Exile From the Herd - via easyDNS blog

Ten Years of easyDNS

nospam@example.com (easyDNS: of Interest) — Thu, 31 Jul 2008 10:25:21 -0400

10 years ago on this day, we removed the password block on easyDNS.com and sent out a couple of innocuous email announcements to the PHP and Mysql mailing lists announcing that we had developed a DNS management system using php and mysql and it was now open for business. We had three nameservers, 1 in our office (where the "other server", that ran everything was), one downtown in somebody else's cage at 151 Front street, and some friends of ours in Buffalo who were running an email company called chek.com let us run a third nameserver on one of their servers. That was the initial setup of easyDNS...
Continue reading "Ten Years of easyDNS"

DNS cache poisoning exploit released

nospam@example.com (easyDNS: Domain Industry Watch) — Wed, 23 Jul 2008 20:52:51 -0400

Hi There,

There is a new DNS Cache poisoning disclosure that has been inadvertently leaked before it was scheduled to be released by Dan

Kaminsky (IOActive). This is a very serious flaw in the DNS protocol that impacts caching resolvers, like the resolvers hosted at your

service provider that help your workstation resolve IP addresses to domain names.

This bug does not directly impact authoritative name servers like the ones used to host your domain names at EasyDNS. Our name servers do not

request answers from external sources, and rely entirely on internal cache files to offer answers. So for example, nobody will be able to change your IP information on our end. That part of the bug is unfortunately located at the caching end.

That being said; this is still a serious flaw, and we are taking this opportunity to upgrade the DNS software on our authoritative name servers to ensure that we are 100% compatible across the board with the newly upgraded caching name servers located at your Internet Service Provider. These upgrades should not impact name resolution if you are using more than one of our name servers to serve answers for your domain name (actually, please ensure that you are).

To make sure your Internet Service Provider is up to speed, you can use Dan Kaminsky's test script at DoxPora Research. If your Internet Service Provider is not yet up to speed, you may want to give them a nudge and/or change your DNS resolver configuration to a more trusted service.

Update It is now making news that an exploit to this attack has been released., please see our post about our newly launched DNSresolvers.com if you are looking for safe resolvers.

.ME Top Level Domain launch indicative of new TLD rollouts

nospam@example.com (easyDNS: Domain Industry Watch) — Thu, 17 Jul 2008 20:52:23 -0400

We've gotten a few invitations to apply to be a .ME top-level domain registrar, to which we assigned no urgency after we took a straw poll internally and found that pretty well zero of our customers were asking for it. Today, Techcrunch reports that the .ME landrush, at least through one large operator, had degraded into a fracas. We have an unwritten policy here: new Top Level Domain roll outs are to be avoided until they i) get past sunrise without erupting into a malestrom of lawsuits and ii) get past "go-live" without imploding.

It runs contrary to industry standards where registrars whip their customer base into a frenzy over an exaggerated need to protect one's trademarks and claim one's stake in the latest "must have" TLD. The fact is, all you really need to care about are .COM, .NET and .ORG plus the ccTLD of the country you live in or do a lot of business in. (I will probably catch flack for saying .BIZ and .INFO are not crucial must-haves to your domain portfolio - we grabbed ours, at considerable expense in the case of .INFO and it was our experience in the roll out of these two that largely formed our policy.)

That most of these new TLDs roll out with initial 2-year registration period minimums are just an outright cash grab from the registry that most participating registrars are happy to join in on. They know that the sunrise and landrush frenzies they hope to whip up are the single greatest revenue events these TLDs ever experience. After the hoopla dies off and organizations realize how unimportant owning say ".ZX" is in their overall domain strategy and the domainers who piled in find out the aftermarket for the TLD is lackluster at best, the renewal rates predictably fall off a cliff.

So when the next "must have" TLD comes along and participating registrars start lovebombing their customers with reasons why they absolutely must"protect their name" in the new TLD, we often commit the egregious sin among investment bankers, VC's and pundits - that of "leaving money on the table" and we just don't rush in and push the new TLD. If it prevents us from leading our members off a ciff in to a major debacle, we consider ourselves as having done our job. (This was a similar rationale to why we never entered the IDN space, as long as you need a browser plug-in to make internationalized domain names even borderline usable they are, in our opinion, of marginal utility - we stayed out of it)

This is in line with our lifelong strategy of cultivating members who actually use their domains rather than pushing the "get your name before its gone" angle for every TLD under the sun on anybody who can fog a mirror. When we launched back in '98, we couldn't even register domains at all, so our member base was exclusively people who were actively using their domains and wanted outsourced DNS and/or forwarding. That set the tone for our positioning and culture ever since, and while now we do have a lot of customers using us "as registrar", our core is always the active domain users.

We have almost zero "domainers" with large portfolios of parked domains and speculative registrations because our model simply doesn't work for those types of users. It's not a judgement against domainers, it's just not where we came from.

All that said, you would probably think we are opposed to the new "free-for-all" TLD expansion policy hinted to in the recent ICANN meeting in Paris. We are not. We would welcome this new tlds policy (if it ever actually happens) because it removes the artifical scarcity and counteracts that "cashgrab" mentality we sniff at the root of many a new TLD. If new TLDs are coming out all over the place, two things happen:

1) Organizations realize that it is no longer practical to attempt to "protect their name" in every TLD space, so they stop trying. This removes a lot of the "easy money" underwriting new TLDs, some of which would otherwise launch for the thinly disguised reason of trying to milk the Sunrise for all its worth.

2) The above impetus gone, new TLDs will have to compete in a much more open market. Registries, while having de facto localized monopolies within their own TLDs will have to provide actual value to compete with other TLDs.

That appeals to our sense of market freedom: less artificial barriers compelling a drive toward providing more value and benefits. The winners in the end should be the domain registrants, who are, let's not forget, our customers.

.ME Top Level Domain launch indicative of new TLD rollouts

nospam@example.com (easyDNS: Domain Industry Watch) — Thu, 17 Jul 2008 07:52:00 -0400

Please note: ORDB anti-spam list no longer operational...

nospam@example.com (easyDNS: Domain Industry Watch) — Wed, 26 Mar 2008 14:46:17 -0400

A number of our customers who maintain their own mailservers have called reporting issues with the delivery of their email in the last 24 hours. If you are experiencing something similar, please ensure that you are not using the ORDB anti-spam list.

The ORDB anti-spam list was shut down in December 2006, and in an effort to fully deactivate the list, ORDB is now sending out false positives. This means that if your mailserver relies on the ORDB anti-spam list, your mailserver is more than likely rejecting ALL EMAIL that is being relayed to it.

Please ensure you remove your mailserver's dependence on ORDB, as this will correct this specific issue.

Discussion about this recent development with ORDB can be found at the following URL upon Slashdot:

http://it.slashdot.org/article.pl?sid=08/03/25/2124224

easyURL adds "FEDEX" tracking widget

nospam@example.com (easyDNS: of Interest) — Thu, 06 Mar 2008 15:08:39 -0500

Trivial but handy: I found myself having to email out some Fedex tracking ID's today, so I thought what would make it easy would be a way to create a redirect to the Fedex tracking page for that ID without having to visit a URL shortener site to create the redirect.

That's the core idea behind the "URL Widgets" or "Redirect Widgets" of easyURL, which are described here We also have them setup for Amazon products, domain lookups (surprise), Wikipedia pages and RFC's.

How to use your own domain name with Google Apps

nospam@example.com (easyDNS: Tips and Tricks) — Sun, 02 Mar 2008 18:40:09 -0500

Many Ayromlou does it again, publishing another step-by-step tutorial, complete with screen shots on how to use your own domain name on easyDNS with Google Apps..

easyDNS announces Guaranteed Lookup Privacy for easyWHOiS.com

nospam@example.com (easyDNS: of Interest) — Tue, 23 Oct 2007 15:45:33 -0400

In light of the recent ICANN advisory on domain lookup frontrunning we've made the guarantee that your domain lookups on easyWhois have and always will be, private.

What is domain lookup front running? It is when an unscrupulous operator between you and a domain lookup tool, such as a whois lookup website, perhaps even the site operators themselves, monitor your domain name searches and then go and grab some of the available domain names you search on before you get the chance to.

I never thought anybody would be so brazen, but silly me, I once again underestimated the widespread use of sleazeball tactics on the internet.

You can read the easyDNS press release on the subject and our new Guaranteed Lookup Privacy Policy at easyWhois. We've also added SSL encryption to easyWHOiS to eliminate the possibility of queries being eavesdropped.

Don't forget to vote in the CIRA Board elections

nospam@example.com (easyDNS: of Interest) — Tue, 11 Sep 2007 10:52:16 -0400

I just finished voting in the Canadian Internet Registration Authority Board of Directors election. This year's election is the first under the new election process and reformed membership structure that was ushered in last year at the special member's meeting in Toronto.

I have mixed feelings about the new membership reform, having spent a good deal of my term on the Board working on it and finally seeing it get ratified by the membership shortly after the end of my stint. I found the re-authorization process of the membership confusing. If I found it confusing, having been in the belly of the beast so to speak, it must have been utterly unfathomable to a lot of casual .CA domain holders. I think 90% of .CA domain holders don't even really understand who CIRA is or why they consistantly get cryptic emails from them telling them to authorize this, confirm that, verify your id ("your papersss pleasss").

Continue reading "Don't forget to vote in the CIRA Board elections"

easyURL enables bookmarking and tagging with openid

nospam@example.com (easyDNS: of Interest) — Thu, 16 Aug 2007 14:00:46 -0400

You probably didn't know we operated a URL shortening service at easyURL.net, which has some nice features like being able to create your own short label for a shortened URL and tracking of access stats.

After awhile I noticed that I was also using it as a pseudo-bookmarking mechanism, but of course it required that I actually remember the shortened URL. So we went ahead and added bookmarking and tagging to easyURL.net.

The bookmarking features are accessible via OpenID tokens because we're finding people are getting less and less interested in creating a new account on every site they use. For people without OpenID, you can always use a site like del.icio.us, for those with, use this.

How to use your domain name with blogger

nospam@example.com (easyDNS: Tips and Tricks) — Thu, 31 May 2007 20:52:35 -0400

Title says it all, easyDNS member Many Ayromlou wrote a clear step-by-step mini-howto today explaining the procedure to get your domain name registered through us working with your blogger.com blog:

http://www.nerdlogger.com/2007/05/how-to-use-custom-dns-name-with-blogger.html

My only comment is Step 6 shouldn't be a few hours' wait, not unless you've already typed your domain name into your browser before you do this and now your local ISP's nameservers have cached your old IP.

But thanks to Many, I'm sure a lot of bloggers interested on using their own domain name with blogger.com will reference this.

Four essential components of Search Engine Optimization

nospam@example.com (easyDNS: Tips and Tricks) — Wed, 06 Dec 2006 13:02:39 -0500

I've been helping a longtime customer debug getting his website setup with a google sitemap and stealth redirection and he asked me in more general terms if I had any advice for him around search engine optimization.

Here are four essential "must have's" for SEO. Three you can do right now, the fourth is not under your control as much. Before embarking on a concentrated SEO campaign, be sure the first three are in place.

Continue reading "Four essential components of Search Engine Optimization"

CIRA Board Elections On Now, Please Vote

nospam@example.com (easyDNS: of Interest) — Mon, 18 Sep 2006 16:11:42 -0400

During my 3-year tenure on the CIRA Board, I got the opportunity to travel across the country. Whenever we held a public forum anywhere in Canada, the turnout was usually quite high and the participants informed and enthusiastic.

Then near the end of every open forum I made it a habit to ask the attendees the following question: "How many people here voted in the last election?" and the silence was usually deafening. Less than 10 hands would go up every time, guaranteed.

So why the disconnect between getting live bodies out to an actual event and getting stakeholders to click a few buttons through their web browser?

Given the discontent I've seen among netizens over some gTLD issues with .COM (remember sitefinder?) and ICANN oversight, CIRA has set the standard for accessibility and stakeholder guidance for .CA. People should be seizing these opportunities and making their views known and voting.

Running country code top level domain registries carry unique challenges and require industry experience balanced with a sense of stewardship. .CA is after all a "key public resource" and the kind of people I want on the Board are those that take that stewardship capacity seriously.

This year I'm voting for the following member nominees:

Paul Andersen https://elections.cira.ca/2006/finalslate/show/44/en
Clyde Beattie https://elections.cira.ca/2006/finalslate/show/22/en
Ross Rader https://elections.cira.ca/2006/finalslate/show/35/en

And from nomination committee I'm voting for:

Raymond Benoit https://elections.cira.ca/2006/finalslate/show/13/en
Bill Reid https://elections.cira.ca/2006/finalslate/show/12/en
Jeff Ryback https://elections.cira.ca/2006/finalslate/show/10/en

I encourage all .CA domain holders who are CIRA members to vote now.

Enhanced DNS resolution using OpenDNS

nospam@example.com (easyDNS: Domain Industry Watch) — Mon, 10 Jul 2006 17:04:00 -0400

OpenDNS is an enhanced DNS resolver open to the public (as of today) and free to use. It contains a number of enhancements such as typo correction and phishing protection.

It is also fully configurable for the end users, so individual features can be turned off at the users' discretion.

I've also posted a comment on CircleId explaining why OpenDNS is not Sitefinder 2.0




(By way of quick explanation to the layman, there are three kinds of nameservers that affect your life:

Root nameservers: which top level domain registries operate, such as the root nameservers for .com or .ca
Authoritative nameservers: for individual domains. This is the business easyDNS is in: answering DNS queries authoritatively for its member domains. 
Recursive nameservers or resolvers: these nameservers find out DNS info on behalf of its users. Usually these are transparent to end-users and supplied by ISPs, often via DHCP. OpenDNS is now in this business. )

Want to reduce email spam to your mail server? Stop using backup spooling

nospam@example.com (easyDNS: Tips and Tricks) — Tue, 27 Jun 2006 16:33:57 -0400

It is with regret that we have come to the following conclusion, but here it is: Offsite backup SMTP spoolers and backup mail exchangers have become worse than useless

The problem is spam and the software that delivers it exploiting the weak authentication schemes inherent in the SMTP protocol itself. It used to be an annoyance, then it became a concern, it is now an epidemic and has resulted in the death of the offsite backup MX handler.

What happens is this: spammers try "dictionary attacks" on target domain names, trying to deliver email messages at random usernames at the target domain. The primary mailserver knows which usernames are valid and rejects the rest. The offsite backup MX spooler doesn't know what usernames are valid and what are junk, so it just forwards everything it receives for a domain it is spooling for to the primary MX handler.

Spammers and other malicious parties know this, so they may not even bother trying the primary MX at all, they'll just throw everything at the backup mail spooler which dutifully forwards it all (or tries to) to the primary. It is a dead-easy method of launching a Denial-Of-Service attack as well.

So it is with a heavy heart we have to admit that any utility of having an offsite backup MX handler is in most cases far outweighed by the advantages it hands to spammers and other miscreants.

The good news is this: without a backup mail spooler defined for your domain, originating mail servers simply queue the mail locally for a later retry. So owing to the design of the SMTP protocol, you do not really lose any redundancy when you remove a backup MX spooler from your DNS settings. But you probably cut down on the amount of spam your domain receives through the back door that is the backup MX spooler.