It's important to remember that "just" DNS records are anything but "just" safe. Keep in mind that when you do this, you grant a third-party organization the ability to 'vouch' to anyone that they 'own' your domain or a URL at it, as long as the 'vouch' test supports http:// or https:// URLs.
This is the case for all web-hosting everywhere on the Internet. I host all of my domains through third-party providers, knowing and accepting the above-described risk. I consider it so low likelihood and of only medium impact if something ever occurs. The value is immense, the time spent is small, and the tradeoff worth it.
Imagine if someone phoned up your IT department and asked them to fix the MX record due to a mail server outage. Would you notice if your Received headers added a hop you weren't familiar with before? How long would they be able to record your company's email before someone noticed?
So I encourage taking DNS with absolute seriousness, and careful consideration of changes, and never simply assigning "just" 2 records to anyone, ever. Given 2 records, someone can do a lot more damage than any website hack ever could.
ps. "IN TYPE15" or thereabouts is another way to state "IN MX", to further convey why it can be very dangerous to follow instructions. Most admins would pause at an MX change, but most wouldn't think twice about a custom "TYPE15" record 'not supported by BIND yet', given sufficient verbiage.
Keep in mind that this is an A record (and a TXT one) not an MX record, the only thing they can do with it is change the content of the site (which is what you want them to do).
Tough I've known extremely incompetent IT support, I think even they would be suspicious of someone proving his identity by making a "this is me" html page.
I still think that way too but I'm old. I remember back when domain names first opened up for registration in the early 90s and talking about it with a friend. We recognized the opportunity but thought it'd be unethical to exploit it. Now it's 25 years later and I still have my smug sense of moral superiority but am no richer for it.
Honestly depends on the situation I feel. If people are just registering up a bunch of valuable names then yeah I'm not a fan.
The other kind of person is (like me, so bias) the type who register domains with a project in mind but time or resources don't get funnelled to the project so the domain may as well be released back into the wild - In this case the domain still has however long it's registered for left on the registration and will likely be scooped up by a domain drop bot by the first kind of domainer. It's always nice for a failed project to at least break even through the domain sale.
When killing off projects I usually try to find someone who might like to own the domain and offer to push it to them gratis if they've got an account on the same registrar if the domain's going to expire within 6 months or so
I completely agree, DNS-parking is harmful. However, I can't imagine a system for banning or enforcing 'fair use' of a domain. How would it be financed and run?
I also can't imagine how you would legislate around the sales process of domains.
I've thought through a few options, but all paths lead back to a marketplace for domains as assets. In said marketplace, there will always be the equivalent of investment and speculation - so domain-parking is inevitable.
I agree with you. I think domain parking is a dirty thing. Most people see it as an "investment" though, but the reality, is that by squatting on a domain, your mostly just preventing others from using it. Very few would be willing to pay you for it.
I don't think all domain parking is harmful. Buying a known brand and extorting, sure.
But, I registered several <word>media.com names and sold them for $200 to $2k each. I just saw the trend of that style of domain. Didn't feel bad about it. It seems similar to buying land and sitting on it.
It kinda bugs me, as do a few other things with the way we manage the name system. But I don't think there was ever any route we could have taken where the DNS namespace wasn't going to become either an opportunistic and polluted disaster or an unused relic.
A simple solution (with its own problems of course) is to charge $100 per year, rather than $10 per year, for each dot-com domain. This would destroy the economics of the parking business, except for the highest-value names, and thus would make a lot of names available for constructive use.
Careful. Pointing your A record to a third party allows that party to use HPKP [1] with a long expiry period and never give you the key, potentially nuking the domain (for anyone who has visited it before you sell it).
This is a pretty serious attack - is there really no way to mitigate it? An arbitrary HTTP header is pretty low on the totem-pole of trust, so why don't they periodically check DNS records for corroboration?
You may want to look into adding a CAPTCHA or some other kind of spam prevention system to the contact form. Spambots these days will fill in any contact forms with all kinds of spam.
If you're remailing those contact form responses through your server to the domain owner, these spambots will damage your IP reputation and legit inquiries might start getting blocked.
I'm curious, why do you ask your users to create an A entry for this? I think a CNAME/ALIAS entry to the domain of the service would be a safer choice in case you should be forced to change your IP address (e.g. if you change your hosting provider), which would currently force all your users to update their A entries. Also, using a CNAME domain would allow you to hide your IP address behind a CDN service like Cloudflare, which can be handy sometimes (e.g. for DDoS protection).
Cool project. We do something very similar with an internally made lander for our domain portfolio, and it works well. Lots of serious buyers contact via e-mail listed on whois too.
One thing very useful is to have analytics, perhaps you could add a feature for users to input a Google Analytics tag (UA-000000).
Side note: for anyone who actually wants to sell/buy a domain in a private transaction, I highly recommend Escrow.com as an escrow service.
Thank you so much. I acquired blackmail.io as part of a, now defunct, project and had been meaning to put it up for sale. This was the perfect lazy solution for me :)
Tips for pricing your domain:
1. Think of how attached you are to the domain
2. Think of how much you think you'd be willing to pay for the domain in the open market
3. Think of how much the cleveriness of the domain name is
Add all these values together, and multiply it by 2.
Is there also a way to do it without the price? Putting a price on it directly will either cause people to not bother if it's too high for some side project or make it too cheap if some huge corp wants to buy it.
Hi, nice and simple site. Thanks!
Maybe in the future can you give analytics as to who is visiting the site? That way we can get an idea of the demographics of who is going to which domain? (paid feature maybe)
Great idea. Would you prefer to have basic analytics in the dashboard, or being able to add Google Analytics and have better analytics from GA dashboard?
Cool idea. I hope you somehow confirm the listing on the dashboard, otherwise someone can just list some domains under your username to cost you money ;)
You can already set the price in the dashboard.
But the idea was to be able to manage your domain from your registrar without having to login on domdb.
[+] [-] floatingatoll|8 years ago|reply
This is the case for all web-hosting everywhere on the Internet. I host all of my domains through third-party providers, knowing and accepting the above-described risk. I consider it so low likelihood and of only medium impact if something ever occurs. The value is immense, the time spent is small, and the tradeoff worth it.
Imagine if someone phoned up your IT department and asked them to fix the MX record due to a mail server outage. Would you notice if your Received headers added a hop you weren't familiar with before? How long would they be able to record your company's email before someone noticed?
So I encourage taking DNS with absolute seriousness, and careful consideration of changes, and never simply assigning "just" 2 records to anyone, ever. Given 2 records, someone can do a lot more damage than any website hack ever could.
ps. "IN TYPE15" or thereabouts is another way to state "IN MX", to further convey why it can be very dangerous to follow instructions. Most admins would pause at an MX change, but most wouldn't think twice about a custom "TYPE15" record 'not supported by BIND yet', given sufficient verbiage.
[+] [-] Illniyar|8 years ago|reply
Tough I've known extremely incompetent IT support, I think even they would be suspicious of someone proving his identity by making a "this is me" html page.
[+] [-] Arkanosis|8 years ago|reply
Am I, in 2017, the only one left thinking that domain parking is a harmful activity? Like… the DNS equivalent of patent trolling…
[+] [-] NelsonMinar|8 years ago|reply
[+] [-] corobo|8 years ago|reply
The other kind of person is (like me, so bias) the type who register domains with a project in mind but time or resources don't get funnelled to the project so the domain may as well be released back into the wild - In this case the domain still has however long it's registered for left on the registration and will likely be scooped up by a domain drop bot by the first kind of domainer. It's always nice for a failed project to at least break even through the domain sale.
When killing off projects I usually try to find someone who might like to own the domain and offer to push it to them gratis if they've got an account on the same registrar if the domain's going to expire within 6 months or so
[+] [-] tobltobs|8 years ago|reply
[+] [-] yaseer|8 years ago|reply
I also can't imagine how you would legislate around the sales process of domains.
I've thought through a few options, but all paths lead back to a marketplace for domains as assets. In said marketplace, there will always be the equivalent of investment and speculation - so domain-parking is inevitable.
[+] [-] nebabyte|8 years ago|reply
[+] [-] nhumrich|8 years ago|reply
[+] [-] tyingq|8 years ago|reply
But, I registered several <word>media.com names and sold them for $200 to $2k each. I just saw the trend of that style of domain. Didn't feel bad about it. It seems similar to buying land and sitting on it.
[+] [-] forgottenpass|8 years ago|reply
[+] [-] my_first_acct|8 years ago|reply
[+] [-] raulk|8 years ago|reply
[1] https://en.m.wikipedia.org/wiki/HTTP_Public_Key_Pinning
[+] [-] DaiPlusPlus|8 years ago|reply
[+] [-] corobo|8 years ago|reply
I think you may be underestimating a little just how many domains people have if they're in the business of selling them!
[+] [-] tompec|8 years ago|reply
[+] [-] r1ch|8 years ago|reply
If you're remailing those contact form responses through your server to the domain owner, these spambots will damage your IP reputation and legit inquiries might start getting blocked.
[+] [-] tompec|8 years ago|reply
[+] [-] ThePhysicist|8 years ago|reply
[+] [-] ShakataGaNai|8 years ago|reply
[+] [-] kf5jak|8 years ago|reply
[+] [-] i4i|8 years ago|reply
[+] [-] fireworks10|8 years ago|reply
One thing very useful is to have analytics, perhaps you could add a feature for users to input a Google Analytics tag (UA-000000).
Side note: for anyone who actually wants to sell/buy a domain in a private transaction, I highly recommend Escrow.com as an escrow service.
[+] [-] tompec|8 years ago|reply
I planned to add more options to customize the landing page, including adding the GA tag ;)
Thanks for the tip!
[+] [-] amingilani|8 years ago|reply
Tips for pricing your domain:
1. Think of how attached you are to the domain
2. Think of how much you think you'd be willing to pay for the domain in the open market
3. Think of how much the cleveriness of the domain name is
Add all these values together, and multiply it by 2.
[+] [-] sigi45|8 years ago|reply
[+] [-] compuguy|8 years ago|reply
[+] [-] hyperpape|8 years ago|reply
Seriously, I can't think of a reason. You can have it registered without having anything there, so what is the advantage of parking it?
[+] [-] tompec|8 years ago|reply
[+] [-] dewey|8 years ago|reply
[+] [-] tompec|8 years ago|reply
[+] [-] drefanzor|8 years ago|reply
[+] [-] tompec|8 years ago|reply
[+] [-] dola|8 years ago|reply
[+] [-] echan00|8 years ago|reply
[+] [-] tompec|8 years ago|reply
[+] [-] unknown|8 years ago|reply
[deleted]
[+] [-] attacomsian|8 years ago|reply
Efty is already doing it.
[+] [-] tompec|8 years ago|reply
[+] [-] attacomsian|8 years ago|reply
You may get good feedback from the people who are in domaining business.
[+] [-] homero|8 years ago|reply
[+] [-] ForFreedom|8 years ago|reply
[+] [-] corobo|8 years ago|reply
Take the pain out of something and you can sell it.
[+] [-] inmean|8 years ago|reply