I *hate* verisign with a passion; not just as an end-user dealing with their crappy support, etc, but also due to their business practices, SUCH as adding the wildcard A record for any domain that doesn't resolve. This is going to break so many things, I can't wait to see what happens to them.

At any rate, I've implemented OpenSRS in the past and like it very much. So, my recommendation goes out to any of the OpenSRS resellers. You can also go to http://www.domaindirect.com/ directly (TuCow's own domain reseller company).

-Chris

I've used http://active-domain.com for a couple of registrations for some friends. They are dirt cheap but their DNS management stuff is pretty simplistic. If you just want someone to be your registrar, they are fine. Then you can have your DNS hosted by http://zoneedit.com, whom I have found to be excellent.

Oh yeah, and I'd recommend staying away from register.com. I unfortunately have them as my registrar and I find that their tools for managing your domain don't work very well. I've tried to change my contact information several times and have it fail to take effect. I've opened support tickets with them about this issue and they never seem to get it right. I've given up. I wouldn't use them again.

You may wish to sign this:
http://www.petitiononline.com/icanndns/

Hey James, thanks for the link, I'm reading it now. As for my plan, yes it's one of those. I have the $6.95 Domain Registration plan. Was I too cheap for my own good?

I wouldn't worry about it too much. At the basic level, all registrars provide the same service, registering your domain. I'm the type of person that doesn't trust any internet company that wants to "help" me set things up, so I'd suggest you get an account at one of the free DNS hosting companies. Then use your linode to host http and mail servers. That way you have control over your domain. http://www.tldp.org/ has HOWTOs for just about everything. If they don't answer your questions, post them here.

--James

Some ISPs are already doing this. So now how can you tell if you mistyped the url, or the site is down. This problem applies to all dns-enabled services.

Email is a Hugh one (at least for me)..
- A user mistypes a domain in an email
- the mail server then finds the above A record for the non-existent domain (or, what should be nxdomain)
- and thus tries delivering mail to the above site (sitefinder-idn.verisign.com for now)
- it cannot connect to the site because it's being dos'd, your isp is blocking it, you're blocking it, for whatever reason it just can't contacted it
- it then queues the message for later delivery instead of bouncing back to the user right away saying that the domain does not exist
- it now takes up to a week for the user to realize they simply mistyped the email address
..unless you mail server can actually connect to the ip they are providing, which is currently running

#!/bin/sh
echo "220 snubby2-wcwest Snubby Mail Rejector Daemon v1.3 ready"
read
echo "250 OK"
read FROM
echo $FROM >> /var/log/suckers
echo "250 OK"
read
echo "550 User domain does not exist."
read
echo "250 OK"
read
echo "221 snubby2-wcwest Snubby Mail Rejector Daemon v1.3 closing transmission channel
Connection closed by foreign host."
exit

(hope I dont get sued for sharing their source!) then your message will get bounced right away (well, if the above actually works with your mail server) and VeriSign makes off with your enduser's email addresses! and if they feel like it, the message body as well.

It's easy to see how the above would cause rare problems for your endusers. Now, instead of it being a legit message going to a non-existing domain, image it being spam that your server is trying to bounce back to a non-existent domain (common with spam). Normally it'd "double-bounce" it (a bounced bounce) and toss the message, but now it takes a week or so for this double-bounce to happen. All of these message waiting to double-bounce are sitting in your queue, this could be hundreds, it could be tens of thousands depending on how much traffic you get.

The good people who make qmail-ldap released patches for qmail that handle this by comparing the returned address with the address that is returned from a wildcard lookup of the same tld.
There is a patch for dnscache. You provide it a list of ips that it should ignore. The problem is that this list can change. You could of course write a script to run once an hour and update this list. The positive is that it doesn't generate the extra lookups that the bind patch will (at least that's my understanding).

This is my problem with VeriSign, they didn't just create a "site-finder" to help lost users, in practice they changed how dns works, thus forcing everyone else to work around it.

Hehe, sorry this turned out to be a rant.

Kenny

I've read the relevant document (I think) at the site, but I'm still confused (I don't think I'm quite ready for all of this knowledge yet, so I'm trying to get the basics of what I need and then I'll extend from there.)

So, I'm on Hostway.com, and in their control panel, as far as I can tell, these are the only relevant entries which I can change:

Primary DNS Hostname: a.dns.hostway.net
Secondary DNS Hostname: b.dns.hostway.net
Third DNS Hostname (optional):
...
Sixth DNS Hostname (optional):

and then Domain name forwarding...

Forward all requests for http://www. site>.com to:

I of course, have my IP with linode. I would like to get it so that when you type in www.mydomainname.com, it goes to my site. Pretty simple. From reading, it seems I want to edit the "A record". But there doesn't seem to be an option for that with Hostway. There is this domain forwarding thing, but from the how-to document it seems that it's a different thing than editing the A record. Should I settle for just editing the domain forwarding address?

Secondly, I am running a mail server (qmail) and I don't understand what I will enter in my mail client (remotely) to check my email. I'd like it to be something like mail.mydomain.com. Intuitively, it seems that anything with mydomain.com should be directed to my linode, and then if it's www it knows to use my apache server, and if its mail it knows to use qmail.

Thanks for the help.

These questions come up all the time. I'm putting together a very basic HOWTO for all of us. Check back soon. I'll post a link here when it's ready for prime-time.

--James

Whether or not its ready for prime-time is a matter up for discussion, but here's the first version. Read it over and let me know what you think. There's a link at the bottom of it to e-mail me.

Right now though, I need to start writing my paper that's due tomorrow.

--James

I have used Easy DNS http://www.easydns.com and have been very pleased - they also are an opensrs reseller.

Just adding another name to the list of providers!

Well godaddy provides full dns control aswell

That's right. You probably already have what you need within GoDaddy.

They make it a little hard to find at first. See this thread, especially my post near the end.
http://www.linode.com/forums/viewtopic.php?t=406

I'd reccomend them too, I use them and they work very well for me.

-Ashen