Entries by Mark Jeftovic

We've re-enabled access to viewing your DNS query counts online.

Unfortunately, the May numbers are out of whack: you'll see a large spike in your query counts between May 12 and May 19 which is actually each day's total carried forward and added to the next. This was due to a parser bug caused by a change in the output log format.

Sorry for the on-again/off-again nature of this feature and we should be good to go now.

Following on our explanation of why we do not offer whois masking here at easyDNS, we note tonight that Registrar Namecheap has been sued "over cybersquatting claims for a domain name registered under the NameCheap whois privacy services".

As we outlined in our original article: Whoever is listed as the Registrant in the domain's whois record, effectively owns the domain. If you own the domain, you get all the responsibilities for it. That's why most Registrars simply drop the whois mask at the slightest legal speedbump. Namecheap didn't, and so now it cuts the other way they get the sharp end of the legal stick being poked at the domain.

Technology lawyer Eric Goldman in his analysis of the matter under the subheading Why This is a Troubling Ruling noted:

Read literally, every proxy service is exposed to potential contributory ACPA liability for every domain name it services. I can’t imagine proxy service providers will be excited about that liability exposure, and some may choose to exit the business.

Some certainly should. Any of the proxy providers who basically viewed whois masking as an easy business which basically pulls in money for doing nothing (which is more or less how I view it, I'm sorry, but that's only my opinion) - should take this as their signal that the party's over and exit the business.

As I've noted before, in it's current implmentation: whois privacy doesn't actually protect the underlying registrant's privacy (because most proxy providers will drop the mask at the first sign of trouble) and if they don't, the proxy providers are exposing themselves to inordinate risk. Coupled with the fact that the whois mask puts the underlying registrant's rights to the name in question and the whole thing is just one big mess waiting to blow up.

As of tonight you may notice when you log into your member control panel a new item beside each of your domain names called "query usage".

This links you to a monthly histogram depicting the DNS query counts for the domain. Right now we are just compiling aggregate lookups across all
RR types and we it only counts the lookups that resulted in SUCCESS. To get the exact count for a specific day, hover your mouse over the date.

Use the "previous / next" text links in the lower right to scroll backward and forward by month. Keep in mind, we have no data available prior to March, so everything zeros out if you go back further than March 2009.

We've turned up .tel registrations now that they've gone realtime and the initial registry implosion has stabilized. You may have noticed a distinct lack of urgency from us to light a fire under your keester to go register your name under .tel right now before somebody else takes it.

As we outlined previously, we find the hoopla around new top-level domain rollouts both tiresome and for the majority of domain holders, unnecessary. So we have a policy here that we generally a) don't launch the new TLD until it goes realtime and is considered "stable" and b) we don't try to whip our users into a hysterical frenzy ahead of time to register their domains under every new TLD.

The fact is, in the future there will be more top-level-domains, a lot more. So many of them that between obvious typos of one's domain, one's core domain or domains, and one's local geographic top-level domain, it will be a fool's errand to try and register your name under every new TLD that comes along just for the sake of "defending your mark".

The other problem is, .tel is severely crippled

While we do find .tel slightly unique in the realm of new TLDs because it actually exists for a reason: to cultivate internet telephony usage. This isn't some country-code ccTLD hiring out their namespace under some made-up reason (.me, .tv, .ws, et al) to draw in foreign registrants, it's an actual TLD geared toward SIP, VOIP and telephony and exists for that reason.

But .tel isn't doing anything under the space that can't be done under any other domain name with the appropriate use of SRV or NAPTR records and to actually make matters worse, you are forced to use their nameservers and your domains are under an Acceptable Use Policy which forces you to use the name for certain things (basically as a "contact" switch rather than a "content" page).

While the objective may be laudable: giving a TLD an actual raison d'etre beyond "register your name before somebody else does!", we don't like that you're forced to use their nameservers and don't have total latitude with your .tel domains. It runs contrary to the ethos behind easyDNS which was, and still is to drive a stake through the heart of lock-in. (It's not like we force everybody who registers a domain through us to use our nameservers because we're an outsourced DNS host, in fact we even allow our members to mirror their DNS from our nameservers from outside DNS hosts).


As such we have not become directly accredited under .tel, instead we're supporting them through our OpenSRS reseller tag, but the functionality is transparent.

Most of you reading this probably have no compelling reason to register your name under .tel unless 1) you like the TLD or 2) you have operations in the IP telephony space that would make sense segmenting under a .tel name and 3) you don't mind the crippled functionality and lock-in.

If your dynamic DNS client suddenly started having trouble sending updates over the last few days it is probably because your client does not support SSL connections and it was encountering a "302 found" response from our end redirecting it to an https address which it couldn't follow.

That should now be fixed and dynamic updates should be working as expected.

We're sorry about any glitches this would have caused.

Hat tip to former easyDNS partner Colin Viebrock for the clue.

Many of you may not know that we have an ongoing member feedback survey where we ask for your thoughts and impressions of using easyDNS.

We try to make it as unobtrusive as possible, and for each respondent we make a $5 donation to a charity of your choosing (World Wildlife Fund, Children's Wish Fund or Unicef).

We've recoded the survey using eSurveys.com. Feel free to give us your thoughts by taking it today.

easyDNS Member Survey

One of the things I love about this business is finding out some of the ultra-cool websites who use us for DNS. The first couple years of this business I think I had every domain name on the system memorized, not so much now.

But I found out today that TedNugent.com uses easyDNS nameservers ROCK ON.

I always loved the Motor City Madman....

We get asked this a alot: Why do you guys not offer whois masking or whois contact privacy?

The brief background on this is: whenever you register a domain name, your contact details are published in a publicly visible database called "whois", where your contact details are instantly harvested by spambots and marketers who proceed to email and postal mail you marketing offers, deceptive "domain slamming" attempts, ads for dubious products, and perhaps even telemarketing calls.

Nobody likes that, so over the years people started resorting to various tactics to protect themselves from the deluge of crap that inevitably comes with simply registering a domain name: throwaway email addresses in whois records, fake postal addresses, fake phone numbers, etc. The problem is, Registrants are obligated under their various end user agreements to provide true and accurate data (not doing so is grounds to lose one's domain), and the US even passed legislation making it unlawful to use fake contact details in a domain name registration.

Our response to this, years ago, was MyPrivacy.ca which protects your email address from being harvested from your whois records, but leaves your other data intact. We didn't see it as a revenue opportunity, in fact we made it free and opened it up to competing registrars, many of whom started recommending it to their customers. We just wanted to drive a stake through the heart of the whois spammers.

It wasn't long though, before many registrars took it a step further and created the concept of "whois masking" or "contact privacy", where all of the domain-holder contact details would be masked from the public whois. Of course, this was heralded as a "value-add" and most outfits charge extra for it.

In today's long overdue post, we're finally revealing why so-called "whois privacy" puts your domains at risk, costs you more and doesn't really protect your privacy.

It turns out the problem sending email to gmail / google was some sort of change they've made on their end which has, in the words of Postfix creator Wietse Venema "screwed up their support for RFC 2920 command pipelining. "

This seems to have affected at the very least, anybody using Postfix 2.x as an MTA. More info, along with the fix see this post, if you're running a postfix MTA you'll need to do this until google fixes their system.

We're in the process of updating our configs and the mail should resume momentarily. No mail was lost, no animals were harmed, everything was just deferred and will be dequeued starting....now.

One of our tech support guys just had a conversation with somebody who wanted "to register the URL http://example.com/something.html", where example.com was already registered, the person couldn't understand why he couldn't have that URL with "something.html" after it.

We've heard variations of this one a lot. Like somebody who knows "xyz.zz" is taken "but can I register "www.xyz.zz?", no, you can't.

The easiest way to explain a URL such as this one:

http://www.example.com/something.html

Is to think of it as HOW, then WHERE and finally WHAT:

http://	« how?	The method we are going to use to retrieve or "get to" the document described by the URL. Common ones are "http" (Hyper-Text Transfer Protocol), you may also see "ftp://" or "mailto:"
www.example.com	« where?	This is the hostname of the server, somewhere on the internet, which is holding the document we actually want
/something.html	« what?	Finally, after we know what server we are looking for and how we're going to retrieve the document from it, we now specify exactly which document we want off of the remote server.

Understand those three components and you basically have URLs down cold.

Your web browser (firefox, safari, IE, Opera) is all about "how", what protocols to use to pull all these documents over the web to your desktop.

The web host is the "what" machine. It sits on a server and serves document after document to remote web browsers who send it requests.

Something has to bridge the browser to the web host/server and that's the "where", that's where DNS and domains come in, and that's primarily what we do here at easyDNS. We tell web browsers (and other client applications) the "where" aspect of retrieving and transmitting documents (the "whats") across the internet. We do this via "DNS lookups" ...about a quarter billion times a day.

Michael Moore released his latest film Slacker Uprising for free, over the web (note: don't click on that link if you live outside of the US or Canada or his lawyers will yell at us again). On the download page for the film Mr. Moore has this to say:

"I'm giving you my blanket permission to not only download it, but also to email it, burn it, and share it with anyone and everyone (in the U.S. and Canada only). I want you to use 'Slacker Uprising' in any way you see fit to help with the election or to do the work that you do in your community. You can show my film in your local theater, your high school classroom, your college auditorium, your church, union hall or community center. You can have your friends and neighbors over to the house for a viewing. You can broadcast it on TV, on cable access, on regular channels or on the web. It's completely free -- I don't want to see a dime from this. And if you want, you can charge admission or ask for a donation if it's to raise money for a candidate, a voter drive, or for any non-profit or educational purpose. In other words -- it's yours!"

So, why are his lawyers demanding we take action regarding a torrent posted on a DNS hosting client's website? We received the following takedown request via Fedex today:

People have tried this on us so many times I figure it must still work in many cases so after the last one I decided to post a brief note about this.

We run an affiliate program via Commission Junction, it pays $20 per new customer acquisition. We also come up first in all major search engines for our own name: "easydns", "easydns.com", "www.easydns.com", and "easyDNS Technologies Inc". Every online business probably comes up first in Google for their own name. (If you don't, you have larger problems and you should probably address those).

Here's what I consider, if not a "black hat" PPC technique, a grey one which we're not interested in because it costs us affiliate commissions on sales we would have gotten without the affiliate ever being involved. Here's how the scam works:

10 years ago on this day, we removed the password block on easyDNS.com and sent out a couple of innocuous email announcements to the PHP and Mysql mailing lists announcing that we had developed a DNS management system using php and mysql and it was now open for business. We had three nameservers, 1 in our office (where the "other server", that ran everything was), one downtown in somebody else's cage at 151 Front street, and some friends of ours in Buffalo who were running an email company called chek.com let us run a third nameserver on one of their servers. That was the initial setup of easyDNS...

We're going to start an item here to try to keep track of the ISPs who are patched for the DNS cache poisoning bug. Most of our personal contacts are here in Canada so this list will likely be comprised largely of Canadian ISPs but as we get word on other big ones, we'll try to update them here.

So far just a couple of items but one of them is major, so I post now...

ISP	Status	Comments
Bell Canada:	Patched	We've checked with their ops team
Egate.net / EgateDSL	Patched	A lot of non-Bell DSL users here

With the ramifications of the DNS cache poisoning bug beginning to sink in and the first exploit code being published today, we are anticipating an accelerating number of queries from our members about this and what they can do to ensure their own DNS caching resolvers are safe to use.

We can tell you about two public DNS resolver systems you can use. One external, one we just launched ourselves:

OpenDNS: User friendly DNS lookups - with anti-phishing protection

We've never been in the DNS resolution or DNS resolving business. There are companies like OpenDNS who are. We know the people who run this company, they are competent and knowledgeable and we consider their service safe. That said, they also provide protection against phishing domains and they do trap NXDOMAIN traffic. Yes, they do monetize failed lookups via a search suggestion page with PPC links, individual users do have the ability to turn this off.

easyDNS launches DNSResolvers.com: no frills, pure DNS lookups - fully patched

Some of our members have expressed reservations around using any DNS resolver that "alters" the traffic in any way, including typos and non-existent domains. Which is good news for us, because we've done this so fast we haven't had time to build anything like that even if we wanted to. What we did want to do is provide a couple of DNS resolvers for use by our members (or anybody else) who just want to know they're using a system run by people who are actively following this situation and are proactively keeping their own resolvers and caching nameservers as secure as the protocol allows.

With this in mind we've turned up DNSresolvers.com today. No website, no user interface, at the moment it's just a couple of resolvers with the latest security patches in place and that will continue to do so, open to use by anybody who wants. We have no idea where this will go, and it's not really an official easyDNS "service" per se. But we wanted to do something to give our members options.

If you want to use DNSresolvers.com, the details are as follows:


cache1.dnsresolvers.com -> 205.210.42.205
cache2.dnsresolvers.com -> 64.68.200.200