There is an upgrade to the BuddyNS service, they are introducing DNSCurve encryption lookups (or something like that - I haven’t looked into it yet) - and two of their servers have been moved to upgraded infrastructure (change of IP addresses).
The External DNS input field of MiaB only accepts IP addresses, but on this delegation config page they suggest setting a hostname.
I have not updated yet, but doing an nslookup on the moved servers (Germany & Canada), I guess if I needed to could just use the IP address in reply.
The upgrade goes live April 20 said an email I received.
buddyDNS works like a charm! Only, I need to figure out how to allow AXFR to an ipv6 NS. It is easy with an NSD set up manually without all those signatures…
AXFR to IPv6 works exactly the same as AXFR to IPv4. See the note on the Custom DNS page: Hmm, no apparently MiaB does not accept the IPv6 addresses.
To enable zone transfers to additional servers without listing them as secondary nameservers, add xfr:IPADDRESS .
I think that the problem may be that MiaB may not allow the large number of xfr servers that BuddyNS requires. Seemingly the problem is that MiaB does not accept IPv6 addresses in the secondary nameserver field.
I used to use BuddyNS for secondary DNS for another organization, but when they introduced “DNSCurve” the fee that we had to pay went from $3 to $18 - no thanks. They appear to have rolled that back now, but it is too late for me.
I also question this “DNSCurve” technology. I have not seen anyone institute it, It was a proposed standard from 2009. The most recent update that I see on their web page is from 2010. To me it appears that the proposed standard was dropped and the project is mostly dead. Which makes me wonder why BuddyNS has instituted it?
I suspect that DNSCurve is nothing more than marketing hype from BuddyNS as they seem to be the only player instituting it. If my suspicion is incorrect, I would like to see some information to the contrary.
Well I guess I am one of just a handful of guys who are ahead of the DNSCurve
python2 dnsq.py txt ttt.xco.com 107.191.99.111
works for me (other domain). I was presuming that systemD-resolve would support that Bernstein-DNScurve, given how Poettering kept saying how great his resolver was.
indeed there are several free (secondary) NS (like variomedia) so it is not well liked when they change policy in an aprupt manner, like M$ did with GitHub.
With a manual NSD it is easy to have those 3 DNS-buddies working but the critique that came up was “refuted” in a pretty lame fashion by Bud. Then again, I know of other free DNS services that suck big time.
Their slogan "DNSCurve is the best mean to bring security to the masses quickly. " seems odd given that nobody uses it and ICANN is never going to implement it either.
They seem like guys who came up with an alternative theory of relativity or sth. LOL
Hmm … I may well have been mistaken on this. I was thinking the conversation about BuddyNS and the fact that I used them before … but then realized that at the time they did not require AXFR to IPv6 addresses … which was another reason I dumped them as mentioned elsewhere.
Regarding IPv6: You don’t really need to allow IPv6 sources for AXFR setup. If your master is IPv4, you can stick with the IPv4 addresses only out of the list. We include the IPv6 addresses to make your life easy in case you choose to change.
Regarding change of plans: we never changed any plan. DNSCurve was free for all from day one. The pricing you mention is for a new offering, independent from DNSCurve and aimed at organizations, which includes Anycast, DNSSEC, 2-Factor authentication and further perks.
Regarding DNSCurve: there are many resolvers out there supporting for DNSCurve, and we hope to increase that going forward by offering free, drop-in support from a known vendor. OpenDNS, as an example, long supported DNSCurve quietly, and only lost it after the Cisco takeover.
Why DNSCurve? After two decades, most domains still lack DNSSEC support, mostly for its technical & maintenance complexity. We believe DNSCurve constitutes an efficient alternative for those users than staying with no security at all for more decades
Before a flame starts – we don’t say DNSCurve is better than DNSSEC. We actually support both
