My workaround for this was to add a TXT record for *.mydomain.com that just returns a string like "Unused". This seems to stop them from hijacking any subdomains, and it's not an A record so undefined subdomain names do not resolve, just like if you had not defined them in the first place.
(Workaround shouldn't be necessary of course, but this kind of bullshit is par for the course with cheap hosting companies.)
A workaround for this is to make *.example.com a CNAME for something.invalid. ".invalid" is a reserved TLD guaranteed not to exist so this should force all queries for non-existent domains to come back with NXDOMAIN.
I'm with gandi, there's a few things I don't like but overall they've been super stable with very little headaches. I think in the 3+ years I've been with them I've had one slight issue that was dealt with in <24 hours.
I typically just do a *.example.com @A record to the IP address, works just as well and would fix the specific problem in the link (unless he's worried about having to extract individual subdomains to go separate places later).
I ran into the same issue several years ago. Now I actively recommend against name.com because of this practice, which I consider very dodgy. Their support was unable to provide any real resolution to this and so I moved elsewhere. On recollection, I should have asked for my money back. Not for the meaningful amount that it cost, but to highlight how stupid this practice is. I'd encourage anyone with name.com to do the same as a form of protest.
A previous series of support emails:
I own the joshka.net domain registered with name.com.
When I attempt to resolve a subdomain that does not exist I expect this to
return a NXDOMAIN result.
Instead, the name.com name servers return an IP address of spammers.
How can I setup my account to return NXDOMAIN for this domain?
I have set your domain to a wildcard 'A' record, that accepts any
subdomain, and points it to your hosting IP address. I ran a 'dig' [ping]
command on 'stuff.joshka.net' as a test, please see the results below:
I think we have a slight misunderstanding. I do not want a wildcard A record
(and have removed the record that was setup).
Resolving any subdomain that I have not explicitly created a DNS record
should return a NXDOMAIN result.
This expectation is in line with ICANN's memorandum titled "Harms and
Concerns Posed by NXDOMAIN Substitution (DNS Wildcard and Similar
Technologies) at Registry Level" at
Providing this default wildcard service where it is not requested or
required is a disservice. I can't imagine why I would want or need this.
I apologize for the misunderstanding with the wildcard DNS record. We have had multiple customers request this in the past, and this feature was used with success in those cases. I have consulted our management team to see if there is a different option that we can provide you. Please look for a response concerning this issue tomorrow.
I'll look forward to hearing from you.
It's not the wildcard DNS itself that I couldn't see the use of. I
understand why that would be useful in narrow situations.
What I don't understand is why name.com provide the default wildcard A
record redirecting to a site full of advertising. I don't know how this
would be useful to any business or entity that does not want to use wildcard
subdomains of their own.
I understand that section 19 of the registration agreement seems to cover
this use of wildcards (though the wording is fairly vague), but it also
states "At any time, you may disable the placeholder page by updating,
modifying or otherwise changing the name servers for the relevant domain
Thanks for getting back with us. Yes you are correct, by changing the DNS or name servers for this domain, it will no longer point to the parking page.
I have discussed all options for allowing this wording to show, with our support management team, and the systems administration group. We sincerely apologize, however our DNS servers are not able to show the 'nxdomain' that you mentioned.
This option is possible should you wish to use your own custom name servers for this domain. Should you wish to setup your own name servers, here are instructions for registering these name servers from within your Name.com account
As an anecdotal counterpoint, I'm an extremely happy Name.com customer. I transfered several domains to them a year or so ago from GoDaddy. They support two-factor authentication, their interface is uncluttered, I pay them less money than I paid GoDaddy, and I haven't had a single issue. I would highly recommend them to anyone looking for a registrar.
That being said, I don't use them for DNS. If this is a feature of their nameservers, I do find it strange that they don't offer a way to opt out (other than using alternative nameservers).
I am still an incredibly happy Name.com customer and would recommend them as a registrar to anyone who asks. I just would point them somewhere else for DNS hosting.
In my case all of my domains are on name.com (and I haven't had a problem with them so far either); for my smaller personal sites the DNS is managed by my shared hosting provider and for others Route 53.
I don't quite understand why people have this allergy to running their own DNS. If you just want a single text file and don't need anything major, dnsmasq will serve records out of /etc/hosts. Slightly up the chain in terms of power, MaraDNS lets you use a text file, and finally there's PowerDNS (which I use) lets you use SQL databases, embed Lua, or read from a pipe. (Being able to use a regular RDBMS is nice for things like writing a little cron job to do your own dynamic DNS, or doing self-service hosting for people.)
If you've never done it, it is a couple of hours of reading and fiddling, but very quick if you have set up DNS before. I'm actually a bit curious about why people (even some sysadmins!) tend to spend time clicking on some clunky web interface to update records manually when it's actually easier to do it yourself. (Mail servers, on the other hand...)
> I really don't understand your thinking; I am the opposite. I respect name.com for being forward about it and not acting like a politician (treating me like a child).
I respect them for sharing their reasons. I think it is professional.
My issue is two fold:
- This kind of activity "breaks the internet" on the purest sense possible. It is against spec' for a very good reason, IT IS STUPID. Going to a null domain should give you a null reply. It breaks software and it breaks user's expectations (e.g. if you hit that page because you typo-ed the domain you might assume the domain has gone out of business or been "hacked").
- Their work-around(s) are silly. They are essentially "then use someone else" or "register every single possible sub-domain." No opt-out.
They might be very good at business and marketing but they fail on every technological ground you can fail. Someone who fails that badly at understanding the internet isn't someone I want running my DNS of all things...
Even worse; their customer agreement seems to indicate that you are responsible for the content. They also refuse to turn it off if you send them an email. What a shitty little company to be inflicting this on their customers.
I'm in the process of switching to gandi.net. It's not as cheap as name.com (3 dollars difference...), but their DNS service seems really topnotch. Also, they're open to acting as a secondary DNS server and mirroring my own NS via AXFR, which is pretty nice.
As i haven't seen them mentioned before in this thread i'll mention http://freedns.afraid.org/ - While i don't have any current experience, i've used them a few years back and they've also been top notch... Only downside is their interface which is showing its age...
The wildcard fix is annoying when you have everything on SSL but don't want to handle a wildcard cert. When someone typos https://foo.example.com I'd like the UX to be a browser's "could not connect to server" error, not "this site is untrusted, run away as fast as you can".
 IMO, the use of wildcard certs is a dangerous practice made obsolete by SNI.
 If the cert gets stolen from one server, the thief can impersonate any server on that domain.
Given that no means currently exists to safely hand out a certificate for example.org that can in turn sign separate certificates for arbitrary foo.example.org subdomains, some sites still need wildcards. If you hand customers their own subdomain, and you automatically mint new customer subdomains when new customers sign up, you can't get a separate CA certificate for each one even if SNI does work; you really do need a wildcard for that.
yes, you can enter a wildcard record yourself, and that will override the name.com wildcard. Is it irritating that they do that? Sure. Should they be doing? probably not. But it does have a pretty simple fix.
Personally, I use a third-party dns service. Seen too many registrars play with DNS. Don't know why anyone would trust them.
"I don't know about you, but i give everyone the benefit of doubt and unless someone violates this trust, i'd think most people do too."
True.. and I used to trust registrars to manage my DNS.. but over the years, this is at least the 3rd or 4th time this has happened with a registrar I am on (yes, I have domains at name.com).
Since I don't have time to interrogate every registrars DNS server when I sign up, I just assume it's useless these days. + I end up having to pay for a DNS service anyway, to avoid the bad registrars DNS.. so it's easier to use a single DNS service for all of the domains.
This is what happened. For example, I previously gave Name.com the benefit of the doubt and sent them an email asking them to fix the issue. They did not, so now I mention this every time I see their service mentioned. They are scum just like GoDaddy but on a lower scale.
All domain names registered via Name.com will automatically be provided a Parked Domain Service. All domains will default to our name servers unless and until you modify your default settings. At any time, you may disable the placeholder page by updating, modifying or otherwise changing the name servers for the relevant domain name.
Domain names using our Parked Domain Service may display a placeholder page for your future website. These placeholder pages may include contextual and/or other advertisements for products or services. Name.com will collect and retain any and all revenue acquired from these advertisements, and you will have no right to any information or funds generated via the Parked Domain Service.
You agree that we may display our logo and links to our website(s) on pages using the Parked Domain Service.
Name.com will make no effort to edit, control, monitor, or restrict the content displayed by the Parked Page Service. Any advertising displayed on your parked page may be based on the content of your domain name and may include advertisements of you and/or your competitors. It is your responsibility to ensure that all content placed on the parked page conforms to all local, state, federal, and international laws and regulations.
It is your obligation to ensure that no third party intellectual or proprietary rights are being violated or infringed due to the content placed on your parked page. Neither Name.com nor our advertising partners will be liable to you for any criminal or civil sanctions imposed as a direct or indirect result of the content or links (or the content of the websites to which the links resolve) displayed on your parked pages.
As further set forth above, you agree to indemnify and hold Name.com and its affiliated parties harmless for any harm or damages arising from your use of the Parked Domain Service.
Thanks. That was my post. Sad to see others have dealt with this before. I went through their TOS, and there's no way in hell their "Parked Domains" clause is applicable to DNS failovers. What they are doing is just totally wrong. I wrote a second post about it as an Open Letter to them here : http://www.destructuring.net/2013/02/28/an-open-letter-to-na...
I caught Hover.com doing something similar a couple of years ago. They were adding forwards not for subdomains but paths of the root domain. I actually switched to Name.com for this very reason, troubling to see another pulling this stuff.
I moved quite a few domains to Hover within the last 2 months. I went and immediately checked the forwards section after reading your comment. Thankfully, there are ZERO forwards setup. I'm guessing they stopped pre-configuring example forwards for demonstration purposes.
I posted about this almost two years ago (http://news.ycombinator.com/item?id=2443710) ... I am eagerly looking forward to DNSimple (http://dnsimple.com) entering the market as their own registrar (instead of reselling enom). Their founder has said that is a high priority goal for them this year which will immediately make them the registrar and DNS provider for all of my domains.
A bit off topic, but I used to work for a company called NAME that had the name.com domain. They went out of business in the dot com bust of 2001, and I guess the domain got sold. I can't see name.com without thinking of that.
I actually just ran into this. I had a client forget to add a www CNAME record, so they thought the site was "hacked" when they added the www to their domain and got this parked site. Luckily, it's not a cached record, so when we fixed it, DNS servers started finding the right record immediately.