DNSCurve & External Secondary DNS from BuddyNS Server Upgrade

There is an upgrade to the BuddyNS service, they are introducing DNSCurve encryption lookups (or something like that - I haven’t looked into it yet) - and two of their servers have been moved to upgraded infrastructure (change of IP addresses).

The External DNS input field of MiaB only accepts IP addresses, but on this delegation config page they suggest setting a hostname.

I have not updated yet, but doing an nslookup on the moved servers (Germany & Canada), I guess if I needed to could just use the IP address in reply.

The upgrade goes live April 20 said an email I received.

Happy to keep discussion and testing.

1 Like

buddyDNS works like a charm! Only, I need to figure out how to allow AXFR to an ipv6 NS. It is easy with an NSD set up manually without all those signatures…

AXFR to IPv6 works exactly the same as AXFR to IPv4. See the note on the Custom DNS page: Hmm, no apparently MiaB does not accept the IPv6 addresses.

To enable zone transfers to additional servers without listing them as secondary nameservers, add xfr:IPADDRESS .

I think that the problem may be that MiaB may not allow the large number of xfr servers that BuddyNS requires. Seemingly the problem is that MiaB does not accept IPv6 addresses in the secondary nameserver field.

I used to use BuddyNS for secondary DNS for another organization, but when they introduced “DNSCurve” the fee that we had to pay went from $3 to $18 - no thanks. They appear to have rolled that back now, but it is too late for me.

I also question this “DNSCurve” technology. I have not seen anyone institute it, It was a proposed standard from 2009. The most recent update that I see on their web page is from 2010. To me it appears that the proposed standard was dropped and the project is mostly dead. Which makes me wonder why BuddyNS has instituted it?

I suspect that DNSCurve is nothing more than marketing hype from BuddyNS as they seem to be the only player instituting it. If my suspicion is incorrect, I would like to see some information to the contrary.

1 Like

Well I guess I am one of just a handful of guys who are ahead of the DNSCurve :woozy_face:

  python2 dnsq.py txt ttt.xco.com

works for me (other domain). I was presuming that systemD-resolve would support that Bernstein-DNScurve, given how Poettering kept saying how great his resolver was.

indeed there are several free (secondary) NS (like variomedia) so it is not well liked when they change policy in an aprupt manner, like M$ did with GitHub.

With a manual NSD it is easy to have those 3 DNS-buddies working but the critique that came up was “refuted” in a pretty lame fashion by Bud. Then again, I know of other free DNS services that suck big time.

Their slogan "DNSCurve is the best mean to bring security to the masses quickly. " seems odd given that nobody uses it and ICANN is never going to implement it either.

They seem like guys who came up with an alternative theory of relativity or sth. LOL

I tried again, but MiaB explicitly gives the error:

‘2605:6400:30:fd6e::3’ is not an IPv4 address.

nsd can handily AXFR to an IPv6 tho when instructed via .conf file, but those nsd.conf are signed in MiaB…

Hmm … I may well have been mistaken on this. I was thinking the conversation about BuddyNS and the fact that I used them before … but then realized that at the time they did not require AXFR to IPv6 addresses … which was another reason I dumped them as mentioned elsewhere.

So, I stand corrected, thanks!

1 Like

Hey folks,

Thanks @mylo and @eeeee for the flowers :slight_smile:

A couple of quick mentions:

Regarding IPv6: You don’t really need to allow IPv6 sources for AXFR setup. If your master is IPv4, you can stick with the IPv4 addresses only out of the list. We include the IPv6 addresses to make your life easy in case you choose to change.

Regarding change of plans: we never changed any plan. DNSCurve was free for all from day one. The pricing you mention is for a new offering, independent from DNSCurve and aimed at organizations, which includes Anycast, DNSSEC, 2-Factor authentication and further perks.

Regarding DNSCurve: there are many resolvers out there supporting for DNSCurve, and we hope to increase that going forward by offering free, drop-in support from a known vendor. OpenDNS, as an example, long supported DNSCurve quietly, and only lost it after the Cisco takeover.
Why DNSCurve? After two decades, most domains still lack DNSSEC support, mostly for its technical & maintenance complexity. We believe DNSCurve constitutes an efficient alternative for those users than staying with no security at all for more decades :slight_smile:

Before a flame starts – we don’t say DNSCurve is better than DNSSEC. We actually support both :slight_smile:

1 Like