![[PICTURE: toolbox]](http://domainhelp.com/wp-content/themes/DomainHelp/images/easyguy.png)
The DomainHELP experts work in the industry and demystify the byzantine and Kafka-esque world of domain names and DNS.
Comments (0) If I’m working on a box that doesn’t have a nameserver installed and I want to do some diagnostics I can never remember the name of the debian package that contains the utilities such as host and dig.
The magic answer is dnsutils
$ sudo apt-get install -y dnsutils
There are plenty of tutorials around on how to enable DNSSEC on a domain name, every once in awhile you may find yourself in a situation where you want to turn it off.
When that happens it is often misunderstood, and people think that by simply removing the keys from their zone and reloading it as a clear, unsigned zone, they’ve disabled DNSSEC. Read more »
DNS
| 
dnssec, DS Records
Tucows is the second largest domain registrar in the world, however most of their domain registrants deal with them through resellers.
If you have a problem with your domain that requires Registrar assistance, you are supposed to go through your reseller.
If you don’t know who your reseller is, Tucows offers this utility to find out:
Problem:
On some systems when you are trying to generate dnssec keys using dnssec-keygen, it just hangs (seemingly) forever.
As per Alexander Gurvitz’s post in the Ubuntu forums:
It is NOT a bug.
In order to generate SECURE keys, dnssec-keygen reads /dev/random, which will block until there’s enough entropy available on your system. Some systems have very little entropy and thus dnssec-keygen may take forever.
Possible solutions:
1. apt-get install haveged
haveged daemon supplies lots of entropy to /dev/random.2. dnssec-keygen -r /dev/urandom
Will use “non-blocking” pseudo-random device (lower security).3. Move mouse and tap on keyboard – kernel uses this as entropy source.
4. Buy a hardware entropy device.
Easiest/best solution is #1, most expedient if you can’t even do that is #2.
Comments Off on How to log HTTP_HOST in apache logs on machines with many hostnames Sometimes you find yourself operating web servers that handle many many hostnames, but they do not correlate to separate virtual hosts for each hostname.
Examples:
You end up in a situation where a lot of domains are all coming through the same host config and ordinarily unless you are trapping for it in your code somewhere (“HTTP_HOST” environment variable) you wouldn’t know which requests are for which hostnames. Most of the time, you may not care.
Then the DDOS hits, or some other event where it suddenly becomes very important, urgent even, to know which hostname is causing all the problems so that you can pull the plug on it / reroute it someplace else or somehow put out the fire. Read more »
Comments Off on How to do a Whois lookup on the new Top Level Domains There are many new Top Level Domains coming out (over 500 have gone live at the time of writing, as many as 1300 to come) and your favorite way to conduct whois lookups may not be working for domains suffixes such as .guru or .xyz
From a unix shell you can usually specify the whois server to query using the -h switch, question is, which whois server do you ask? It’s easy, you simply query whois.nic.{suffix}. Examples:
.finance -> whois.nic.finance
.guru -> whois.nic.guru
Your command would then look like this: Read more »
Comments Off on Know Your Domain Rights Yesterday we wrote a guest piece for Techdirt that lamented the current “ad-hoc regulatory” landscape in the domain name industry.
We use the phrase “ad hoc” because given our experiences with both foreign law enforcement agencies and private lobby groups, they are issuing increasingly onerous “takedown” demands upon domain registrars with a complete lack of legal basis.
We recently won a ruling where we were able to free up a number of domain names were suspended and locked down (prevented from transferring out) through a complete absence of due process.
No sooner had the National Arbitration Forum (NAF) handed down their ruling, which upheld our arguments that we received a letter from a pharmacy lobby group “directing us to adopt practices and policies” which were not only in direct contravention of the current rules governing domain registrars, but also contradicted the fresh NAF ruling. Read more »
Comments Off on What the New Canadian Anti-Spam Legislation (CASL) Actually Means Last week I became aware of a flurry of attention around forthcoming Canadian Anti-Spam Legislation. ITBusiness.ca ran a twitter round-up under the hashtag #BeCASLReady and suddenly it seemed this was the next big internet legislative thing to be aware of up here in Canada.
So after our cursory examination of the text of the legislation, here is our take on it and what it means (usual disclaimers apply, we aren’t lawyers). Read more »
( User Level: General )
The other day I came across a great blog post that explained how the author setup a domain name with “catch-all” or “wildcard” email forwarding which enabled him to track which of his online vendors were selling his email address or otherwise spamming him.
This is called using “canary email addresses”, I’ve been doing it for a long time with my own personal email domain.
You would grab a domain name separate from what you use for your main personal, work, hobby email and websites. It can be anything and it doesn’t have to be pretty because humans will rarely even see it. Read more »
![[PICTURE: toolbox]](http://www.domainhelp.com/wp-content/themes/DomainHelp/images/easydns_logo.png){kind=logo}
