In light of the seizure of Backpage.com.
How does the process of DNS seizure process technically work? Is there a change in the A Record of the DNS to redirect to the seizure IP notification site?
According to this (non-authoritative) webpage: https://comptutor.me/2015/05/25/prevent-domain-seizures/
The government agency finds the registrar responsible for the domain (GoDaddy, NameCheap, etc). The registrar must be under the jurisdiction of the agency and the court that determined the name must be seized.
Agency gets a court-order that shows they have the right to control the domain-name.
Agency contacts the registrar, referencing the court-order.
The registrar authenticates the court-order (hopefully!) and then moves their internal registration to a different customer account representing the agency.
If the registrar was also hosting the DNS zone, then the zone may or may not be copied over - but more than likely they won't, so they'll just change the domain's SOA (Start of Authority) record to point to DNS zone servers that are under the control of the agency (or self-hosted by the registrar themselves).
So no A records are updated directly - though that is an option if the registrar is hosting the zone, it's far more straightforward just to treat it like any other (voluntary) domain-transfer between two customers of the same registrar.
The court-order may also order the domain name be transferred to another registrar, though as that takes more time it may make sense to do an internal transfer.
Related
I am trying to add a DNS TXT record to my domain that i bought, yet the company I bought it from doesn't have an option to add DNS records in their user interface..
Is there a way I can add records using cmd or an external software?
My domain is found in the WhoIs system and the registrar information is the following:
registrar name: Peligon Ltd
registrar info: http://www.webline.co.il/
I need it to approve my domain from firebase
Your best bet is to point your domain nameservers to Cloudflare. Create a free account on Cloudflare and add your domain. You will be given two nameservers that will need to be configured by the registrar. Even if there's no UI, they should still be able to configure this on their end or at worst go to the parent registrar and get them to do it. This process can take time but it's worth it in the long run.
Once the whole process completed (can take up to 48hrs for any nameservers or DNS changes, sometimes longer for small registrars whi are not very active), you will have full access to manage all DNS aspect of your domain. All DNS records will be in your total control. You will only need to deal with the registrar for your domain renewal.
When using Cloudflare, you don't need to turn on the orange cloud - it's just good to have but if you only need to manage DNS, you can turn that off and start managing it right away.
say you have a domain (mydomain.com) in registered to a registrar, say namecheap,
you have setup MX record to handle email sent to your domain
you had setup an A record to make a subdomain use a different webhost
Name: intranet.mydomain.com
Value: 108.xxx.xxx.xx
Type: A name
now, you want to host the primary domain to a webhost, so that when a user load mydomain.com to their browser it will use webhost to load the resources
Question, the webhost requires you to update domain nameserver to use
ns1.myhost.com
ns2.myhost.com
Will updating my nameserver to my domain registrar to use the nameservers above will void/not-implement the already existing A records?
If not, how do you solve the problem?
Thanks!
In somewhat laymen's terms:
You need to distinguish between 3 different (yet related) services:
Domain name registration - you pay for your domain name here. Except for the name itself, here you need to enter your Domain Name server names, which will point to where the next service is hosted:
DNS service - here is where you enter all your records (A, MX, ...) which point to your other services (web hosting, mail servers, etc..)
Service hosting provider (for example web hosting, or email service)
You can have different parties host these services for you, but it is not uncommon that one service provider can offer all these services. From your description, it looks like that at the moment your Name registrar (1) is also hosting your DNS service (2) (which is quite common). Now, your new web hosting provider wants to host your DNS service, and is requiring that at your name registrar, you enter its name server names (which is also not uncommon). And you are right, if you do that, any DNS records that you entered at your current DNS provider will be void (they will remain there, but no end user will ever see them since (1) will point them to use your new hosting provider's name service to resolve your domain records).
You have two options:
Do not comply with your webhost's request, instead ask them what DNS records (probably A or CNAME) you need to add at your current DNS service provider in order that your new website becomes reachable.
Comply with your webhost's request, but then you will have to go to your new provider's name service console and again add all the records that you already have entered at your previous DNS provider.
I would choose option 1, as less risky
Let's say I register the domain name mydomain.com using GoDaddy (or any other registrar). Then I immediately delegate the domain to Azure (i.e change the NS records for the domain to point to Azure's name servers). As far as I understand I would then use Azure's DNS admin tools exclusively to add/change/delete DNS records fot my domain.com.
But do I still need to have any type of relation with GoDaddy (or whichever registrar I used to register mydomain.com)? For example, if I would like to delegate my domain once more from Azure to some other nameserver would I do this through Azure or GoDaddy? Or when I need to renew my domain name, would I have to do this through GoDaddy? Or if my GoDaddy account is hacked, would mydomain.com be at risk somehow? Or would GoDaddy be involved with mydomain.com in some other way I haven't considered?
The registrar is still key in almost every situation.
They are the people you pay your subscription/fee for the domain name (normally every few yrs depending on the domain).
They are the 'tag' holder (in the case of .uk names some info here) which means they are the ones you have to approach if you wanted to move your actual name (and payment) to another registrar (e.g if you decided you didn't like GoDaddy any more you could move to Namesco, or someone else) .com domains have a similar setup
Renewals and any changes to the account or domain name would go via the registrar - this includes any further/new delegation you might do.
If your registrar account gets hacked then anything associated with that account is 'at risk' this includes the hijacking of the domain name to be pointed anywhere.
Your registrar is usually the controlling name server (Check the whois records) so any query would hit them first before any delegations you have in place.
You talked about further delegation of your domain; so presuming one day you decide to move from Azure to AWS (say) then you would go back to your registrar portal and update the NS records to point to your new IP(s) on your new host.
You can either you manage all your DNS via your registrar, or delegate the NS records (as you have already) and run your own DNS Server. In your setup you use the Azure (or whatever) tools to manage your actual records, but you would need to go back to the registrar to manage the NS records that controlled the delegation of the domain. You should note that not all registrar will allow the delegation of NS records and in effect 'force' you to use there own portal/DNS tools so check carefully.
The short of it is - you still have and must maintain any relationship
with the registrar.
I am working with a company, developing and managing a web site for them.
I have control over the web servers, but the company is managing DNS for the domain.
Due to their security policy, the web servers are prohibited from issuing outbound email - they won't add the appropriate SPF/DKIM records to DNS to permit this. Instead, I've been told that they will "delegate" the authority of the domain to me by forwarding traffic to nameservers (of my choice), where I am responsible for creating new DNS records to handle that traffic. In these new DNS records, I would add in the appropriate SPF/DKIM records.
It is like I am managing the DNS, but the company still owns it.
The problem is very strange to me, and I am not familiar with the inner workings of nameservers. Is the relationship of a zone file to a domain name one-to-one? Would I need a second zone file registered somewhere to hold these new DNS records? Do I need direct control over the nameservers, or can I work with nameservers provided by a third-party hosting company?
Sorry for the lack of direction - this is new territory for me in a world that I'm already not that well-versed in.
Thanks in advance
The delegation is a DNS server owning a zone (ie. example.com) and announcing to everyone that a part of this zone (say deleg.example.com) is delegated to another DNS server which can define its own records as long as they are in the deleg.example.com zone.
In your case, it means that you will maintain a subdomain that will hold your NS and SPF/DKIM records. This subdomain behaves in a similar way as the main domain thus you will need a second DNS zone file (and another DNS server).
This is similar to what root servers do with top level domains (they own the com / net / whatever zones) and subdomains sold to companies / people (ie. google.com handles whatever lies in the google.com zone but does not affect the "com" zone).
We frequently take over the domain names of our clients when we take over the management of their site. Normally the transfer progress goes fine. However sometimes we have issues with DNS settings during the transfer progress as the transfer involves moving the DNS records to our registrars nameservers.
It seems to be that the outgoing registrar is deleting the DNS info from their nameservers before we have a chance to manage the domain through our registrar and setup the DNS info on our registrar's nameservers. This obviously leads to a few hours (potentially a couple of days) of downtime for users.
I am wondering if anyone else ever has this problem and if there is a way to avoid it. Is there some kind of a guideline for how long the outgoing registrars needs to keep the DNS info on their nameservers? Or how should we manage this process to never have this downtime occur. As I said this only happens sometimes - and it alawys seems to be with with .com/.net/.org domains but not with .uk domains (we are a UK based company).
We are having the same problem with a .com domain. It only seems to happen when you have domain and hosting in the old provider together in the same pack and when trasferring the domain the hosting is also turned down along with all DNS records. Not all providers behave that way.
I would get a new hosting and change DNS in the whois before ordering the domain transfer, being sure that the new hosting is working.
In our case the old registrar didn't allow us change the whois, so we took the chance and it failed. Once the mess is done, I suppose we can only wait.