Hacker Newsnew | comments | show | ask | jobs | submit | login

You can really easily setup alarms on cost, start with a $50 alarm, $100, $200, etc and you'll get notified by email when you've spent that much.

-----


I would assume Prolexic or Incapsula, assuming they're using a high end provider (which they should, DDOS attacks against smaller DNS providers being so easy to carry out).

-----


A few people do ALIAS style records, DNSMadeEasy and EasyDNS do "ANAME" records which are pretty much the same.

-----


Will these services not have the same thin pipe issue that's currently affecting DNSimple?

-----


Not that I have any reliable info, but what I've heard, DNS Made Easy is a pretty stable and established DNS provider.

They brag about "99.9999% uptime history" at http://www.dnsmadeeasy.com/technology/.

Though they doesn't seem as innovative and nice as DNSimple. Really hope things work out for DNSimple (really like the idea of their beta feature GitHub sync).

-----


How does their beta-feature with github work? I can't find any obvious link and it seems frustratingly close to something I offer over at https://dns-api.com/ ..

(I wrap Amazon's route53 with DNS entries read from github/gitbucket/similar.)

-----


And link to their Git support is here: http://support.dnsimple.com/articles/github-sync/ (if only DNS wasn't down..)

-----


Interesting thanks.

An interesting/custom choice to use JSON, and real github integration rather than using hooks as I did.

-----


Can you use custom nameservers with your service?

-----


AWS Route 53 has added vanity DNS in the last few weeks, so you can make your DNS servers appear to be ns0.yourdomain.com rather than ns153.awsdomain.com (or whatever)

However, making your DNS servers to be responsible for serving their own DNS is a bit of an extra complexity and risk that no customer will ever care about..

-----


Nice. Got a link for this one?

-----


It was oddly snuck into the private DNS announcement

http://aws.amazon.com/blogs/aws/route-53-update-private-dns-...

"You can create generic "white label" name servers such as ns1.example.com and ns2.example.com, use them in your delegation set, and point them to your actual Route 53 name servers."

-----


When you upload a new zone it will be assigned a set of nameservers - four. You can't choose what they are in advance, and you can't specify the TLDs. So you might end up with "ns-1933.awsdns-49.co.uk.", "ns-1109.awsdns-10.org.", or similar.

Does that answer the question? I'm a little hazy on what you're actually asking.

-----


Old DnsMadeEasy customer here (used them for several years before moving to AWS). They were rock solid. We used them for hosting DNS for major cruise lines (fancy, very fancy ones), as well as other large Fortune 500 clients.

Their interface is pretty bad, but the backend is hardy.

-----


It's unlikely, DNSimple appear to have relied on a single network provider and a limited number of name servers.

If I do a traceroute to the 5 DNSMadeEasy name server records (they actually run many more hosts) I go via 3 different networks - GTT, NTT, and Tata.

-----


For those who wonder why, this seems to be a decent explanation of the issue:

http://lists.freebsd.org/pipermail/freebsd-stable/2014-Septe...

So you can have ZFS pools with 4K blocks, it's just if you've chosen 512-bytes at the start, you're going to struggle

-----


Doesn't the current install of FreeBSD default to 4k blocks even on 512-byte drives?

-----


No. There is a vfs.zfs.min_auto_ashift sysctl you can poke now instead of messing about with gnop, but it still defaults to 9 (512b).

-----


Yes. As do all of the illumos derived builds.

-----


No they don't. They create the pool based on the ashift that the drives report, unless you override it at pool creation.

-----


I think ZoL does 4k by default now as well.

-----


No, but if your SSL certificate has been exposed by Heartbleed, it would be sensible to revoke that certificate to prevent potential spoofing attacks, wouldn't it?

StartSSL charge you for revoking that exposed certificate, so your choices are you pay for the revocation, or wait until the certificate expires.

-----


In there defence this their treatment of revocation requests is made quite plain in their policies, and any heartbleed exposure was not their fault (their signing certs were not affected IIRC).

Now if there had been a problem with their signing certificates then I would have expected them to revoke anything affected for free and offer replacements similarly at no cost.

OK, they could have done that anyway (or perhaps offered a discount on the revoke charge) as an good will gesture, but they didn't, so what.

-----


Leaving aside the question of whether their response was reasonable (I see the arguments either way), it turned out that using their service to secure your website was not free.

-----


> it turned out that using their service to secure your website was not free

All they claim is to provide free certificates for non-commercial use, and that they do provide. If people read something else into that it isn't because they were deliberately led to.

Though many people picking up a cert without really knowing the infrastructure won't know about revocation infrastructure and such so might have mislead themselves by having not read the Ts&Csm.

-----


actually, what i think is.. they're as near 'free' as it gets, probably. at least there's no up front cost using them. then its a lottery as to when u need to pay them to revoke... it could still end up cheaper than paying yearly fees for other certs, i imagine.. total cost of ownership or something..

-----


I've just signed up for a 5 year certificate using https://www.gogetssl.com/comodo-ssl-certificates/comodo-posi... for $18 - I know there's annual free ones, but at that price is it worth the hassle of renewing?

Never used them before, but they're just a Comodo reseller, and they take Paypal, so there seemed little that could go wrong.

Has so far gone smoothly, certificate installed, passes the SSL test google mention, https://www.ssllabs.com/ssltest/ so it all seems good

-----


At its simplest, you should be able to backup to another Amazon S3 setup, that's completely isolated, belonging to a separate account.

Backups should be initiated from a production account access key where "Create" access has been granted, but all the storage and maintenance by another AWS account with it's own access key.

However, I'm not sure that's technically feasible at the moment, without quite a lot of manual scripting

-----


Tarsnap makes that approach easy. Well, easy if you're comfortable with command line tools.

-----


I don't think it does? The iMessage servers would simply reply to the sender device, saying "Number not active in iMessage", and give the sender a prompt to send by SMS.

-----


It's a shame the containers appear to be stuck at 1 container per VM, which is fairly limiting, there's no real reason why you wouldn't run 10 or more containers on 1 VM other than IP allocation (which AWS already does very well)

-----


Agree - but, this is a good initial offering I believe should only get better with time.

This is a great thing for AWS and for Docker users.

-----


Surely it's just that the other domain used to point at a website hosted on Digital Ocean, which has recycled the IP address?

The old user just has bothered to update their DNS records.

-----

More

Applications are open for YC Summer 2015

Guidelines | FAQ | Support | API | Lists | Bookmarklet | DMCA | Y Combinator | Apply | Contact

Search: