MoinQ:

DNS/運用/Zoho/discussionについて、ここに記述してください。

ここの記述をよく読むことにしよう。-- ToshinoriMaeno 2018-09-28 00:09:13

https://news.ycombinator.com/item?id=18059792

https://news.ycombinator.com/item?id=18059984 registrar について NameCheepに関してのコメント

https://news.ycombinator.com/item?id=18063652

You would be surprised how prevalent these problems are even with supposedly reputable registrars.

A commonly recommend option here in HN was NameCheap. Earlier this year without any notice they modified our DNS servers completely taking down our SaaS product.

Why? Some migration script run incorrectly.

They offered me a random TLD for free for one year as compensation! I declined.

1. walrus01

https://news.ycombinator.com/item?id=18061023

This is a hard lesson for people that no matter how resilient your authoritative DNS infrastructure is, for your own nameservers (plus route53 or similar), your domain registrar is absolutely a single point of failure.

Seizing a domain at the registrar level, by court order,

(examples: https://www.google.com/search?q=this+domain+has+been+seized+... )

2. foo101

https://news.ycombinator.com/item?id=18060109

Honest question: What exactly does it mean for a registrar to block a domain? I believed so far that for my browser to successfully connect to a web server running on a domain or for a mail server to deliver email to a domain, there should only be valid A, AAAA, MX, and/or CNAME records in the DNS.

Was it really a block at the registrar level or was it a block at the DNS level, i.e., the registrar also ran DNS service and their DNS service refused to return responses for zoho.com domains?

At what layer or at which stage of the protocol can a registrar disrupt this and take a domain offline? 

--- https://news.ycombinator.com/item?id=18060455

dsp1234 3 days ago | parent | favorite | on: Zoho.com CEO says domain with 40M users suspended ...

There are several layers where a registrar has control over DNS resolution.

Terms:
ICANN: The organization responsible for coordinating the maintenance of the domain name system (among other things).
Registrar: A company authorized to update ICANN database on behalf of registrants. 
  Google, GoDadddy, Enom, etc are registrars
Registrants: An entity that wants to register a domain name. 
  In this case, Zoho is a registrant, but it could also be an individual.
  This is your role if you 'own' a domain.
Authoritative Name Server: A domain name server that is considered authoritative for a specific domain.

Stuff registrars can do (among other things):

 1.) They can update the ICANN database to disable a domain completely[1]
 2.) They can replace your authoritative name servers with their own or someone else's 
   (ex: botnet domains being reassigned to a security company for dismantling via court order)[2]
 3.) If the authoritative name servers for a domain are owned by the registrar,
  then the registrar can merely change the DNS entries themselves to point to something
  other than the domain owner's wishes.

[0] - https://en.wikipedia.org/wiki/ICANN

[1] - https://www.icann.org/resources/pages/epp-status-codes-2014-...

[2] - https://www.icann.org/en/system/files/files/guidance-domain-...

MoinQ: DNS/運用/事件/Zoho/discussion (last edited 2021-03-27 09:51:34 by ToshinoriMaeno)