Is domain necessary for a website? Can't we see websites using the public ip address of the machine-like 65.2.10.98? I am unable to get a free domain name. I have tried freenom but it always shows domain not available. If it's necessary to have a domain please tell me a website from where I can get just a domain name for free because I have a Linux server up and running in AWS
Yes. You can use a public IP address for your website.
Domain names are solely meant for us humans to better find what we are looking for in the world wide web.
example.com is easier than 93.184.216.34.
But it is not a requirement to have a domain.
Although, I want to point out that IP addresses, especially IPv4 addresses are not as static as you think. You did not provide any details, but if you are not willing to pay for a domain I guess you are using the free tier EC2 instances. If you reboot/terminate such an instance, the IPv4 is likely to change. So your website is not available under the old IPv4 address anymore. Domains solve this problem because you can just point the domain to the new IPv4 address.
Since you are using AWS, and seems to not mind any form of domain name, try CloudFront. It will give you a default domain name like so:
http://d111111abcdef8.cloudfront.net/
You can configure your EC2 as the origin for the CloudFront distribution. It has added benefits of DDoS and CDN too.
It is not required to have a domain.
When it comes to freenom i have only use for small projects, you can get a free domain as long you renew it every 12 months and if dont mind the ".tk"
Related
My website suddenly stopped working.
When I search for the domain name in WHOIS websites it is showing the correct server ip address and correct DNS IP address.
I can reach the website by its IP address but somehow when I am trying the domain name in browser its not working and its showing "This site can’t be reached"!
There is no error in my server log.
I tried different browsers and different systems and it is same issue.
I am really confused. Even when I am sending GET requests with Postman to my domain, it not reachable but sending request to IP is working!
whois and DNS resolution are two separate things and one does not imply anything for the other, so in short, except in very specific cases, if you have a DNS resolution problem you should use DNS troubleshooting tools, not the whois and especially not web-based whois (the only relevant whois is the registry one).
Now you are giving so few details that noone can really help.
Among the possible ideas to check and probable problems:
you forgot to renew the domain, your registrar put it on hold or worse deleted it (that you can see in whois)
you did a change in the DNS resolution and now it does not work anymore, use online troubleshooting tools like Zonemaster or DNSViz; alternatively your registrar and/or webhosting company should be able to help (since you are neither giving here the domain name nor details about the troubleshooting you do: for DNS problems, the browser is not the first tool to use, look instead at dig).
in appear that the problem was DNS on our local system. we changed it to 8.8.8.8 and then we could access to our domain!
it's usually because you use an addon domain, not the main domain for hosting orders that are set up on cpanel whm
We are whitelabeling some website software, but in order to use it, our clients must point their domains to the software's nameservers. We'll say ns1.softwareco.com and ns2.softwareco.com.
Since we're whitelabeling, I don't want our clients to see Software Co's name in the name servers.
I could easily mirror Software Co's DNS settings, but if Software Co updates them in the future, my settings would be incorrect.
Is it possible to just point my nameservers ns1.whitelabelco.com and ns2.whitelabelco.com to Software Co's nameservers?
Your best way of achieving this is to follow the lead of other companies.
For example, if you look at how github allows the configuring of custom domain names for their pages product. Which is whitelabelling in effect.
The two options you have are basically, that you have a static IP address that will last for the lifetime of your service. Which would mean you would need to buy that address, complete with a contract to ensure it didn't need to be changed. You could place that address infront of load balancers etc, so it could be directed to multiple servers at the backend (even multiple locations)
The simpler option is to offer a CNAME redirection to your clients.
You tell your clients that you have service.example.com and they should point their servers to that with a CNAME record. so their clients will see www.domain.com but that will be redirected to your site.
The downside of a CNAME record over an IP Address, is that the end user can see that it is a whitelabel product. The problem is that DNS is an open system, and no matter what you do with it the end user will be able to see what you've done and find out that you are hosting that site.
The only way around that is to use an IP Address.
I recently started using linode to host my site.
Prior to using linode, I normally used hosting offered by my domain registrar. In those cases, i thought I understood how DNS worked, because the registrar automatically updated your DNS records to point to the server hosing the site.
When following linodes guide, to setting up a website: https://www.linode.com/docs/websites/hosting-a-website
Their instructions tell you to set the DNS servers as:
ns1.linode.com
ns2.linode.com
ns3.linode.com
...
But the point I am making is, that ANYONE can open an account on linode, and fill in the same DNS settings! So now anyone trying to access your website, could be directed to someone else who wants to pretend to be your site!
Am I correct in understanding how DNS works ? I know that the only way to ensure (from a visitors perspective) that a site being visited is actually the domain intended is to install a certificate (https) etc. But based on the above instructions, it seems almost trivial to pretend to be someone else, if they also use linode.
I am not an expert on DNS so my answer may be mistaken, but I had the same question so looked into this.
I think your understanding is correct, and this seems to be a problem but apparently it happens rarely in practice so hosting providers (including Linode) aren't doing anything about it.
Here is Ryan Quinn from DigitalOcean (another hosting company that has this problem) answering a similar question:
A domain can only exist on one account so any user attempting to add it would not be able to. Cases where a domain already exists or is hijacked are extremely rare (I've seen 3 cases in 2+ years and in each case it was a former owner of the domain who still had records in place). In these rare cases the user can open a support ticket where we will verify the domain whois information against their billing details to verify ownership.
Here is a question on Information Security Stack Exchange that asks the same thing.
In the case of DigitalOcean, I found a post (HackerNews discussion) of someone describing how they took over around 20,000 inactive domain names that pointed to DigitalOcean's nameservers. I haven't found anything similar for Linode, although I imagine basically the same attack is possible (2020 Update: This actually recently happened to someone I know, where their website got taken over by a spammer after they took down their Linode without changing the DNS settings to stop pointing to Linode).
Amazon Route 53 seems to use randomly generated nameservers (rather than Linode/DigitalOcean's constant ns1.linode.com etc.) to make this attack highly unlikely to succeed.
Apparently some other services (Google Apps?) "verify domain ownership by requiring the domain owner to add a TXT record to their domain with a special code."
So what? Someone may use the same DNS servers. But they can't register for the same domain. Once you have registered for example.org, you own that domain and nobody else will be able to register for it.
You have registered for example.org and use the following DNS configuration at Linode:
Domain | Nameserver
-------------------+---------------------
example.org | ns1.linode.com
example.org | ns2.linode.com
... | ...
An "evil hacker" may have registered evil-hacker.com and uses this configuration:
Domain | Nameserver
-------------------+----------------------
evil-hacker.com | ns1.linode.com
evil-hacker.com | ns2.linode.com
... | ...
example.org | ns1.linode.com << Those are the lines that bug you, right?
example.org | ns2.linode.com
For simplicity's sake let's say that the IP of your site is 1.1.1.1 and the IP of the evil hacker's site is 2.2.2.2. You are worried that because the "hacker" used the same DNS configuration, your site example.org might resolve to 2.2.2.2, right?
This is what happens, when I try to resolve example.org:
I connect to the DNS root servers to find out which nameserver is responsible for the org top-level domain.
I connect to the nameserver of the org top-level domain and ask it for the IP address of example.org. The org nameserver is managed by your domain registrar. It will look up the information you entered and tells me look at one of the linode nameservers.
I connect to ns1.linode.com and ask it for the IP address of example.org. Linode knows which IP your site has and answers me with 1.1.1.1.
In the above process, I will never see evil-hacker.com or 2.2.2.2. Since our evil hacker (hopefully) can't control the DNS root servers, the nameserver of the org top-level domain or the Linode nameservers, all DNS requests for your site will be answered by "trusted" name servers.
However, a hacker might intercept DNS traffic from my particular machine. He might install malware that always resolves example.org to his IP address 2.2.2.2 (e.g. /etc/hosts) or compromise my network router. So using an SSL certificate for your site is still a good idea :).
I currently have my own domain name and dedicated server and I offer different packages to my clients. What I want to be able to do is have them sign up with my website and create a package automatically that they can access via their username as a subdomain e.g.
http://yourusername.mywebsite.com
I currently have DNS entries set up for various subdomains with real information for my website e.g.
Name Type IP Address
# A 1.2.3.4
bugs A 1.2.3.4
support A 1.2.3.4
However, if a new customer signs up at the moment I have to go and manually create an entry for them with their username in it.
I'm sure I've seen websites that manage to do this automatically, does anyone have any ideas how, or any other methods that I should be using?
Thanks,
Mark
Since you apparently do not control the name servers, your choices are quite limited. One possibility is to use a wildcard DNS record:
* A 192.0.2.1
where the star will replace every name. Not ideal (inexisting domains will also appear).
The details depend on which DNS server you're using.
One approach is to have some code that opens the DNS zone file and adds the desired records. On Linux with Bind, you will then need to signal the server to get it re-read the zone file.
With Simple DNS Plus, you can easily add such a DNS record through the included HTTP API. For example:
http://127.0.0.1:8053/updatehost?host=yourusername.mywebsite.com&data=1.2.3.4
Since you apparently do not control the name servers, your choices are quite limited. Nevertheless, every serious DNS hoster provide you with a API (see for instance Slicehost's API). So, you may use this API and write a small program to update the DNS data.
(Foot note: handling paying customers when you do not even control the name servers seem... bad)
I was wondering if it's possible to dynamically add subdomains that point to dynamic IP addresses, and how I would go about doing that? In other words, "how is dyndns/no-ip implemented" :-)? (The part I don't get is adding/changing the DNS entries... I understand how the client sends a packet every few minutes -___-). I can tell all my users to just use DynDNS/No-IP, of course, but having it integrated with the application would be much cooler.
Thanks,
Robert
To be able to directly update/control where a domain/subdomain resolves to, you must have your own name server. When you register a domain under a TLD (for example, .com), that TLD has a nameserver. Anytime a client needs to look up the IP to something.com, they ask the .com nameserver where to find the nameserver for something. That nameserver in turn returns data about the domain or subdomain.
When you register a domain at a place like GoDaddy or Network Solutions, and you use their online tools to point your various subdomains to IP addresses, you are creating entries on their nameserver. When a client requests your domain, the root nameserver tells them to check with GoDaddy's nameserver. If you look through the configuration options of your registrar, you'll generally find a place to specify your own nameserver instead of entering domain IPs. Setting that will tell the chain of nameservers to defer resolution of your subdomains to that nameserver. Obviously at that point, having direct control over the mechanism of name-address resolution, you can do whatever you like.
Here's one list of open-source name servers. There are many others, ranging from free OSS to custom, proprietary and very expensive. Technically you could also write your own, as BIND is a public, standard format.
As you've partially said, the way DynDNS and other dynamic IP services work is that they update their server's DNS records based on a heartbeat from a client every few minutes.
The trick is that they use extremely short TTL times so that caches for the record expire very quickly and need to re-query the DynDNS server (which makes dynamic IP changes propagate quickly).
If you wanted to implement this, either find a DNS host that offers an API, or programatically update the DNS on your own server with a short TTL.