Two years ago I registered the bejtlich.net and taosecurity.com domains through DomainDiscover. Since then I've used GoDaddy to register new domains like taosecurity.net and taosecurity.org (the latter after seeing that domain attributed to me in the new book Security Sage's Guide to Hardening the Network Infrastructure). I liked using DomainDiscover because they offered free email forwarding, but their $25 domain renewal fee seemed excessive.
GoDaddy offers domain name transfers for $7.95, which is excellent, but no free email forwarding. I decided to use ZoneEdit to host DNS records for the bejtlich.net, taosecurity.org, and taosecurity.net domains. ZoneEdit offers free email forwarding when you set up DNS records. Essentially, once I transfered or already had domains registered with GoDaddy, I changed the GoDaddy WHOIS records to list name servers owned by ZoneEdit. For example, here is my WHOIS record for taosecurity.net:
orr:/home/richard$ whois taosecurity.net
Registrant:
Richard Bejtlich
7799 Leesburg Pike Ste 1100S
Falls Church, Virginia 22043
United States
Registered through: GoDaddy.com
Domain Name: TAOSECURITY.NET
Created on: 07-May-04
Expires on: 07-May-05
Last Updated on: 11-Jun-04
...edited...
Domain servers in listed order:
NS18.ZONEEDIT.COM
NS8.ZONEEDIT.COM
Using dig, we can see the DNS records for taosecurity.net:
orr:/home/richard$ dig @ns18.zoneedit.com taosecurity.net -t any
; <<>> DiG 8.3 <<>> @ns18.zoneedit.com taosecurity.net -t
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3126
;; flags: qr aa rd; QUERY: 1, ANSWER: 7, AUTHORITY: 2, ADDITIONAL: 0
;; QUERY SECTION:
;; taosecurity.net, type = ANY, class = IN
;; ANSWER SECTION:
taosecurity.net. 2H IN A 216.98.141.250
taosecurity.net. 2H IN A 207.234.129.65
taosecurity.net. 2H IN MX 0 mail3.zoneedit.com.
taosecurity.net. 2H IN MX 0 mail4.zoneedit.com.
taosecurity.net. 2H IN NS ns18.zoneedit.com.
taosecurity.net. 2H IN NS ns8.zoneedit.com.
taosecurity.net. 2H IN SOA ns18.zoneedit.com. soacontact.zoneedit.com. (
1087014650 ; serial
4H ; refresh
2H ; retry
1w4d ; expiry
2H ) ; minimum
;; AUTHORITY SECTION:
taosecurity.net. 2H IN NS ns18.zoneedit.com.
taosecurity.net. 2H IN NS ns8.zoneedit.com.
;; Total query time: 68 msec
;; FROM: orr.taosecurity.com to SERVER: 65.125.227.35
;; WHEN: Sun Jun 13 19:06:42 2004
;; MSG SIZE sent: 33 rcvd: 233
With mail3 and mail4.zoneedit.com handling email forwarding, I can send messages to richard@taosecurity.net anywhere I like. If I relied on GoDaddy's extra email forwarding service, I'd have to pay an extra $10 or similar per domain.
If you're transferring an existing domain, I recommend taking these steps:
0. Disable any "zone transfer denial" preferences at your registrar. This caught me and delayed the transfer process until I told DomainDiscover to allow transfers.
1. Create zone records at ZoneEdit.
2. Change the DNS server entries at the existing registrar to point to the ZoneEdit DNS servers.
3. Change the contact information at the existing registrar to point to an email account outside of the domain being transferred. A Gmail or Yahoo! email account is perfect for this purpose.
4. Create the email forwarding records at ZoneEdit.
5. Request a zone transfer through GoDaddy.
6. Follow through on the zone transfer messages sent to the contact email on file at the original registrar.
7. Eventually the new name server information will propagate through DNS and outside parties will be able to contact you again.
As an added bonus, GoDaddy automatically performs a one year renewal for transferred domains. Since bejtlich.net was about to expire, I got a "free" renewal (although the transfer fee is basically the same as a new domain registration fee). If you're wondering how I handle email for taosecurity.com, I let the company hosting www.taosecurity.com, Niuhi.com, advertise MX records and run the domain's mail servers.
Of course, if I weren't a Comcast cable modem subscriber worried about seeing port 25 TCP blocked, I might operate my own email servers. I looked into DSL through SpeakEasy but only IDSL was available. Impressed by SpeakEasy's customer service and the prospect of static IPs, I readied myself for the high cost and low bandwidth. Eventually the IDSL plan fell through due to "no facilities available in the ILEC" -- after, of course, I had already bought an IDSL modem on eBay!
0 komentar:
Posting Komentar