## page was renamed from DNS/運用/Zoho/discussion DNS/運用/Zoho/discussionについて、ここに記述してください。 ここの記述をよく読むことにしよう。-- ToshinoriMaeno <> https://news.ycombinator.com/item?id=18059792 https://news.ycombinator.com/item?id=18059984 registrar について NameCheepに関してのコメント https://news.ycombinator.com/item?id=18063652 You would be surprised how prevalent these problems are even with supposedly reputable registrars. A commonly recommend option here in HN was NameCheap. Earlier this year without any notice they modified our DNS servers completely taking down our SaaS product. Why? Some migration script run incorrectly. They offered me a random TLD for free for one year as compensation! I declined. == walrus01 == https://news.ycombinator.com/item?id=18061023 This is a hard lesson for people that no matter how resilient your authoritative DNS infrastructure is, for your own nameservers (plus route53 or similar), your domain registrar is absolutely a single point of failure. Seizing a domain at the registrar level, by court order, is also how the US government implements "seizure" of domains, if you've ever seen a torrent index site that has suddenly been replaced with a big scary FBI page (examples: https://www.google.com/search?q=this+domain+has+been+seized+... ) == foo101 == https://news.ycombinator.com/item?id=18060109 {{{ Honest question: What exactly does it mean for a registrar to block a domain? I believed so far that for my browser to successfully connect to a web server running on a domain or for a mail server to deliver email to a domain, there should only be valid A, AAAA, MX, and/or CNAME records in the DNS. Was it really a block at the registrar level or was it a block at the DNS level, i.e., the registrar also ran DNS service and their DNS service refused to return responses for zoho.com domains? At what layer or at which stage of the protocol can a registrar disrupt this and take a domain offline? }}} --- https://news.ycombinator.com/item?id=18060455 dsp1234 3 days ago | parent | favorite | on: Zoho.com CEO says domain with 40M users suspended ... There are several layers where a registrar has control over DNS resolution. {{{ Terms: ICANN: The organization responsible for coordinating the maintenance of the domain name system (among other things). Registrar: A company authorized to update ICANN database on behalf of registrants.   Google, GoDadddy, Enom, etc are registrars Registrants: An entity that wants to register a domain name.   In this case, Zoho is a registrant, but it could also be an individual.   This is your role if you 'own' a domain. Authoritative Name Server: A domain name server that is considered authoritative for a specific domain. }}} Stuff registrars can do (among other things): {{{ 1.) They can update the ICANN database to disable a domain completely[1] 2.) They can replace your authoritative name servers with their own or someone else's (ex: botnet domains being reassigned to a security company for dismantling via court order)[2] 3.) If the authoritative name servers for a domain are owned by the registrar, then the registrar can merely change the DNS entries themselves to point to something other than the domain owner's wishes. }}} [0] - https://en.wikipedia.org/wiki/ICANN [1] - https://www.icann.org/resources/pages/epp-status-codes-2014-... [2] - https://www.icann.org/en/system/files/files/guidance-domain-...