Jerry 🦙💝🦙

I just transferred infosec.exchange from gandi to dnsimple and it took maybe 4 hours from start to finish. That used to be a much more painful process.

Also, does anyhow know how domain transfers are handled where the domain to be transferred has several years of pre-payment left?

Oct 6, 2024 at 12:16amWeb
Show threadJoshua GlemzaOct 6, 2024
@jerry I believe it just tacks another year onto the expiration. You do not lose any time.
Show threadJerry 🦙💝🦙Oct 6, 2024
@jglemza excellent. Thank you
Show threadskryOct 7, 2024
@jerry @jglemza That’s what happened for me last week when I moved from Gandi to Porkbun. The prepaid years came with even though I was pretty sure they would not. I may also have gotten an extra year, but not sure.
Show threadDave AndersonOct 6, 2024
@jerry Does `whois your-domain.com` show an expiration date that reflects the pre-payment? If so, that will carry over between registrars. ICANN rules say you must pay for at least 1 extra year with the incoming registrar (so they see some profit from you when they onboard the domain), and that year also gets added to the expiry date.
Show threadDave AndersonOct 6, 2024
@jerry In general, what you care about is the state at the underlying registry that's managing your domain's TLD. Registrars just tell the registry that a domain is under their management, who owns it and when it expires. Moving between registrars is just those two registrars cooperatively updating the "which registrar is managing this domain on behalf of the owner?" records, but all the rest of the info (incl. expiration) carries over.
Show threadDave AndersonOct 6, 2024
@jerry The one caveat is that there is an upper limit on how far in the future you can extend a registration. It varies by TLD but 10 years is a common upper bound. If you pre-paid for longer than that, the prepayment might be sitting in a credit account with the registrar, and you'd have to talk to them to get it back. But I don't recall Gandi offering anything like that, from my own experience.
Show threadMatt NordhoffOct 6, 2024
@jerry FWIW, gTLDs all work the same, but ccTLDs can have wildly different policies. Transferring between regostrars might be free, or you might not gain an extra year of time, or the maximum might be different.
Show thread🆘Bill Cole 🇺🇦Oct 6, 2024
@jerry The 3 times I’ve moved domains I’ve gotten full credit for the prepaid years. I believe they must do that because the registration has been done and registries don’t move expiration dates backwards. At least not the decent ones.
Show threadWladimir PalantOct 6, 2024

@jerry Sorry to be a spoil, but are you aware of media.infosec.exchange not resolving?

$ host media.infosec.exchange
Host media.infosec.exchange not found: 2(SERVFAIL)

https://downforeveryoneorjustme.com/media.infosec.exchange

Show threadJerry 🦙💝🦙Oct 6, 2024
@WPalant I was not aware. I’ll take a look
Show threadJerry 🦙💝🦙Oct 6, 2024
@WPalant its definitely up and working (that is bunny.net). I am wondering it this is because I recently enabled dnssec on infosec.exchange.
Show threadWladimir PalantOct 6, 2024

@jerry I tried going to the authoritative server directly. What I get then:

$ host infosec.exchange ns1.dnsimple.com
Using domain server:
Name: ns1.dnsimple.com
Address: 2400:cb00:2049:1::a29f:1804#53
Aliases:

infosec.exchange has address 151.101.195.52
infosec.exchange has address 151.101.3.52
infosec.exchange has address 151.101.67.52
infosec.exchange has address 151.101.131.52
infosec.exchange has IPv6 address 2a04:4e42::820
infosec.exchange has IPv6 address 2a04:4e42:200::820
infosec.exchange has IPv6 address 2a04:4e42:400::820
infosec.exchange has IPv6 address 2a04:4e42:600::820
infosec.exchange mail is handled by 0 dino.llama.one.

$ host media.infosec.exchange ns1.dnsimple.com
Using domain server:
Name: ns1.dnsimple.com
Address: 2400:cb00:2049:1::a29f:1804#53
Aliases:

media.infosec.exchange is an alias for infosecexchange.b-cdn.net.
Host infosecexchange.b-cdn.net not found: 5(REFUSED)
Host infosecexchange.b-cdn.net not found: 5(REFUSED)

$ host infosecexchange.b-cdn.net ns1.bunnydns.com
Using domain server:
Name: ns1.bunnydns.com
Address: 157.53.226.1#53
Aliases:

infosecexchange.b-cdn.net has address 138.199.37.225
infosecexchange.b-cdn.net has IPv6 address 2400:52e0:1e00::722:1

Weird… Maybe there is some bad cached state…

Show threadJerry 🦙💝🦙Oct 6, 2024
@WPalant yeah, dnsimple isn’t authoritive for bunny.net’s cdn domain and it isn’t a recursive name server, so it’ll not resolve those
Show threadWladimir PalantOct 6, 2024
@jerry Yes, when I query the authoritative server for the CDN it works. I’m trying to figure out why my router cached a wrong state (or whatever this is).
Show threadJerry 🦙💝🦙Oct 6, 2024
@WPalant in any event, I switched registrars today for infosec.exchange and switched dns hosting and turned on dnssec. I guess it’s remarkable it works at all. I am poking at it to see if anything is wrong though
Show threadWladimir PalantOct 6, 2024

@jerry Ok, I could establish that the problem isn’t local, it’s my provider’s DNS server (Deutsche Telekom). It can resolve infosecexchange.b-cdn.net but it won’t resolve either infosec.exchange or media.infosec.exchange. I guess I can only access infosec.exchange because its IP address is cached…

I do think that they support DNSSec. But maybe they didn’t get the memo that they need to query a different authoritative DNS server now.

Show threadJerry 🦙💝🦙Oct 6, 2024
@WPalant that’s not so good. Hopefully it is a dns authority propagation delay that will resolve soon. Everything I can check, like this: https://www.whatsmydns.net/#A/infosec.exchange shows that it’s answering correctly all over the world.
DNS Propagation Checker - Global DNS Checker Tool

Instant DNS Propagation Check. Global DNS Propagation Checker - Check DNS records around the world.

Show threadWladimir PalantOct 6, 2024
@jerry I’ve added the IP address to the hosts file for now. And – yes, I hope that this will correct itself in a few hours.
Show threadWladimir PalantOct 6, 2024
@jerry Actually, now I get a response from the provider’s DNS server for media.infosec.exchange. Still nothing for infosec.exchange but they should get it eventually…
Show threadWladimir PalantOct 6, 2024
@jerry Yep, now infosec.exchange resolves as well, all good.
Show threadAlexander BochmannOct 6, 2024
@WPalant @jerry Telekom resolvers have been known to ignore such details as TTLs and do their own thing, at least ages ago when I was dealing with such stuff...
Show threadMackajOct 6, 2024

@jerry

There are a couple of errors showing on DNSviz.

https://dnsviz.net/d/infosec.exchange/dnssec/

@WPalant

infosec.exchange | DNSViz

Show threadJerry 🦙💝🦙Oct 6, 2024
@mackaj @WPalant yeah, those have to do with how dnsimple signs their records. It’s working fine, but I am going to ask them when they sign that way.
Show threado0-oOct 6, 2024
@jerry what drove you away from gandi?
Show threadJerry 🦙💝🦙Oct 6, 2024
@o0_o the ability for dnsimple to automate dnssec updates if I host both my dns and registration with them.
Show threadDiogenes PontifxOct 6, 2024
@jerry Can you say anything about your reasons for switching to dnsimple? Another gandi customer here, wondering if there’s anything I should know.
Show threadJerry 🦙💝🦙Oct 6, 2024
@dpontifex I didn't/don't have any issues with gandi (I know some people are trying to spin up some FUD about them being bought, but I've not seen anything bad happen and it has been a while). The reason for the move is that dnsimple allows for very automated dnssec configs if they are both the registrar and host the authoritative DNS servers. So it was mainly for dnssec, which I could have made woirk without transferring to dnsimple, but I am at a point where I'm trying to decomplicate where I can.
Show threadskryOct 7, 2024
@dpontifex @jerry I moved from Gandi because they started charging for my formerly free email. I moved to Porkbun because they are in my region, have great customer service, and run on green energy.