I checked the Domain Status of some domains (using ICANN and one was Active, whereas the other was clientTransferProhibited.
i.e.
Domain Status: clientTransferProhibited
and
Domain Status: Active
What are the practical effects of setting the domain status to clientTransferProhibited, and is it the recommended approach for a serious website, or is 'Active' domain status considered safe?
Your question is offtopic here but any conforming whois server (or if using RDAP) shows things that way:
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Domain Status: serverDeleteProhibited http://www.icann.org/epp#serverDeleteProhibited
Domain Status: serverTransferProhibited http://www.icann.org/epp#serverTransferProhibited
Note the hyperlinks given.
And for your specific one, the text displayed after the jump is:
This status indicates that it is not possible to transfer the domain name registration, which will help prevent unauthorized transfers resulting from hijacking and/or fraud. If you do want to transfer your domain, you must first contact your registrar and request that they remove this status code.
To nitpick, note that this is not "ICANN" status. The name comes from EPP, which is a protocol used by all gTLD registries and most of ccTLDs (but not all).
and is it the recommended approach for a serious website
This is vague in your question, but if you are serious about your domain name you should have a look at the following services that may be available for your domain (depending on who the registrar and the registry are):
"registrar lock" (or any other equivalent marketing name): this means your domain could not (more precisely: more difficult) be hijacked because it has an extra layer of protection that typically requires phoning the registrar or separate passwords, etc. When activated you may see clientUpdateProhibited and clientDeleteProhibited statuses typically. And clientTransferProhibited also (but this is often set by many registrars anyway, even outside this service, just to protect domains against hijacked transfers)
"registry lock": this is kind of the same logic but one step further. Even if the EPP connection from registrar to registry is hijacked, your domain could not be modified without some extra loops of authentication out of band, between the registry and registrar. In cases like that you may see serverUpdateProhibited or serverDeleteProhibited.
Side note: all statuses starting with client are set by the registrar (and it has full power on adding/removing them) and all with server at start, as well as any other, can only be set/removed by the registry and hence outside of registrar control. Registries do use them also during disputes for examples and things like that.
Note that the two services described above are not free, not standardized across registries or registrars (so what they cover exactly and what statuses they set or not will vary), and seldom used. But they are a real added protection.
Related
So my 'enabling' HTTPS stage for my CDN endpoint has been stuck for 3+ days at 'enabling cdn' with the usual message of: a verification request will be sent to the email listed in your domain’s registration record (WHOIS registrant).
Now, I have the CNAME set as you can't even add it if it's not set to the right CDN endpoint. I have cancelled the process and restarted it after 2 days and now at the 2'nd attempt it's been hanging for 3 days.
The issue is the email for verification via the WHOIS will always go to something like protected-by-gdpr#gdpr-protected.com -- some type of placeholder domain as due to GDPR in Europe WHOIS data is no longer available.
This is not like 'WHOIS GUARD' that still leaves a way of getting contact, nor it is changeable, it is by default enforced across all domains as far as I can tell.
Now my questions is, what do I do to enable HTTPS on my custom domain if it doesn't care/look at the CNAME records?
According to this doc, If the CNAME record entry for your endpoint no longer exists or it contains the cdnverify subdomain,
DigiCert also sends a verification email to additional email
addresses. If the WHOIS registrant information is private, verify that
you can approve directly from one of the following addresses:
admin#<your-domain-name.com>
administrator#<your-domain-name.com>
webmaster#<your-domain-name.com>
hostmaster#<your-domain-name.com>
postmaster#<your-domain-name.com>
You should receive an email in a few minutes, similar to the following
example, asking you to approve the request. If you are using a spam
filter, add admin#digicert.com to its whitelist. If you don't receive
an email within 24 hours, contact Microsoft support.
You also could verify the above addresses. As far as I know, some similar domain ownership verifying question such as could not get verified from WHOIS registrant or your domain owner information is not enough exposed publicly so that domain ownership verifying has a failure.
To get fix these issue quickly, you can directly contact Microsoft support. They will confirm the domain information for you. See another similar thread.
I needed to add digicert to my CAA authorities in my domains DNS setting, because I already had a value present, it wouldn't let me issue certificates unless I added that there.
I want to be able to programmatically register domains without having to rely on registrars (e.g. GoDaddy) and their associated fees. I know that registrars provide their own APIs but if I could connect to EPP servers directly (e.g. VeriSign) that would be best. Do I need to be an accredited registrar myself for that?
To register domains directly with the registry you must be ICANN Accredited, this in itself is a long and expensive process - $2,500 application fee, $4000/year and another variable fee each quarter. You must also have $70K working capitol among numerous other requirements
You will also need a fully ICANN compliant system, pay ICANN Fees for each domain registered, and get setup with the registries - most of which will require a deposit.
Unless you have a considerable number of domains, a lot of time and some good developers, or are willing to pay even more to use someone elses platform it's much better to find a decent registrar and work with them, some will offer an API so you can manage domains programmatically too such as Tucows if you sign up as a Reseller.
Source: Just completed all the above.
after some web research I hereby ask for some disambiguation of webhosting terms:
With a whois (as a command in a terminal or a web interface) one can detect the registrar of a specific domain.
This registrar is a company (e.g. InterNIC, OpenNIC...) which sold or rented the domain to a natural person.
Can this person also be detected via a certain command or only by requesing the registrar for this information?
If there's something mixed up, please bear with me :-)
PS: My question relates to this one but as I assume the real owner does not necessarily have to be the company who sold the domain. Am I right?
Regards and thanks in advance
There is some terminology that might be useful here:
Registry - The company/organisations who has the
agreement from ICANN to operate the
TLD (Top Level Domain, the .com,
.org, .net, .coop). These
organisations are only allowed to
sell these domain names to Registrars
(Wholesale)
Registrars - These are
the companies that you, as a Registrant, go to to register domain
names with. These registrars will
often be able to sell you additional
services like DNS, Email and Web
hosting.
Registrants - These are the
end users (you and me) who want a
domain name.
There are some registries that allow you to hide your (the registrant) details. An example of this is Nominet (who operate the ccTLD .uk). There are also some registrars that offer a proxy service which you can hide your true ID behind.
Your are correct in believing the the company who sold the domain (the registrar) is not person/company who registered the domain (the registrant). To make matters harder there is no standard format for the WHOIS output, which can been fetched from the registries WHOIS Server (TCP port 43). There is discussions at ICANN to push for a new standard IRIS that will standardise the result in an XML format, but this is a very long way off.
If you want to, like in the other question that you referenced, have to in some way identify if your visitor is the valid registrant of a domain name then the easiest way would be to allow the user to select one of the special RFC stated (sorry I can not remember which one it is) email addresses, that should be set up by the registrant, eg. postmaster#, hostmaster#, root#, admin#, and then send a unique code to that email address that the user can enter back via the website. This is one of the methods used by the SSL companies to verify the requester of a SSL certificate is authorised to use it.
Hope that this helps.
Jonathan
Using whois on domain name, you can person or company who has registered the domain. the output depends on who bought the domain - it could be a reseller and if it is, you will not get an info you want. http://whois.domaintools.com/stackowerflow.com
Using whois on IP address, you can detect hosting company:
ping stackowerflow.com # gives you 74.125.43.121
http://whois.domaintools.com/74.125.43.121
If you have a legal reason, why you need to contact website owner, the hosting company will pass his contact information to you. If you don't then just go to a website and look for a "contacts" page :)
using whois :
Domain nameserver information for enom domains:
http://blog.phpcode.co.in/php/domain-nameserver-information-enom-domains/
Domain nameserver information for UK domains:
http://blog.phpcode.co.in/php/domain-nameserver-information-for-uk-domains/
.name domains can be registered at the third level (ie: first.last.name can be registered in a way that last.name is shared first#last.name is forwarded, and separate people own different *.last.name domains).
However so far the only registrars I've found that support third-level .name domains don't support whois privacy (putting their info in whois instead of yours, forwarding the messages to you) and preferentially I'd like to keep whois protection on every domain name I own.
There are also 3rd party privacy protection services, but so far the only ones I've found don't support .name domains.
Are there any good registrars supporting third-level .name domains and privacy protection, or 3rd party whois privacy services that support .name domains?
I'm not sure what you're after here that you don't already have. Here's what I get when I do a whois daniel.friesen.name (omitting all the disclaimer boilerplate):
Domain Name ID: 4362273DOMAIN-NAME
Domain Name: DANIEL.FRIESEN.NAME
Domain Status: ok
That's it, no other identifying information is returned.
There are quite a few out there providing free whois privacy. You can see the full list here:
https://www.domcomp.com/tld/name
I manually checked a few providers and they seem up to date.
I've got a problem where I have a .co.uk domain of which I am the registrant but my web developers control the domain via easyspace.com. I'm not using the web developers anymore and it ended on bad terms so I would like to change my domain to another registrar without getting them involved. Does anyone know how I can do this?
Thanks
In order to do anything with your domain, you need to be a registered user for it. for every domain, there 4 types of registered user:
Registrant/Owner
Administrative Contact
Billing Contact
and Technical Contact
If you do a whois look-up of your domain name you can see if you are one of those registered users.
If you are, you should be able to contact the Registrar of record (i.e. GoDaddy, Network Solutions, GKG, etc.) and gain an account control login if you do not already have a login for them.
Once you have an account, you can change the Name Servers thereby pointing your site to a different server than it is currently, or initiate a transfer to a new registrar (which costs money - typically the price of a 1 year registration)
Tell them to give you control of it. You're not asking them to do something for you, you're just demanding them to hand over what's yours (assuming the domain is yours).
If you own the domain name, you should be able to change the information with the registrar to point it at another hosting service or your own.
Change your domain host to point to a new name server that you control.
You may lose your web site code but can always start a fresh.