Comments (0)

Problem:

On some systems when you are trying to generate dnssec keys using dnssec-keygen, it just hangs (seemingly) forever.

As per Alexander Gurvitz’s post in the Ubuntu forums:

It is NOT a bug.
In order to generate SECURE keys, dnssec-keygen reads /dev/random, which will block until there’s enough entropy available on your system. Some systems have very little entropy and thus dnssec-keygen may take forever.
Possible solutions:
1. apt-get install haveged
haveged daemon supplies lots of entropy to /dev/random.

2. dnssec-keygen -r /dev/urandom
Will use “non-blocking” pseudo-random device (lower security).

3. Move mouse and tap on keyboard – kernel uses this as entropy source.

4. Buy a hardware entropy device.

Easiest/best solution is #1, most expedient if you can’t even do that is #2.

Comments Off on How to log HTTP_HOST in apache logs on machines with many hostnames

Sometimes you find yourself operating web servers that handle many many hostnames, but they do not correlate to separate virtual hosts for each hostname.

Examples:

• URL Forwarders
• URL shorteners
• “Parked” pages (“This domain coming soon!”)
• PPC platforms
• Expired domain aggregators

You end up in a situation where a lot of domains are all coming through the same host config and ordinarily unless you are trapping for it in your code somewhere (“HTTP_HOST” environment variable) you wouldn’t know which requests are for which hostnames. Most of the time, you may not care.

Then the DDOS hits, or some other event where it suddenly becomes very important, urgent even, to know which hostname is causing all the problems so that you can pull the plug on it / reroute it someplace else or somehow put out the fire. Read more »

Comments Off on How to do a Whois lookup on the new Top Level Domains

There are many new Top Level Domains coming out (over 500 have gone live at the time of writing, as many as 1300 to come) and your favorite way to conduct whois lookups may not be working for domains suffixes such as .guru or .xyz

From a unix shell you can usually specify the whois server to query using the -h switch, question is, which whois server do you ask? It’s easy, you simply query whois.nic.{suffix}. Examples:

.finance -> whois.nic.finance

.guru -> whois.nic.guru

Your command would then look like this: Read more »

Comments Off on Know Your Domain Rights

Yesterday we wrote a guest piece for Techdirt that lamented the current “ad-hoc regulatory” landscape in the domain name industry.

We use the phrase “ad hoc” because given our experiences with both foreign law enforcement agencies and private lobby groups, they are issuing increasingly onerous “takedown” demands upon domain registrars with a complete lack of legal basis.

We recently won a ruling where we were able to free up a number of domain names were suspended and locked down (prevented from transferring out) through a complete absence of due process.

No sooner had the National Arbitration Forum (NAF) handed down their ruling, which upheld our arguments that we received a letter from a pharmacy lobby group “directing us to adopt practices and policies” which were not only in direct contravention of the current rules governing domain registrars, but also contradicted the fresh NAF ruling. Read more »

Comments (0)

At the time of writing there are only two ICANN accredited domain registrars in the world who accept Bitcoin payments:

1) easyDNS (Canada)

2) Namecheap (USA)

Comments (0)

( User Level: General )

The other day I came across a great blog post that explained how the author setup a domain name with “catch-all” or “wildcard” email forwarding which enabled him to track which of his online vendors were selling his email address or otherwise spamming him.

This is called using “canary email addresses”, I’ve been doing it for a long time with my own personal email domain.

How Canary Email Addressing Works

You would grab a domain name separate from what you use for your main personal, work, hobby email and websites. It can be anything and it doesn’t have to be pretty because humans will rarely even see it. Read more »

Comments (0)

(User Level: General )

I just found the following email sent to us in our easyDNS support queue:

From: Global Domains International
Subject: Regarding your domain name neverloseanotherdomain.net
Date: Tue, 01 May 2012 17:01:41 +0400
To: hostmaster@easydns.com From: Global Domains International

Hello, I have the .COM version of your domain name
neverloseanotherdomain.net for sale.

Would you be interested in buying the domain for $250 seeing as though
you own the same domain but in another extension ?

We can use Escrow for the transfer and I will cover the fees.
Let me know

Thankyou Shawn.
Global Domains International

Read more »

Comments (0)

( User Level: Basic / Intermediate )

The other day we sent out our primer on the three different types of nameservers and why it serves your interests to know them and what role each one plays. In this post we concern ourselves with Resolvers – those nameservers we all use that do all the DNS lookups we require to conduct our routine activities on the internet.

DNS Changer: A Racket To Intercept Your DNS Queries

Paul Vixie (creator of the bind software that powers the vast majority of nameservers on the internet) recently related the story of “DNS Changer” and the role of his organization in taking it down. It reads like something out of a Tom Clancy novel, only this really happened:
Read more »

Comments Off on The Three Basic Types of Nameservers

( User Level: Basic / Layman )

The best way to understand the difference between DNS servers is to think of them in three groups which correspond to three basic aspects of the domain naming system:

1) Authoritative Nameservers
2) Resolvers
3) Root Servers

Read more »