DNS Hosting Policies?

Cheeze asks: "What do other administrators do about domain registering? Where I work, we require to either be the administrative or technical contact for the domain. Before this policy was implemented, we had no way of knowing if we were the authoritative DNS for our DNS customers. Sure, we can probe whois every day, looking up every single domain, but that puts a heavy load on their servers and what usually ended up happening is there would be about 20% false DNS entries, causing our customer's grief. What do other companies do in this situation? Is that a common practice?" What other (or alternative) policies do DNS hosting services implement that you all like. Are there policies in place at some DNS hosting services that you think are unfair? Why?

"Our reasons behind implementing this practice :

1. Increased security - you can turn off the spammers when they violate your terms of service.
2. When they try to change domain name servers with their registrar, an e-mail is usually sent to the administrative and technical contacts. This is a good notification that you just lost a customer and can take the record out of your DNS.
3. You can hold the domain for ransom when/if the customer does not want to pay their bill (evil, but sometimes necessary)."

A necessary hassle these days

[Erisian]

The ISP I work for is in the process of implementing a policy like this. We haven't done this in the past due to the hassle factor, but people are registering domain names, forgetting their passwords and then yelling at us when we can't change their name servers.

Also, there have been a few cases where we got burned on web design where we created the site and didn't get paid. If we had their domain we would have. Evil? Yes. But then so is stealing someone's time and work.

Chris

Nominum Global Name Service?

[shub]

Folks,

At this point, I wouldn't consider doing anything without checking with Nominum (the company responsible for writing and maintaining BIND version 9).

These guys offer a service whereby they provide either primary or secondary nameservice for your domain, across their distributed cluster of redundant, fault-tolerant servers. Heck, the secondary service is even free (in all the various senses of the word).

I just wish they had a Dynamic DNS service, so that we could all kiss DynDNS.org and GraniteCanyon.com farewell for their incredibly crappy service.
--
Brad Knowles

Re:Nominum Global Name Service?

[MrPeach]

Dude, check out Centralinfo.net. They offer no cost DNS for simple configurations, and pretty cheap fee based DNS for more complicated configurations. I've been there a while and emailed them a time or two and every time, even when it was a boneheaded question, they got back to me promptly. Do you know of anyone who has ever gotten a reply from GC??? Also, their domain records update *immediately*!!! Your cable modem gets renumbered - no problem. You're back up within the hour (given that expiration times on remote systems will expire whenever they do).

Re:Nominum Global Name Service?

[TBone]

Spammed? Don't sign up for lists...I get about 1 Email from them a month, and it't Tim's monthly info mail. If one mail a month is too much for you, then you don't really need Email. DynDNS work well with a home-brew perl script I wrote to do my own Dynamic DNS updates to make my mail server and such appear as the name I want them to be, not the name my Cable Modem provider picked.

Re:Nominum Global Name Service?

[nathanm]

Just checked them out. They're not accepting any new zones due to abuse of their services.

Re:Nominum Global Name Service?

[nathanm]

Just checked them out. They require you to put banner ads on your website. No thanks.

Ransom? I don't think so.

[ers81239]

I just got done transferring a domain from an ISP who was trying to hold the domain hostage. If you are the registrant, you can change anything you want by fax (with Network Solutions, at least). It is a pain in the ass, but it works. Look at Network Solutions Forms for more info.

Why?

[qux.net]

Why the issue of wanting to be a contact? I see a couple situations:

• If they spam or something you can drop the zones from your DNS servers or change it to a system with explanations of what happened (where would you change their listed servers to if you could?). If they change away, who cares? If you tried to hold the domain they could quite possibly sue you...
  
• If they don't pay their bill you can change the zone to point to your main servers (make it part of the policy). Then their domain and any advertising just benefit your site by drawing more customers (depends on the type of site it was, but there's probably almost always some traffic you'd like).
  
• If they change to different servers, but don't tell you. If they're still paying, who cares? You use a few K of RAM and no traffic and get paid...
  
  What am I missing?

What we do

[Nobelium]

One of the companies I work with does some cybersquatting (the legal form), and to keep track of their 4,000+ domains they do DIG queries to monitor ownership. In our case were worried that people hijack the domains from us. Now to save the root servers the work, we've signed up with Network Solution's Root Zone program. Every day (or whenever needed) we download about a gig of data and it provides us with the ownership information. That may work for you also.

Re:What we do (more)

[Nobelium]

Oh, and I'm very against having an ISP in my technical contact record. A few years back (about 8) I was hosting a business site for some company I was doing design for. After a while that business customer wanted to hire a new designer. I registered the domain for the company and thus had ownership. But the company just called the ISP I was hosting with and had them change ownership to them. And because the ISP was on the record, they could do that. Since then I make sure I stay away from companies that force me to have them as technical contact.

What we do..

[schon]

We require being the Technical contact for domains we host, becase we are the technical contact for the domain.

Administrative contact should be the customer - this is who actually owns the domain. If the customer owns it, they should be the Admin contact.

The reason that you are the Technical contact is so that you can make changes. If you change your DNS servers (add/remove/replace one) you should be updating the DNS record - it's your job, not the customer's.

But more about your reasons:

1.Increased security - you can turn off the spammers when they violate your terms of service.

This is crap. If they violate the TOS, you just drop the zone. It's faster (root server changes happen every 12 hours - '/usr/sbin/ndc reload' is _MUCH_ faster.), and you don't need to screw around with a third party.

2.When they try to change domain name servers with their registrar, an e-mail is usually sent to the administrative and technical contacts. This is a good notification that you just lost a customer and can take the record out of your DNS.

This isn't really an issue either. First, you should contact a customer before deactivating their zones (DNS hijacking, anyone?) Second, if a customer were to change service providers and not tell you, then it's their domain that's screwed. It's their responsibility to notify you; you shouldn't need to keep checking.

3.You can hold the domain for ransom when/if the customer does not want to pay their bill (evil, but sometimes necessary).

I don't think this is necessary at all. If they're not gonna pay you, pissing them off probably won't help the situation. If the domain is part of a trademark (or the domain is registered in their name), they can just go to Network Solutions and get it yanked anyway.. but even then, holding the domain for 'ransom' is an act of bad faith - if they're inclined, they could probably sue you. (And the fact that they owe you money will probably be overlooked by a judge, unless your contract explicitly states that you can do this - where I live, once you've extended them credit, you can't hold their property without prior written consent.)

Yes, you should be the Tech contact for all domains you host, so that you can make changes to the domain, not for the reasons you listed.

Re:What we do..

[Cheeze]

1. when i meant turn off the domain, i mean disable it in our dns and not allow them to do a registrar isp change. if spamming is illegal, all of that will be evidence. i think if every dns administrator was that BOFH-ish, i probably wouldn't have 300 spam's a day in my inbox.

2. i currently run a name server that does dns for about 650 domains. we do dnsing for free if we host your web site. more often than you would expect, people try to abuse this and send in a request to stop web hosting, and then a dns change. this equates to free dns hosting. any profitable company is not into giving away services for free with zero return.

3. if the customer does not pay their bill, they can just switch to a different providor. this does not mean you will ever see your money. they are more inclined to pay if you hold the domain hostage while they figure out that your company has been slighted.

that would be a great lawsuit. if you take your car in to get it fixed, and you don't pay the repair people, what happens? they keep your car until you pay. you cannot expect to just walk up there and take it from them. it becomes collateral at that point.

dns/web/mail hosting is a big business. there is almost no recourse for the people that abuse it. what good is a court if you are slighted a mere $50? of course, if 100 people slight you, that's $5k you didn't make that year because of your own policies. what a waste.