Slashdot Mirror

Oh yes, well i have that and recently recieved this email from them ANYWAYS:

----
Dear Dyn Customer:

Your Dyn account '???????????', has DynDNS free hostname(s) that are due
to expire in 5 days. Note that DynDNS free hostnames are deleted after 30
days of inactivity.

You can prevent your hostname(s) from expiring here:

https://account.dyndns.com/confirm/????????????????

If you wish to keep your hostname(s) active and not risk missing email
notifications like this one, purchase a DynDNS Pro upgrade today.

http://dyn.com/dns/dyndns-pro/

If you no longer need your hostname(s) or don't know what this email is
for, you may simply allow expiration.

Thanks,
dyn.com
twitter.com/dyninc

*** Please do not reply to this email. If you have additional questions,
please visit http://dyn.com/support/ ***
-----

And this domain is updated daily by my pfsense. No big deal, its just a backup incase my regular dns goes down. But i have had the domain since something stupid like 1999 so i am somewaht attached. Not 20$/yr+++ attached mind you.

It may be possible that my client wasnt working(we'll see if i get another one next month), but do you want to take that risk with only a 5 day grace period in which to realize your error?

Their entire home page seems more inclined to make money now. There is one tiny link for support. No account page or anything. Pfsense is good because i can switch to about 9 different dynamic dns providers, but still annoying. Wikipedia also says that dyndns was originally released as an "open system" with many home router companies signing on. In that case, it wasnt as if these home router companies were freeloading, as some have sugested in earlier posts.

Your DYNDns.com website does not make it particularly clear that you support DNSSEC on your domain registration product.

You provide the documentation for setting up DNSSec for a domain on http://www.dyndns.com/support/kb/implementing_dnssec.html, but you don't mention how to submit the information needed for DS records, so you can submit the DS records to the Registry for inclusion in the TLD zone. That page appears to not have been updated in a while, which is probably why it lacks that information.

I would also recommend that you mention DNSSec on this page, probably right after you talk about Glue Records, since DS records are similar in that they are added to the parent zone, and like glue records they are only needed if the domain is set up a specific way (namely set up to support DNSSec).

Your DYNDns.com website does not make it particularly clear that you support DNSSEC on your domain registration product.

You provide the documentation for setting up DNSSec for a domain on http://www.dyndns.com/support/kb/implementing_dnssec.html, but you don't mention how to submit the information needed for DS records, so you can submit the DS records to the Registry for inclusion in the TLD zone. That page appears to not have been updated in a while, which is probably why it lacks that information.

I would also recommend that you mention DNSSec on this page, probably right after you talk about Glue Records, since DS records are similar in that they are added to the parent zone, and like glue records they are only needed if the domain is set up a specific way (namely set up to support DNSSec).

DynDNS do support DNSSEC (and although they are more expensive than GoDaddy, they don't try upselling you every step you take).

http://www.dyndns.com/support/kb/implementing_dnssec.html

https://www.dyndns.com/account/services/hosts/add.html
I am sure many others out there as well.

I had about 30 domains with GoDaddy, and was very unhappy with their user interface and customer service. I wanted to be able to make mass changes to the domains, such as name servers. I tried a few different ones and settled on gkg.net. It's not the prettiest, but it's inexpensive and reliable, and the website UI is simple (no crazy Ajax, Flash interface, browser requirements, etc). For my highly important business domains, I went with DynDNS, which is slightly more expensive, but has a clean and beautiful site, offers various other services I use, and has a theoretically more reliable infrastructure, since they run DNS and registration for big names. I've been very happy with both.
Oh, and I also had a virtual server with GoDaddy, which I switched to Linode, and SSL certificates, which I switched to theSSLstore.com. Extremely happy with those too. And extremely happy to finally be rid of GoDaddy.

This only works if there's an assured/static IP address on the home network. Lots of them change and you never really realize it unless you're doing home access.

That what dynamic DNS is for.
e.g DynDNS

Should I be using a different registrar for cheap domain registration? Who is cheaper?

Are you squatting on domains? If so, stop that. If not you can afford the $15/yr that a reliable/competent outfit like DynDNS will charge.

The ENUM proposal is essentially asking for DNS lookup as a public service run by government or other regulatory bodies. First of all, as you said, why don't we just use names? And second, I'm not sure we want public DNS run by government or regulatory bodies. We already have community-run free DNS service such as http://freedns.afraid.org/ or commercial free service like http://www.dyndns.com/ or http://www.zoneedit.com/. If you're worried that free services would go away, a lot of domain name registries are also offering DNS service at nominal fee, and they would be less likely to vanish. Several people can share the cost of a domain.

All people need to do is to find creative uses of domain names. I think this is the hard part.

Oh, well yeah, my router has a built in dyndns.org update script on it, that must be it.

Mine did too, and two days after I enabled it I got blocked for abusive updates. So even if the router says it will... I’d check the compatibility list and the incompatibility list.

(After I turned off the router feature, I got my account unblocked and kept on using a software updater.)

Oh, well yeah, my router has a built in dyndns.org update script on it, that must be it.

Mine did too, and two days after I enabled it I got blocked for abusive updates. So even if the router says it will... I’d check the compatibility list and the incompatibility list.

(After I turned off the router feature, I got my account unblocked and kept on using a software updater.)

If you have an update client that sends us at least one IP address update every 30 days, that will also prevent the account from expiring. Otherwise, it will require a login every 30 days onto our web site.

Chris Gonyea
DynDNS Support http://www.dyndns.com/support/

WTF are you talking about. My free domain name through dyndns still resolves fine and they still offer free DNS on their front page. Put the crack pipe down.

uhm, i'm pretty sure they still do...as I use it and http://www.dyndns.com/services/dns/dyndns/ says they still do

The Google is not providing malware & phishing blocks and parental/SFW controls.
DynDNS's redirects are honest searches, not ad-choked.
https://www.dyndns.com/services/dynguide/
http://www.opendns.com/

Setup OpenDNS servers in resolv.conf.

Go into Firefox.

Type something in location (URL) bar.

What is that?

The Google is not providing malware & phishing blocks and parental/SFW controls.
DynDNS's redirects are honest searches, not ad-choked.
https://www.dyndns.com/services/dynguide/
http://www.opendns.com/

Unless you have a dynamic IP address, where you're still confined to somebody else's mail server for sending email out...

DynDNS.

Yes.

These guys do it on a semi-permanent or temporary basis for free, and I'm sure that is more computationally expensive than otherwise. Why should it cost so much money for a permanent one?

...and yet, once again, I'm late to the Ask Slashdot party, but here we go...

I, too, just got a BB device and I've just started enjoying this today: Using the port forwarding options of your home router, forward port 80 to a combination file/web server. and use a Dynamic DNS (aka DDNS) service like DynDNS so you can refer to your home machine by URL instead of IP. Some routers support automatic updating of your IP address with DDNS services and DynDNS even provides a tool to do it for you. Once your port forwarding/DDNS is set up, make some kind of index.html/php/py/etc. file in your web-root so that directories are not immediately apparent and then also in your web-root also make soft links to your audio collection and any other files you may want to access with your Blackberry device. This means that I have instant access to all 24GB of my audio collection on a device that would otherwise support a meager 1GB of files. If you're concerned about your ISP yelling at you for sharing your MP3s with the world, setup SSL with Apache and access your files using s://domain.abc.xyz>.

You can also enable SSH on your server and forward port 22 to your home machine to be able to manage access to these files using your MidpSSH install.

I use the free dyndns service. App runs on startup/in background and updates IP to their servers. A free domain they provide (username.some-provided-domain.com) then resolves to your computer's current ip (or the ip of the router it is connecting through, anyway)

http://www.dyndns.com/services/dns/dyndns/

I imagine if the thief didn't format the laptop this is what happened.

If you buy their Account Upgrade (at a whopping $11.50 a year), they won't expire. Seems like a small price to pay to me. *shrug*

http://www.dyndns.com/services/upgrades/

Actually I have had two accounts 'vanished' by DynDNS now and would never use them again, including one that has been with them for about 8 years first using their dyndns service and more lately (over the last few years) using their staticdns service. Both appear to have been clobbered by their 'stuff must get updated at least every 30 days' policy [1]. Which of course makes utterly no sense for a staticdns service. The staticdns account was for a domain with a PR of about 5 (it was on the air and highly linked-to for over seven years...), so I was understandably upset to see it suddenly vanish off the air one day with no warning whatsoever.

Totally unimpressed, I would never, ever touch them for things I cared about again.

[1] Read the first couple of sentences of the second paragraph on this page:
https://www.dyndns.com/account/resetpass/index.html

This is absolutely true... and they don't just suspend it with a warning, they just flat out and immediately delete. Giving everyone your IP address would be less painful than dealing with those people.

Yeah. One of the most reliable and ethical operators in the business.

This seems like an appropriate link.

I run a mailserver off my DSL connection. Certainly, the network uptime is only ~90%, but I compensate for this with backup MX from DynDNS

Works well enough for my needs. If I were starting from scratch today, I'd just use Google Apps (sorry to be redundant).

Mailhop Forward and Mailhop Outbound. Cheap, efficient, nobody will know you're using either of them.

Outbound is simply an SMTP server that you can use. Forward is a mail server. You just add the appropriate MX records to the DNS.

http://www.dyndns.com/services/mailhop/outbound.html
http://www.dyndns.com/services/mailhop/forward.html

Mailhop Forward and Mailhop Outbound. Cheap, efficient, nobody will know you're using either of them.

Outbound is simply an SMTP server that you can use. Forward is a mail server. You just add the appropriate MX records to the DNS.

http://www.dyndns.com/services/mailhop/outbound.html
http://www.dyndns.com/services/mailhop/forward.html

Check out the 'PERFECT SERVER HOWTO' on http://www.howtoforge.com/ for your preferred distro. It is all you need for what you want to achieve and 'ISPconfig' costs nothing (unlike some other control panels).
I can only speak of the 'Fedora' 'HOWTO' - you should get good results and have fun doing it.
You only have to have one friend that pays to make your virtual server hire significantly more affordable, chances are that they will not be hammering the server and once you have put in some work getting them setup it will just be a matter of collecting the fees.

I see what the naysayers are saying, however, if you do pick up those 'artist', 'photographer' and other not-so commercial projects you will have an excuse for staying in better touch with people you might otherwise not stay in touch with.

Even if it takes you a whole weekend of fettling I think the effort will be worth the while, have a go with 'ISPconfig' as per tried-and-trusted instructions and take things from there, one project at a time:

http://www.ispconfig.org/index.htm

http://www.howtoforge.com/fedora-8-server-lamp-email-dns-ftp-ispconfig

You might also be interested in getting a few extra domains to practice with. You can get dynamic ones for free at http://www.dyndns.com/ and check that everything (including email) works. Note that you will have to look in your junk email for emails from a dyndns address.

I've had good luck with http://www.dyndns.com/ but my needs are minimal. I use their free service and have one of the 'is-a-geek.com' dynamic dns addresses and I have a couple of domains registered with a 'web hop' to redirect to another website.

You may have at one point been flagged as being 'infected with a virus'. This is when my comcrap connections always got nuked (I host a mailing list). But instead of filtering just outbound, they would kill everything.

I got tired of fighting with them (and after the headaches they caused with my overpriced business class connection when they took over for the ISP they bought out I was not going to pay for that service again), and discovered DynDNS's mailhop outbound and mailhop relay services. Problem solved. You can have stuff forwarded in on a nonstandard port and sent out that way too.

http://www.dyndns.com/services/mailhop/outbound.html
http://www.dyndns.com/services/mailhop/relay.html

You may have at one point been flagged as being 'infected with a virus'. This is when my comcrap connections always got nuked (I host a mailing list). But instead of filtering just outbound, they would kill everything.

I got tired of fighting with them (and after the headaches they caused with my overpriced business class connection when they took over for the ISP they bought out I was not going to pay for that service again), and discovered DynDNS's mailhop outbound and mailhop relay services. Problem solved. You can have stuff forwarded in on a nonstandard port and sent out that way too.

http://www.dyndns.com/services/mailhop/outbound.html
http://www.dyndns.com/services/mailhop/relay.html

DynDNS. $15/yr, no hassles, nice web interface. I have most of my clients using them. Froody NH-based company, even support. They support our local LUG and business incubator.

This isn't meant as one of those haughty, holier-than-thou remarks that it might initially sound like: The best solution is to run your mail user agent yourself, on your own hardware. Really.

These days it's easy to find an old PC or Mac / Soekris box / Linksys router and install OpenBSD or Linux on it. Then you not only have a more powerful and secure router than you started out with, you also have a general-purpose Unix server at your disposal; set up a free dynamic DNS account from DynDNS.com or the likes (in conjunction with the ddclient update script from the OpenBSD ports tree or Debian repositories) and OpenSSH, and you have a secure and efficient way to log into this system from anywhere on the public Internet. That's one step away from a remote access mail client with far greater security than any web-based company will provide you.

A few pointers:

• Set up daily, automatic backups of your mail folders with rsync! Don't lose your mail.
• You'll need a command-line mail user agent so that you can access all this by SSH. Mutt is my favorite, but others swear by Pine or the Emacs client.
• You can use msmtp to relay, and fetchmail to download, your messages from a remote server; or you can set up your own mail service if your ISP allows it. Consider using procmail to sort incoming messages.
• Configure S/KEY passwords on your home server: this way you can login from a somewhat untrusted client, yet rest assured that your password cannot be surreptitiously cached and used again.
• Access your mail on the server as a non-wheel user. Now even if somebody does compromise that account (a risk that is, in my opinion, far lower than the risk taken in using web-based systems), they will not have immediate control over the entire system.
• Carry Putty around with you on your USB memory device, in case you need to login from a Windows client. Putty is much smaller and more manageable than keeping your own personal copy of Firefox, and it will happily run from the USB stick without any installation or modification required.
• Install GPG on the server and import your keyrings.

This approach has a number of advantages over using any third-party web based system. The most obvious one is that in this configuration, GPG runs entirely on the server, keeping your encryption keys safe from untrusted clients. Also, because you are not using a web application, this system is immune to CSRF and XSS attacks. And OpenSSH offers a wide variety of authentication options, many of them far more secure in real-world scenarios than the simple username/password schemes implemented by most web apps.

Real information security takes real work, and as Hushmail has so kindly demonstrated for us, it isn't sound to exclude your own hosting company from your threat analysis. Why not simplify things and host part of your mail system yourself - the part that matters, where your encryption keys are stored and your messages are cached. Sure, it won't protect you from every vector of attack; but if your system does get attacked, it will be much more difficult for the attacker to do so entirely behind your back.

I'm not claiming that such a setup is for everyone. But if you want better security than what Hushmail was able to provide, this is what you need to do. If this is more work than you're willing to put in, it important to realize what you're giving up, and that there are no vastly "better alternatives" in the web-based secure email cottage industry. Or in other words: if you want something done right, do it yourself.

or DynDNS

I have been a digital cable, digital phone and digital roadrunner user for at least 8 years now. I just noticed this "issue" recently. I pay for Usenet access and noticed that downloads were going way slower then the 8 Mbps I pay Time Warner for (I pay an extra $9.95 a month to go from 5 Mbps to 8 Mbps). However, the "fix" is easy, just change ports for your Usenet client. The Usenet server I use NewsDemon offers many ports, just try each one until you get your speed back. I just switch to port 80, and wham, I am back to 8 Mbps goodness.

Their traffic shaping seems to only be port based. Another example is that my upload is 512 Kbps. However, I tried to set up a small website for family and friends and noticed that upload from my port 80 was dog slow. So I setup a free DynDNS.org WebHop service which sends all HTTP traffic to a different port. Wham, back to my full upload bandwidth. I also set Apache on my Mac to have a VHost on *:80 and *:5090. *:80 just redirects everything to *:5090.

I noticed the shaping for Bitorrent as well. I just use a client that doesn't use the traditional ports and now I can download Linux ISO's at a good speed again. Though personally I don't use Bitorrent much. Usenet is much safer if you want to "try before you buy". With Usenet, you are not uploading, no one has ever been sued for downloading only. Copyright right restricts distribution (uploading), not downloading.

I don't really see the reason for this shaping crap. Any some what technical user can bypass it by changing from the standard ports.

Not hard to get. I signed up for a Cox 'business' account...not much more than DSL was in the area (who before Katrina had said they ran out of static ips). No blocked ports, and not caps on bandwidth.

However, if you can't get a static ip, there are some services out there you can use to map external dns to your dynamic ip address. Something like this site will work for you...for free even.

Dude, don't let a blocked port stop you from running a server.
http://www.dyndns.com/services/mailhop/outbound.ht ml

You ever looked at this.... http://www.dyndns.com/ and their mail forwarding? I love it, and my email server can up and down whenever it wants without having my services interrupted.

I must have completely missed this outage. According to their status page there were some attacks against their update system, but I never had any issues resolving names, either for my domains hosted with them, or with my free hosts.

Of course, I'm not to keen on testing this plan, so I also keep locks on my laptops when they're home, or never let them out of my site when I'm out and about, but I think it's a good start.

> What is a reasonable registrar, these days?

I use DynDNS. I haven't had any problems with their domain registration (or hosting) services. Their refund policy is pretty good; pro-rated, no questions asked.

DynDNS has pricing rather than "prices". When I see that word, I think "pricey". Why should a domain name registrar be so expensive? What do they do with the money ($15 per year)?

I have a few domains up for renewal, and was considering GoDaddy. Not any more. I am sure slashot readers must control the registration of several million domains.

I'm real happy with DynDNS. They've always done right by me and my clients, their service always works, and since I've started using them some friends have gone to work there (based in Manchester, NH). They also have many free services and support work done in the open source community. $15/yr for registration - not the cheapest out there but cheaper than some. It appears to be the price necessary for good service. Normally if I posted this it would be followed up with posts by GoDaddy fans who rave about their service. :)

Why shut down your home system? Why not have it available as a server to make your life easier? I agree with other posters about using "offline" mode of Thunderbird and like clients.

In case you're thinking that you have a particularly repressive ISP...

My ISP blocks ports 80 and 25 - particularly irritating, if you ask me. My ISPs TOS, if read to the letter, would mean that multiple browser windows or tabbed browsing are inappropriate because it's more than one session over the broadband pipe.
 
I agree that it would be ideal if I could use every port I want, block the ones I want to firewall - but I'm too cheap to pay for that kind of access.
 
So I work around it. I use dyndns [dyndns.com] to create a pointer to my dynamic IP address. My ISP does not block https or ssh ports, so I leverage those to get what I want.
 
I use cron, fetchmail [berlios.de],
  procmail [procmail.org],
  spamassassin [apache.org], and
  postfix [postfix.org] to bring mail from my ISP to my local system.
 
I use uw-imapd [washington.edu] to share my mail with other computers on my home network
 
I use ssh and pine, or apache+php+MySQL+https (self-signed cert) with roundcube [roundcube.net] to get remote access to my IMAP server.
 
I use WinSCP [winscp.net] to get access to my files at home when I'm at work. My data is *MINE* and I easily back it up (nightly and offsite qurterly - snapshot backups coming soon thanks to rsnapshot [rsnapshot.org], perl and rsync)
 
Every tool that I use is free of charge and as free as the GPL and apache licenses are free (zealots can feel free to argue with someone else about the relative freedom of the GPL, thanks.)
 
I certainly could pay for more open TOS with an ISP - I could even host my applications at an ISP. I'm cheap, and this solution works well enough for me.
Hope you find a solution that works for you!
 
Respectfully,
Anomaly

My ISP blocks ports 80 and 25 - particularly irritating, if you ask me. My ISPs TOS, if read to the letter, would mean that multiple browser windows or tabbed browsing are inappropriate because it's more than one session over the broadband pipe.

I agree that it would be ideal if I could use every port I want, block the ones I want to firewall - but I'm too cheap to pay for that kind of access.

So I work around it. I use dyndns to create a pointer to my dynamic IP address. My ISP does not block https or ssh ports, so I leverage those to get what I want.

I use cron, fetchmail,
procmail,
spamassassin, and
postfix to bring mail from my ISP to my local system.

I use uw-imapd to share my mail with other computers on my home network

I use ssh and pine, or apache+php+MySQL+https (self-signed cert) with roundcube to get remote access to my IMAP server.

I use WinSCP to get access to my files at home when I'm at work. My data is *MINE* and I easily back it up (nightly and offsite qurterly - snapshot backups coming soon thanks to rsnapshot, perl and rsync)

Every tool that I use is free of charge and as free as the GPL and apache licenses are free (zealots can feel free to argue with someone else about the relative freedom of the GPL, thanks.)

I certainly could pay for more open TOS with an ISP - I could even host my applications at an ISP. I'm cheap, and this solution works well enough for me.

Respectfully,
Anomaly

We are in the similar situation having Exchange in-house behind a (quite stable) DSL line. Thankfully the DSL has been out only about 30 minutes total in our first year, but unfortunately our Exchange server can't say the same. We've gotten an amazing value using a backup mx service, which silently queues mail for us until our server returns. It works amazingly well-- once our server is back up, the queued mail comes flowing in. Its a beautiful thing.

We specifically use EasyDNS's DNS service which includes the backup MX service. We use their DNS Plus service which only costs about $40/year, and allows us to use their CLUSTER of backup MX servers (How cool is that!?)! Its also available on their DNS-only service (~$20/yr). I don't work for EasyDNS (just a happy customer). You can also get the same service from lots of other places as well.

Realistically, I think you need to use an external DNS service to do this for network outages (since other mail servers will need access to your domain's MX records to find to the backup MX servers). For us, this meant we needed to use a different DNS server inside our local network. The external dns points people to our mail server's public IP. The internal dns points to our internal ips.

Another note, we use PFSense as our firewall (great product!). Recently, I think I saw support for NAT Reflection was added (allowing internal machines to contact internal servers using a public IP address), which might negate the need for the "split" dns described above. Haven't tried that yet, though.

DynDNS.com. Of course, they're not a software company, but a network services company. But they've been a profitable private company since at least 2002.

http://www.dyndns.com/news/releases/archives/2003/ 11/288.html

It's not the first time that D-Link's crappy programming has affected a service. DynDNS.com last year started blocking all update requests that match a user-agent of client/1.0, beleived primarily to be several D-Link routers. D-Link has been mum on a response last I heard.

It's not the first time that D-Link's crappy programming has affected a service. DynDNS.com last year started blocking all update requests that match a user-agent of client/1.0, beleived primarily to be several D-Link routers. D-Link has been mum on a response last I heard.