
Show HN: Park your domain name with just 2 DNS records - tompec
https://www.domdb.com/
======
floatingatoll
It's important to remember that "just" DNS records are anything but "just"
safe. Keep in mind that when you do this, you grant a third-party organization
the ability to 'vouch' to anyone that they 'own' your domain or a URL at it,
as long as the 'vouch' test supports [http://](http://) or
[https://](https://) URLs.

This is the case for all web-hosting everywhere on the Internet. I host all of
my domains through third-party providers, knowing and accepting the above-
described risk. I consider it so low likelihood and of only medium impact if
something ever occurs. The value is immense, the time spent is small, and the
tradeoff worth it.

Imagine if someone phoned up your IT department and asked them to fix the MX
record due to a mail server outage. Would you notice if your Received headers
added a hop you weren't familiar with before? How long would they be able to
record your company's email before someone noticed?

So I encourage taking DNS with absolute seriousness, and careful consideration
of changes, and _never_ simply assigning "just" 2 records to anyone, ever.
Given 2 records, someone can do a lot more damage than any website hack ever
could.

ps. "IN TYPE15" or thereabouts is another way to state "IN MX", to further
convey why it can be very dangerous to follow instructions. Most admins would
pause at an MX change, but most wouldn't think twice about a custom "TYPE15"
record 'not supported by BIND yet', given sufficient verbiage.

~~~
Illniyar
Keep in mind that this is an A record (and a TXT one) not an MX record, the
only thing they can do with it is change the content of the site (which is
what you want them to do).

Tough I've known extremely incompetent IT support, I think even they would be
suspicious of someone proving his identity by making a "this is me" html page.

~~~
stevekemp
Email will fall back on an A-record if there is no MX record present...

~~~
gramakri
Never heard of this behavior before but you appear to be right -
[https://stackoverflow.com/questions/1666807/email-
validation...](https://stackoverflow.com/questions/1666807/email-validation-
mx-lookup). TIL

------
Arkanosis
Sorry for being that guy, but seeing all the enthusiastic responses on HN, I'm
wondering…

Am I, in 2017, the only one left thinking that domain parking is a harmful
activity? Like… the DNS equivalent of patent trolling…

~~~
corobo
Honestly depends on the situation I feel. If people are just registering up a
bunch of valuable names then yeah I'm not a fan.

The other kind of person is (like me, so bias) the type who register domains
with a project in mind but time or resources don't get funnelled to the
project so the domain may as well be released back into the wild - In this
case the domain still has however long it's registered for left on the
registration and will likely be scooped up by a domain drop bot by the first
kind of domainer. It's always nice for a failed project to at least break even
through the domain sale.

When killing off projects I usually try to find someone who might like to own
the domain and offer to push it to them gratis if they've got an account on
the same registrar if the domain's going to expire within 6 months or so

~~~
pavel_lishin
> _The other kind of person is (like me, so bias) the type who register
> domains with a project in mind but time or resources don 't get funnelled to
> the project so the domain may as well be released back into the wild_

The third type of person is one who comes up with - at the time - a hilarious
sounding joke, registers
[http://www.cannedgoat.com](http://www.cannedgoat.com), and then continues to
renew it year-after-year for sentimental reasons.

Besides, who's going to buy cannedgoat.com off me? Might as well keep it from
being a GoDaddy banner site.

~~~
marklyon
I'll happily offer $50.

------
raulk
Careful. Pointing your A record to a third party allows that party to use HPKP
[1] with a long expiry period and never give you the key, potentially nuking
the domain (for anyone who has visited it before you sell it).

[1]
[https://en.m.wikipedia.org/wiki/HTTP_Public_Key_Pinning](https://en.m.wikipedia.org/wiki/HTTP_Public_Key_Pinning)

~~~
DaiPlusPlus
This is a pretty serious attack - is there really no way to mitigate it? An
arbitrary HTTP header is pretty low on the totem-pole of trust, so why don't
they periodically check DNS records for corroboration?

------
corobo
Other than the "secondes" my only real feedback is the price - Charge more!

I think you may be underestimating a little just how many domains people have
if they're in the business of selling them!

~~~
tompec
Oh yeah... Sometimes I mix up my french/english :P About the price, you're
right, but I'll probably make different plans. Thanks for the feedback!

~~~
sowbug
Also "set up" is the verb form, and "setup" is the noun form. Similar:

Log in with your password, and login will be complete.

The signout process causes the user to sign out.

I will pick up some rocks with my pickup truck because someone asked for a
rock pickup.

------
r1ch
You may want to look into adding a CAPTCHA or some other kind of spam
prevention system to the contact form. Spambots these days will fill in any
contact forms with all kinds of spam.

If you're remailing those contact form responses through your server to the
domain owner, these spambots will damage your IP reputation and legit
inquiries might start getting blocked.

~~~
tompec
I just did, thanks!

------
ThePhysicist
I'm curious, why do you ask your users to create an A entry for this? I think
a CNAME/ALIAS entry to the domain of the service would be a safer choice in
case you should be forced to change your IP address (e.g. if you change your
hosting provider), which would currently force all your users to update their
A entries. Also, using a CNAME domain would allow you to hide your IP address
behind a CDN service like Cloudflare, which can be handy sometimes (e.g. for
DDoS protection).

~~~
ShakataGaNai
DNS spec doesn't support CNAME on the Apex record (ex your domain sans www).
Alias isn't commonly supported by a lot of services yet either.

~~~
majewsky
I saw this as well when using a self-owned domain with Github Pages. Any idea
why the spec forbids it?

~~~
bluejekyll
It's mostly due to ambiguity. Think of it like a directory, you can't have a
file with the same name as a directory in a path, because operations on that
name and path become ambiguous.

Zone SOAs are very much like directories on a filesystem.

------
kf5jak
Maybe I just couldn't find it, but it would be nice to see a template or
example of what the parked page would look like.

~~~
i4i
[https://www.domdb.com/img/landing.jpg](https://www.domdb.com/img/landing.jpg)

------
fireworks10
Cool project. We do something very similar with an internally made lander for
our domain portfolio, and it works well. Lots of serious buyers contact via
e-mail listed on whois too.

One thing very useful is to have analytics, perhaps you could add a feature
for users to input a Google Analytics tag (UA-000000).

Side note: for anyone who actually wants to sell/buy a domain in a private
transaction, I highly recommend Escrow.com as an escrow service.

~~~
tompec
Hi, thanks!

I planned to add more options to customize the landing page, including adding
the GA tag ;)

Thanks for the tip!

~~~
fireworks10
Also if someone enters a path other than the index nothing catches the 404. At
the least you should have a redirect. :)

[http://backdoor.fr/123](http://backdoor.fr/123)

~~~
tompec
It's fixed ;)

~~~
homero
What about subdomain?

------
amingilani
Thank you so much. I acquired blackmail.io as part of a, now defunct, project
and had been meaning to put it up for sale. This was the perfect lazy solution
for me :)

Tips for pricing your domain:

1\. Think of how attached you are to the domain

2\. Think of how much you think you'd be willing to pay for the domain in the
open market

3\. Think of how much the cleveriness of the domain name is

Add all these values together, and multiply it by 2.

------
sigi45
Don't like it. There are not enough good reasons to 'park' a domain.

------
compuguy
I like it, but I wish there was an option to just park it without saying it is
for sale.

~~~
tompec
I'll add this feature really soon!

~~~
homero
This is what I want and without registration. Just a welcome to blank.com

------
dewey
Is there also a way to do it without the price? Putting a price on it directly
will either cause people to not bother if it's too high for some side project
or make it too cheap if some huge corp wants to buy it.

~~~
tompec
Yes, just do not specify the price, and it won't appear.

------
drefanzor
Hi, nice and simple site. Thanks! Maybe in the future can you give analytics
as to who is visiting the site? That way we can get an idea of the
demographics of who is going to which domain? (paid feature maybe)

~~~
tompec
Great idea. Would you prefer to have basic analytics in the dashboard, or
being able to add Google Analytics and have better analytics from GA
dashboard?

~~~
rdslw
you are selling and marketing simplicity 'just 2 records'. if you want to
stick to the 'simplicity' audience, provide it to them without asking them to
configure.

------
dola
Cool idea. I hope you somehow confirm the listing on the dashboard, otherwise
someone can just list some domains under your username to cost you money ;)

------
echan00
Has anyone tried this service? I haven't had much luck setting this up... and
I'm fairly certain I have the DNS setup accordingly.

~~~
tompec
Hi, please use the contact form on the website for support.

------
attacomsian
Look nice. Why not allow users to list their domains and setup prices in
dashboard instead of TXT record?

Efty is already doing it.

~~~
attacomsian
I shared domdb with NamePros community(the biggest community of domainers):
[https://www.namepros.com/threads/domdb-park-your-domain-
in-l...](https://www.namepros.com/threads/domdb-park-your-domain-in-less-
than-15-seconds.1037674/)

You may get good feedback from the people who are in domaining business.

~~~
tompec
Thanks, appreciated!

------
homero
I spent weeks searching for free dns parking. Ended up just removing the name
servers. I'll try this!

------
ForFreedom
Interesting.. Why would someone want to park domains when web hosting is
available for $3.xx/mo

~~~
corobo
People parking domains often have lots of domains. This sort of thing also
gives you a prebuilt "contact me" sort of thing which can be a minor pain.

Take the pain out of something and you can sell it.

------
inmean
This services could transform to One Page hosting services.

------
futhey
Nice! Curious as to the name though. Why DomDB?

~~~
tompec
I had the domain since a while and was not using it. So instead of searching
hours for a name, I just used what I had :D

------
kyledrake
Raise the price. $5/mo minimum.

------
tomascot
Great idea.

What do you use to read the records?

~~~
tompec
Thanks! I use this little PHP function dns_get_record() ;)

~~~
homero
That's why I love php!

