More

StuntPope · 2026-04-01T15:18:00 1775056680

[flagged] lol.

StuntPope · 2026-04-01T14:24:35 1775053475

just one?

Henchman21 · 2026-04-01T21:26:52 1775078812

One local unbound process seems to work quite well for me

StuntPope · 2026-04-01T22:10:11 1775081411

You're thinking of resolvers.

StuntPope · 2025-06-05T23:57:30 1749167850

One thing I didn't realize until after this was posted was that the wiretaps ISPs will be ordered to perform under C-2 are warrantless. Just ministry orders.

StuntPope · on Dec 9, 2024

easyDNS here. Our ears were burning as multiple people have mentioned us in this thread.

If you want to get with a registrar who is actually clueful about takedowns, we can help you out.

StuntPope · on Aug 1, 2024

The Gell-Mann Amnesia is strong in this story and thead.

As I posted on Krebs' article:

This is neither news nor new. There have been prior panics around this “water is wet” type issue going back at least a decade.

(Search up “Floating Domains – Taking Over 20K DigitalOcean Domains via a Lax Domain Import System” – and others).

I also wrote about this on CircleID from the DNS operator’s perspective (“Nameserver Operators Need the Ability to “Disavow” Domains”) – after this same issue was used to DDoS attack another DNS provider by delegating a domain to their DNS servers without having setup an account there, and then doing a DNS reflection attack on that domain. That was over ten years ago.

The fact that people can delegate their own domains to somebody else’s nameservers without ever properly setting up a zone on those nameservers, or ever keeping track of where THEIR OWN DOMAINS point is 100% the responsibility of the domain owner – and to varying degrees a function of their REGISTRAR – who is the only entity that has any control over it.

It’s a weird flex for corporate registrars who purport to be “high touch” and exclusive, to simply shrug their shoulders and turn a blind eye to their own clients’ obviously broken and vulnerable nameserver delegations.

For our part this is specifically one of things we actively monitor and alert our clients about.

StuntPope · on May 9, 2024

easyDNS and OpenDNS have completely different founders. You are probably confused with EveryDNS - was founded by the same person who started OpenDNS.

1vuio0pswjnm7 · on May 9, 2024

Apologies for the inadvertence. Thank you for the correction.

https://www.theglobeandmail.com/technology/canadian-firm-cau...

StuntPope · on April 13, 2024

Default behaviour in a registrar transfer is to leave the nameservers as is - the rar has to explicitly send a new ns set in the transfer call to effect a change.

Are you positive you didn't accidentally tick a checkbox or anything to use their nameservers?

Ianvdl · on April 13, 2024

Yeah that's why I didn't expect anything to change - if I missed a checkbox somewhere I'd consider it to be a dark pattern, honestly.

StuntPope · on Jan 29, 2024

I've been monitoring this with an eye toward creating a honeypot for DMARC abuse but so far been seeing zero messages come in.

Either the spammers haven't figured it out yet, or they realize it's a waste of time since all the messages are either mechanically processed or ignored.

StuntPope · on Jan 26, 2024

You'll still be able to to run personal email from your domain - I'd add SPF and a minimal DMARC and you'll be fine.

StuntPope · on Oct 9, 2023

It's called "The Cantillion Effect".

g8oz · on Oct 9, 2023

Thanks for that. Investopedia has a good primer on it.

https://www.investopedia.com/terms/b/biflation.asp