Tell HN: NetworkSolutions.com lost the ability to update root DNS w/ custom DNS

2 years ago

This is mostly just for the DNS admins and hobbyists out there. If you have domains with web.com / networksolutions.com and you have defined custom nameservers meaning you put in an IP with a domain name and in the past it updated the root DNS servers then do not change it. The UI will let you change it but they no longer have the ability to update the root DNS servers with your custom nameservers that you or your company manage yourselves. The NetworkSolutions.com UI will let you do it, but it won't actually do anything. This is per their support team. I do not know when or why they lost this ability. I am also no longer able to call anyone there, it's web chat only.

To be clear(er) this is for custom name servers that you manage yourself, not their name servers and not for DNS servers that are already defined in the root anycast clusters. If anyone is not clear what I am talking about this probably doesn't apply to you.

46 comments

LinuxBender

Reply
gp  2 years ago

I once worked for a firm that used NetworkSolutions and spent a lot of time in their online portal and with their support. I do not have anything nice to say about them, their services, or their billing practices.

boutell  2 years ago

Network Solutions was the original registrar. Since then they have done absolutely nothing to build on that, beyond cashing in on the inertia of people who haven't left. They are the America Online of domain registration.

  • m463  2 years ago

    I have had a domain via network solutions since the start. I have had zero drama.

    Remember, people who manage servers want nothing to change, ever.

rjbwork  2 years ago

This is fairly surprising and indeed, alarming. They've been in the game forever. If anyone should be able to do basic functions of their company, it should be them.

I wonder how much value has been extracted in the name of efficiency that it's gotten to the point they've lost the ability to perform the basic functions of being a registrar?

  • johnklos  2 years ago

    They excel in sucking so much that people are afraid to move away and continue to pay $100 a year or more to just register a domain with "features" that aren't of use to anyone.

duskwuff  2 years ago

I think the term you're looking for is "glue records", not "root DNS". Using that term with NetSol support may get you better results.

  • LinuxBender  2 years ago

    They did understand but said that function no longer works. I don't know why the UI still exists. To be clear you can add name servers that were already defined to your zones in the root servers but can not create new ones. So I could for example add pdns196.ultradns.org as an authoritative NS for my zones but if I rack mount a server and expose DNS using one of my domains then people will only learn about it when they query my NS records from other DNS servers that are already defined such as ultradns, google, etc... because they already queried NS from pdns196 meaning to your point that one I just provisioned will lack glue records in the root DNS servers.

    • amluto  2 years ago

      This has nothing to do with root zones. The root zones tell a resolver where to send the next query to find .org domains, for example. They don’t know about your zone, nor should they.

      > pdns196.ultradns.org as an authoritative NS for my zones

      Okay, sounds like what most registrars can do. (Although Cloudflare seems to have very odd concepts of what DNS means…)

      > but if I rack mount a server and expose DNS using one of my domains

      I can’t parse this. Are you saying you have a server with a fixed IP address and it’s running an authoritative DNS server for one of your domains?

      > people will only learn about it when they query my NS records from other DNS servers that are already defined such as ultradns, google, etc...

      This almost sounds like common recursive resolvers like 8.8.8.8 can find you, which is what you would expect.

      > because they already queried NS from pdns196

      Queried NS for what domain?

      > meaning to your point that one I just provisioned will lack glue records in the root DNS servers.

      Of course it lacks glue records in the root servers. It’s the servers for the level in which you are registered that should have the records.

      Maybe post the output from dig +trace [domain] and explain how the output differs from what you expect?

      3 replies →

miles  2 years ago

So is their official solution for customers to change name servers to move the domains to a different registrar?

  • LinuxBender  2 years ago

    So is their official solution for customers to change name servers to move the domains to a different registrar?

    I don't know. Either that or perhaps they might expect people using them as a registrar to also use them for DNS or to use another one of the paid DNS provider services. I only had a short conversation on their web chat and that person had to ask others.

drunner  2 years ago

Their ui is horrendous. It wouldn't let a customer add a TXT record recently because 'a txt record already exists for that domain', lol

wrs  2 years ago

People still use Network Solutions? Is there a reason?

They disappeared from my view after their domain front-running fiasco (wow, in 2008, how time flies).

  • johnklos  2 years ago

    They are an incredibly shitty company.

    As late as last year, and possibly even now, they were STILL charging extra if you wanted to use TLS connections for email. Otherwise, they're more than happy to allow connections with passwords over cleartext.

    Their failure modes for all sorts of things is to default to pointing everything at their servers.

    I wouldn't be surprised if they decide to charge extra for "premium" registrar features like adding glue for nameservers.

    Anyone using them should move away as soon as humanly possible, even though they make it incredibly difficult to do so.

  • selykg  2 years ago

    One of the reasons I am using it (I inherited it, looking to move) is due to being able to delegate some responsibilities to other staff without giving them the whole thing.

    What other services would you recommend that provide the same? I reached out to their support because I couldn't update contact info and the spam to my company phone line was so ridiculous I had to send it to voice mail for a month.

    I'd love a service that lets me delegate some technical aspects to others. Godaddy is a non-option.

    All the services I use personally are, well, for personal use and don't seem to support multiple accounts.

  • detourdog  2 years ago

    I have been registered with them since pre-icann. I never had a reason to change. I paid for my domain for a 100 years and now I just pay yearly automatically the last time I dealt with them.

    I have my DNS handled by panix.com.

  • Dalewyn  2 years ago

    >People still use Network Solutions? Is there a reason?

    I'm with them since time immemorial.

    The cost and headaches, both actual and potential, of the downtime incurred changing providers exceeds the potential savings in annual bills.

    • xp84  2 years ago

      Are we talking thousands of domains or something? It’s been quite simple in my personal experience, just first creating matching DNS records anywhere else, then do the NS change for the domain, then do the registrar transfer. I’ve never had downtime.

Animats  2 years ago

1. How can you tell if a DNS server is already defined in the root anycast clusters?

2. What's a good domain registry for an important domain? One where you own the domain, like Gandi, rather than just renting it from the domain registry, as with current NetSol terms?

  • duskwuff  2 years ago

    > One where you own the domain, like Gandi, rather than just renting it from the domain registry, as with current NetSol terms?

    I don't think this distinction exists in the way you think it does. Different registrars may use different phrasing when referring to the registrant of a domain, but no matter whether the registrar uses the words "owner" or "rent", you're paying to be temporarily treated as the registrant of a domain name.

    (There are some weird registrars like Njalla where the customer explicitly isn't even listed as the registrant of the domain, but that's probably not what you mean.)

  • LinuxBender  2 years ago

    How can you tell if a DNS server is already defined in the root anycast clusters?

    One way is to query one of the root servers responsible for that TLD

    If example.net, then adding extra steps to make it more explicit what's happening.

        # get the root servers for .net
    dig NS net
    net.   7 IN NS e.gtld-servers.net.
    [snip...]

    # just adding this step to make it more descriptive of whats happening
    dig +short e.gtld-servers.net
    192.12.94.30

    dig @192.12.94.30 +all +norecurse +nocookie -t ns example.net

    ;; AUTHORITY SECTION:
    example.net.  172800 IN NS a.iana-servers.net.
    example.net.  172800 IN NS b.iana-servers.net.
    [snip ... extra data ignored]

    What's a good domain registry for an important domain? One where you own the domain, like Gandi, rather than just renting it from the domain registry, as with current NetSol terms?

    All domains are rented. Premium registrars like MarkMonitor have monitoring options to see if someone managed to change the root servers for your domain and will try to fix it but I have no idea if they still do that or if they are still any good. They are meant for businesses.

  • Repulsion9513  2 years ago

    > 1. How can you tell if a DNS server is already defined in the root anycast clusters?

    Is it yours? Then did you define it?

    Is it someone else's? Then yes.

    > 2. What's a good domain registry for an important domain? One where you own the domain, like Gandi, rather than just renting it from the domain registry, as with current NetSol terms?

    That's not how any of that works.

    The registry is the TLD.

    The registrar is Gandi or Network Solutions.

    You are always renting a domain from the registry, subject to the terms and whims of the registry and registrar.

    • Animats  2 years ago

      > You are always renting a domain from the registry, subject to the terms and whims of the registry and registrar.

      That is usually true today. It wasn't true for Gandi until this change in their terms in 2020. Until then, they did not have the contractual authority to arbitrarily cancel a domain registration. Note the change to their terms at 4(ii).

      Slowly, over the years, domain registrars have claimed more and more control over domains. Domain names have been considered property in a few cases, but it's not settled law.[2]

      This led big companies to become registrars themselves. At one time, most of the big names - "google.com", "facebook.com" were registered with Network Solutions, when it was a standalone company or part of Verisign. Now, the big guys have in-house registrars, for safety. They don't want to trust those Web.com guys in Florida.

      [1] https://www.icann.org/en/system/files/files/terms-of-service...

      [2] https://circleid.com/posts/20180628_domain_names_considered_...

      1 reply →

Ayesh  2 years ago

Probably the best "Solution" is to just move to another registrar.

As someone with dozens of domains, unaffiliated, I can recommend:

- PorkBun: No-bullshit UI, no absurd first-year promotions to trick you with a higher renewal fee, and support for DNSSEC and Glue records. Domain transfer auth codes are shown in the UI, not emailed to you. Free URL redirects with HTTPS.

- SpaceShip: From Namecheap, but with none of Namecheap stuf. Slow UI, modern UI, easier for bigger portfolios. DNSSEC and Glue records.

No matter the registrar, I recommend not to use their (free or otherwise) Authorative DNS service, URL redirects, email hosting, etc.

Unlike what it may look like, DNS hosting, emails, etc. are value-adds registrars provide. The only things you need registrars are to buy/renew the domains, set nameservers (and optionally Glue records), update DNSSEC records, and update WHOIS.

plagiat0r  2 years ago

It may be trival, but head to icaan accredited registrar list and you have more than 2800 competitors to transfer your domain to.

Pick one that supports glue records, ipv6 glue, and dnssec, but unfortunately the icaan list does not provide this information...

The one I use for 20+ years is gkg.net. they support all of the above, and "hosts" (glue records) supports ipv4 and ipv6, but also multiple addresses per name.

Gkg IANA number is 93 so they are here for a long time.

mindslight  2 years ago

Have you tried disabling transfer lock before editing the glue records? On Hover this is necessary for either changing nameservers or glue records (otherwise it fails with a weird error). Although I'm not sure if it is a registrar mechanic or just a Tucows/OpenSRS thing.

mike503  2 years ago

Last I interacted with their support, they had plaintext view of my customer's password. They used it for verification.

Terrible company. Terrible practices. Pathetic.

  • Repulsion9513  2 years ago

    Ugh, flashbacks to Hostgator, where random employees (like literally all of the customer support trainers and supervisors?) had access to view not only the customer's "security PIN" but also their full, unredacted CC#... (And everyone else could see 10 digits of the CC#, i.e. only 6 digits were masked!)