would be useful to any business or entity that does not want to use wildcard subdomains of their own.

I understand that section 19 of the registration agreement seems to cover this use of wildcards (though the wording is fairly vague), but it also states "At any time, you may disable the placeholder page by updating, modifying or otherwise changing the name servers for the relevant domain name."

--

Thanks for getting back with us. Yes you are correct, by changing the DNS or name servers for this domain, it will no longer point to the parking page. I have discussed all options for allowing this wording to show, with our support management team, and the systems administration group. We sincerely apologize, however our DNS servers are not able to show the 'nxdomain' that you mentioned.

This option is possible should you wish to use your own custom name servers for this domain. Should you wish to setup your own name servers, here are instructions for registering these name servers from within your Name.com account

<snip>

DNS aside, Name.com is one of the only registrars I know of with reasonable security practices.

They support two-factor auth (almost no one else does), and have nicely scoped cookies (HTTP only, Secure flag, etc.).

The irony is that their actions can in fact make cookies their customers are using for their sites invulnerable.
I don't understand what you are saying ? Is it that there is a security issue arising from the DNS hijacking ? If so what's the issue ?
Say you set a session cookie that spans multiple subdomains (cookie domain = `.example.com`).

Now, if one of your authenticated users visits the wrong subdomain, they are directed to a server of name.com's choice.

That server now has access to your user's session ID (using Javascript or PHP or whatever to read the cookie).

invulnerable? You mean "vulnerable", right?
Yeah, I meant vulnerable. My bad. :-)

Thanks for the correction.

FWIW I run DNS hosting service SlickDNS (https://www.slickdns.com/) and hijacking non-existent subdomains is a non-feature. It's free for personal use for 2 domains and paid plans start at $10/month.
I actually just ran into this. I had a client forget to add a www CNAME record, so they thought the site was "hacked" when they added the www to their domain and got this parked site. Luckily, it's not a cached record, so when we fixed it, DNS servers started finding the right record immediately.
I'm in the process of switching to gandi.net. It's not as cheap as name.com (3 dollars difference...), but their DNS service seems really topnotch. Also, they're open to acting as a secondary DNS server and mirroring my own NS via AXFR, which is pretty nice.
I've been using them for a year or so. They're much better than any other registrar I've used before, and so far have stayed true to their slogan - "no bullshit".
I'm using gandi, as you say prices are a bit more expensive but I have had no problems so far. Their admin UI is even bearable, which is almost worth the cost alone!
I'm building a registrar we'd want to use. I'd like to hear a list of "love to haves" for people interested in the project. Try out what I have so far http://nametagup.com/
I love name.com but I find this irritating enough that I plan to find another provider unless they fix this.
I was not aware of this. Adblock just showed me a blank page.
wow Subdomains? That is pretty low.
I have never used name.com but I mainly use hover.com and namecheap.com - never had bad experiences with them or register.com either.

GoDaddy is the absolute devil though. We all know that.