My workaround for this was to add a TXT record for *.mydomain.com that just returns a string like "Unused". This seems to stop them from hijacking any subdomains, and it's not an A record so undefined subdomain names do not resolve, just like if you had not defined them in the first place.
(Workaround shouldn't be necessary of course, but this kind of bullshit is par for the course with cheap hosting companies.)
example.com isn't just better: it's actually specified in RFC 2606 as one of the domains "reserved for use in private testing, as examples in documentation, and the like."
While it is probably not relevant for must users, there is a subtle difference between "There exists no A record for x.example.com" and "There is no x.example.com".
A workaround for this is to make *.example.com a CNAME for something.invalid. ".invalid" is a reserved TLD guaranteed not to exist so this should force all queries for non-existent domains to come back with NXDOMAIN.
I'm with gandi, there's a few things I don't like but overall they've been super stable with very little headaches. I think in the 3+ years I've been with them I've had one slight issue that was dealt with in <24 hours.
I typically just do a *.example.com @A record to the IP address, works just as well and would fix the specific problem in the link (unless he's worried about having to extract individual subdomains to go separate places later).
As an anecdotal counterpoint, I'm an extremely happy Name.com customer. I transfered several domains to them a year or so ago from GoDaddy. They support two-factor authentication, their interface is uncluttered, I pay them less money than I paid GoDaddy, and I haven't had a single issue. I would highly recommend them to anyone looking for a registrar.
That being said, I don't use them for DNS. If this is a feature of their nameservers, I do find it strange that they don't offer a way to opt out (other than using alternative nameservers).
I am still an incredibly happy Name.com customer and would recommend them as a registrar to anyone who asks. I just would point them somewhere else for DNS hosting.
In my case all of my domains are on name.com (and I haven't had a problem with them so far either); for my smaller personal sites the DNS is managed by my shared hosting provider and for others Route 53.
The hosting companies I've used (eg: Linode, Dreamhost for smaller projects) all provide DNS services. I trust them to manage a DNS infrastructure more than I trust myself.
I don't quite understand why people have this allergy to running their own DNS. If you just want a single text file and don't need anything major, dnsmasq will serve records out of /etc/hosts. Slightly up the chain in terms of power, MaraDNS lets you use a text file, and finally there's PowerDNS (which I use) lets you use SQL databases, embed Lua, or read from a pipe. (Being able to use a regular RDBMS is nice for things like writing a little cron job to do your own dynamic DNS, or doing self-service hosting for people.)
If you've never done it, it is a couple of hours of reading and fiddling, but very quick if you have set up DNS before. I'm actually a bit curious about why people (even some sysadmins!) tend to spend time clicking on some clunky web interface to update records manually when it's actually easier to do it yourself. (Mail servers, on the other hand...)
A bit surprised not to see Bind mentioned here, as it's a kind of an industry standard.
Personally, I got Bind installed on all my machines, both for DNS zones and resolving. The only exception is my phone, and that is only because I couldn't find a package for it.
For those that do not want to deal with config files, there is also GUIs like gadmin-bind.
name.com is very usable and otherwise handy; I don't like this policy, but I wouldn't wish GoDaddy on my worst enemy.
(OK, maybe I would)
EDIT: I really don't understand your thinking; I am the opposite. I respect name.com for being forward about it and not acting like a politician (treating me like a child).
> I really don't understand your thinking; I am the opposite. I respect name.com for being forward about it and not acting like a politician (treating me like a child).
I respect them for sharing their reasons. I think it is professional.
My issue is two fold:
- This kind of activity "breaks the internet" on the purest sense possible. It is against spec' for a very good reason, IT IS STUPID. Going to a null domain should give you a null reply. It breaks software and it breaks user's expectations (e.g. if you hit that page because you typo-ed the domain you might assume the domain has gone out of business or been "hacked").
- Their work-around(s) are silly. They are essentially "then use someone else" or "register every single possible sub-domain." No opt-out.
They might be very good at business and marketing but they fail on every technological ground you can fail. Someone who fails that badly at understanding the internet isn't someone I want running my DNS of all things...
> - Their work-around(s) are silly. They are essentially "then use someone else" or "register every single possible sub-domain." No opt-out.
"Use someone else" is the opt-out, whether you take it to mean "use another registrar" or use "other, non-gratis DNS services.
Your other option is to use a wildcard, as I think you understand (though your "register every single possible sub-domain" is a bit misleading).
This behavior sucks, but if it's something that bothers you, you're probably the type that should be using a better DNS provider, anyways. That said, I'm a happy customer of name.com.
Even worse; their customer agreement seems to indicate that you are responsible for the content. They also refuse to turn it off if you send them an email. What a shitty little company to be inflicting this on their customers.
I'm in the process of switching to gandi.net. It's not as cheap as name.com (3 dollars difference...), but their DNS service seems really topnotch. Also, they're open to acting as a secondary DNS server and mirroring my own NS via AXFR, which is pretty nice.
I'm using gandi, as you say prices are a bit more expensive but I have had no problems so far. Their admin UI is even bearable, which is almost worth the cost alone!
I LOVE Route53, it is just expensive. At least compared to other similar services (e.g. ZoneEdit). Route53 is basically $1/month/domain - most other services can match or beat that.
It's really not that hard to run your own nameserver. While I obviously disagree with what they're doing, I think you should have been running your own in the first place.
If your server falls off of the net your DNS goes boom too and you have no shot of redirecting people to a landing page or similar "oh shit" activities.
Now you could re-point your nameserver records but in my experience that takes longer to propagate than a new A record with a short TTL.
ZoneEdit now charge. They grandfathered old users in at a free tier (first 5?) but now all new users have to pay either $1/month/domain or less if you buy a lot of "credits."
As i haven't seen them mentioned before in this thread i'll mention http://freedns.afraid.org/ - While i don't have any current experience, i've used them a few years back and they've also been top notch... Only downside is their interface which is showing its age...
It's really not hard at all. I wrote a blog post about my setup a few months ago[1]. To summarize: djbdns + a few VPS instances which can be very tiny + puppet.
The wildcard fix is annoying when you have everything on SSL but don't want to handle a wildcard cert[1]. When someone typos https://foo.example.com I'd like the UX to be a browser's "could not connect to server" error, not "this site is untrusted, run away as fast as you can".
--
[1] IMO, the use of wildcard certs is a dangerous practice[2] made obsolete by SNI.
[2] If the cert gets stolen from one server, the thief can impersonate any server on that domain.
Given that no means currently exists to safely hand out a certificate for example.org that can in turn sign separate certificates for arbitrary foo.example.org subdomains, some sites still need wildcards. If you hand customers their own subdomain, and you automatically mint new customer subdomains when new customers sign up, you can't get a separate CA certificate for each one even if SNI does work; you really do need a wildcard for that.
yes, you can enter a wildcard record yourself, and that will override the name.com wildcard. Is it irritating that they do that? Sure. Should they be doing? probably not. But it does have a pretty simple fix.
Personally, I use a third-party dns service. Seen too many registrars play with DNS. Don't know why anyone would trust them.
I don't know about you, but i give everyone the benefit of doubt and unless someone violates this trust, i'd think most people do too.
Also, at least i tend to think of registrars as some kind of neutral entity that i, indeed, can trust - guess there are some exceptions to the rule.
How many years and years of abuse has it taken for people to notice what GoD*ddy has been doing all that time and finally cause some sort of mass-defect to other registrars..
Hopefully, the level of tolerance for this behavior is of an all-time low so registrars simply can't afford to abuse the trust of their customers any longer.
"I don't know about you, but i give everyone the benefit of doubt and unless someone violates this trust, i'd think most people do too."
True.. and I used to trust registrars to manage my DNS.. but over the years, this is at least the 3rd or 4th time this has happened with a registrar I am on (yes, I have domains at name.com).
Since I don't have time to interrogate every registrars DNS server when I sign up, I just assume it's useless these days. + I end up having to pay for a DNS service anyway, to avoid the bad registrars DNS.. so it's easier to use a single DNS service for all of the domains.
This is what happened. For example, I previously gave Name.com the benefit of the doubt and sent them an email asking them to fix the issue. They did not, so now I mention this every time I see their service mentioned. They are scum just like GoDaddy but on a lower scale.
FWIW I run DNS hosting service SlickDNS (https://www.slickdns.com/) and hijacking non-existent subdomains is a non-feature. It's free for personal use for 2 domains and paid plans start at $10/month.
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, webmaster@destructuring.net and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
Thanks. That was my post. Sad to see others have dealt with this before. I went through their TOS, and there's no way in hell their "Parked Domains" clause is applicable to DNS failovers. What they are doing is just totally wrong. I wrote a second post about it as an Open Letter to them here : http://www.destructuring.net/2013/02/28/an-open-letter-to-na...
I caught Hover.com doing something similar[1] a couple of years ago. They were adding forwards not for subdomains but paths of the root domain. I actually switched to Name.com for this very reason, troubling to see another pulling this stuff.
I moved quite a few domains to Hover within the last 2 months. I went and immediately checked the forwards section after reading your comment. Thankfully, there are ZERO forwards setup. I'm guessing they stopped pre-configuring example forwards for demonstration purposes.
They did. I use Hover now, and while they still have a dumb landing page for unused subdomains (which I disable immediately on first login), they aren't doing the forwards by default.
All domain names registered via Name.com will automatically be provided a Parked Domain Service. All domains will default to our name servers unless and until you modify your default settings. At any time, you may disable the placeholder page by updating, modifying or otherwise changing the name servers for the relevant domain name.
Domain names using our Parked Domain Service may display a placeholder page for your future website. These placeholder pages may include contextual and/or other advertisements for products or services. Name.com will collect and retain any and all revenue acquired from these advertisements, and you will have no right to any information or funds generated via the Parked Domain Service.
You agree that we may display our logo and links to our website(s) on pages using the Parked Domain Service.
Name.com will make no effort to edit, control, monitor, or restrict the content displayed by the Parked Page Service. Any advertising displayed on your parked page may be based on the content of your domain name and may include advertisements of you and/or your competitors. It is your responsibility to ensure that all content placed on the parked page conforms to all local, state, federal, and international laws and regulations.
It is your obligation to ensure that no third party intellectual or proprietary rights are being violated or infringed due to the content placed on your parked page. Neither Name.com nor our advertising partners will be liable to you for any criminal or civil sanctions imposed as a direct or indirect result of the content or links (or the content of the websites to which the links resolve) displayed on your parked pages.
As further set forth above, you agree to indemnify and hold Name.com and its affiliated parties harmless for any harm or damages arising from your use of the Parked Domain Service.
I posted about this almost two years ago (http://news.ycombinator.com/item?id=2443710) ... I am eagerly looking forward to DNSimple (http://dnsimple.com) entering the market as their own registrar (instead of reselling enom). Their founder has said that is a high priority goal for them this year which will immediately make them the registrar and DNS provider for all of my domains.
I ran into the same issue several years ago. Now I actively recommend against name.com because of this practice, which I consider very dodgy. Their support was unable to provide any real resolution to this and so I moved elsewhere. On recollection, I should have asked for my money back. Not for the meaningful amount that it cost, but to highlight how stupid this practice is. I'd encourage anyone with name.com to do the same as a form of protest.
A previous series of support emails:
--
I own the joshka.net domain registered with name.com.
When I attempt to resolve a subdomain that does not exist I expect this to
return a NXDOMAIN result.
Instead, the name.com name servers return an IP address of spammers.
How can I setup my account to return NXDOMAIN for this domain?
--
Hello Joshua,
I have set your domain to a wildcard 'A' record, that accepts any
subdomain, and points it to your hosting IP address. I ran a 'dig' [ping]
command on 'stuff.joshka.net' as a test, please see the results below:
--
I think we have a slight misunderstanding. I do not want a wildcard A record
(and have removed the record that was setup).
Resolving any subdomain that I have not explicitly created a DNS record
should return a NXDOMAIN result.
This expectation is in line with ICANN's memorandum titled "Harms and
Concerns Posed by NXDOMAIN Substitution (DNS Wildcard and Similar
Technologies) at Registry Level" at
http://www.icann.org/en/announcements/announcement-2-24nov09...
Providing this default wildcard service where it is not requested or
required is a disservice. I can't imagine why I would want or need this.
--
Hello Joshua,
I apologize for the misunderstanding with the wildcard DNS record. We have had multiple customers request this in the past, and this feature was used with success in those cases. I have consulted our management team to see if there is a different option that we can provide you. Please look for a response concerning this issue tomorrow.
--
Thanks Elicia,
I'll look forward to hearing from you.
It's not the wildcard DNS itself that I couldn't see the use of. I
understand why that would be useful in narrow situations.
What I don't understand is why name.com provide the default wildcard A
record redirecting to a site full of advertising. I don't know how this
would be useful to any business or entity that does not want to use wildcard
subdomains of their own.
I understand that section 19 of the registration agreement seems to cover
this use of wildcards (though the wording is fairly vague), but it also
states "At any time, you may disable the placeholder page by updating,
modifying or otherwise changing the name servers for the relevant domain
name."
--
Thanks for getting back with us. Yes you are correct, by changing the DNS or name servers for this domain, it will no longer point to the parking page.
I have discussed all options for allowing this wording to show, with our support management team, and the systems administration group. We sincerely apologize, however our DNS servers are not able to show the 'nxdomain' that you mentioned.
This option is possible should you wish to use your own custom name servers for this domain. Should you wish to setup your own name servers, here are instructions for registering these name servers from within your Name.com account
Well domain.com uses 'parked' domains to ear themselves advertising dollars until you 'use' them so it seems most domain registrars are in on the 'racket'.
This is generally why I stay clear of using the "free DNS" provided by registrars. But then again, they can still be more reliable than hosting your own.
A bit off topic, but I used to work for a company called NAME that had the name.com domain. They went out of business in the dot com bust of 2001, and I guess the domain got sold. I can't see name.com without thinking of that.
I'm building a registrar we'd want to use. I'd like to hear a list of "love to haves" for people interested in the project. Try out what I have so far http://nametagup.com/
I actually just ran into this. I had a client forget to add a www CNAME record, so they thought the site was "hacked" when they added the www to their domain and got this parked site. Luckily, it's not a cached record, so when we fixed it, DNS servers started finding the right record immediately.
(Workaround shouldn't be necessary of course, but this kind of bullshit is par for the course with cheap hosting companies.)