the argument for .ml domain has always been absurd to begin with. So it’s free but the price you pay is that it’s being run by Mali. I’d just drop 8$/year tbh, that’s not a hill you want to die for. Also you harm your project by being SEO punished for using spam-associated TLDs like this. One of the reasons original Lemmy took so long to adopt until Reddit’s API drama. Pretty dumb ngl.
If i remember right it was also “free to register but insanely expensive to renew once they start to see traffic”
Renewal costs are my primary consideration when picking domains. Subscription fees is how your money disappears when you’re not looking.
Anyone know how companies get the rights to domains to sell in the first place? Do they literally submit a list of all domains to ICANN or something? Sorry if this is a stupid question, I just never understood how any of this really works.
TLD - Top Level Domain (.com .ml .whatever)
Registrar - NameCheap, PorkBun, etc. Submits your domain.TLD request to a Registry
Registry - Maintains the list of domains for a specific TLD and the server infrastructure to run the TLD
ICANN - Decides who can be a Registry and for which TLD. Not involved in the nitty gritty of individual domain names.
How is that decision made? How hard would it be for a group of amateurs to make an rog and try to be a registry or registrar.
ICANN hands out top-level domains (TLDs - such as .com, .org and .ml), either to organisations or government agencies. They, in turn, hand out secondary domains to companies or regional organisations. For example, the TLD .jp belongs to the Japanese government and is operated by an agency called Japan Registry Services. In turn, it hand out the .tokyo.jp secondary domain to the Tokyo Metropolitan government. They, in turn, manage domains for various departments, wards, etc.
But individuals and businesses in Tokyo can also use the .tokyo TLD, which is owned by a private company called GMO Internet Group. And of course anyone can use .com or .org, although you may have tp pay a pretty big fee.
Hi, professional DNS engineer here! if anyone has any questions about the inner workings of DNS or top level domains, ask away! (THIS IS MY MOMENT)
Why is it always DNS?
Because DNS is the user-facing part of the whole system. There is plenty of trouble with everything else, but you usually don’t see that as a user. Also it’s a hierarchical system with big providers/governments giving and taking names as they see fit, so there is always the possibility to get screwed.
Because its always DNS
Because it’s the least-likely position to be staffed by a company. It’s the “least important” person to have… until it breaks. Often a company relies on routing-switching engineers to do DNS instead of hiring a dedicated DDI engineer (DNS, DHCP, IPAM). It saves money in the short term, but when shit hits the fan… no one knows how to fix it because DNS is really easy until it’s not. DNS is super simple at a basic level. But it goes way deeper than most people realize.
Well that sounds like my dream job, unfortunately this issue in particular is more of a Lemmy problem, not a DNS problem. See: https://lemmy.nrd.li/comment/190200 for the explanation of why you cant just transfer domains with Lemmy.
Also, if you’re genuinely interested in this field, first you should enter the world of enterprise network engineering. Get Security +, CCNA, and PCNSA. With those certs in hand (and knowledge in your brain), apply to jobs as a network support engineer. Do the work for a few years. Learn BIND. Learn Infoblox. Focus on learning DHCP and subnetting. Learn DNSSEC & IPv6. Experiment with a Pi Hole. Set up a home lab. Apply to jobs with DNS. Start living the good life. This takes about 10 years if you learn fast and are good at interviews.
I only just now saw this post, the last month i have already been going all out to learn everything that i need for my Security+ (then CySec+) i have a 30hr video course im part way thorugh, and ive set up a few VMs with various servers like OWASP Security Shepherd and Dam Vunurable Web App for some more hands on experience as well as testing on my personal production Nextcloud and Jellyfin servers and ive been having alot of fun with it all, i think im pretty solid with DHCP and subnetting already through my home networking adventures. I will look into each of those other Certs and each thing you mention to learn thank you! Ive been deep into various Linux systems since about 2008 and im hoping to leverage that as much as i can(although its left me with a lack of modern Windows experience).
Thank you so much for all the tips! I feel some good things coming as im getting into this as work.
I left my job as a network engineer to do DDI and it’s been a blast. A lot more to DNS than I could have imagined.
Also, a cat explains DNS.
Here is an alternative Piped link(s): https://piped.video/4ZtFk2dtqv0?si=uSI3Rzzh49cN_Yl5
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source, check me out at GitHub.
Ah, thanks for the info! I have no idea how Lemmy stuff works. I only became aware of Lemmy last month.
When I was talking my cyber security / ethical hacking class, we learned how to do zone transfer. The concept never stuck and I basically “copy” from my friend. So what exactly is a DNS Zone Transfer?
Friday I was doing a zone transfer! What are the odds?
A zone transfer is like moving houses, except for an authoritative zone.
In DNS, we have what’s called an authoritative zone. That means the device hosting the “resource records” (all the data that DNS passes around) is the “ultimate” answer. I.e, it’s not cached data. It’s not a hosts file. It’s not a recursive answer. It’s the real deal.
When you want to move the authoritative zone to another server, you do a “zone transfer” that means the new server will copy all the resource records over TCP from current authoritative zone. The reason you may want to do this instead of manually hand-jamming it is that many large organizations have, sometimes, hundreds of resource records (last month I coordinated a zone transfer that was over 1000 records!).
Why would a hacker want to conduct a zone transfer? In otherwords, what is the utility or usefulness of a zone transfer for a hacker (black or white hat)?
If you initiate a zone transfer, you can now claim to be authoritative for a zone. That means you can be a ‘bad actor’ DNS server that serves fake records. In practice, this means that you can redirect people to an attack site.
Let’s say you’re Joe the Random Internet User and you want to go to lemmy.world This is what happens in a non-attack (we’re skipping caching & non-authoritative answers for brevity):
- You type “lemmy.world” into your browser
- Your computer initiates a stub resolution for lemmy.world. (the trailing dot here isn’t a period. It’s the “true” FQDN)
- Computer looks at hosts file and doesn’t see anything
- DNS packets are sent to your configured DNS server. If you don’t have one configured, DHCP already configured it for you
- Your DNS server performs a recursive search for world by asking the root zone where the “world” Name Serer is
- root zone resolves world as:
world. 3600 IN NS v0n0.nic.world.
world. 3600 IN NS v0n1.nic.world.
world. 3600 IN NS v0n2.nic.world.
world. 3600 IN NS v0n3.nic.world.
world. 3600 IN NS v2n0.nic.world.
world. 3600 IN NS v2n1.nic.world.
- Your DNS server reaches out to one of those Name Server’s (That’s what the NS record is for) and asks it where “lemmy” is
- world Name Server responds with:
lemmy.world. 300 IN A 172.67.218.212
lemmy.world. 300 IN A 104.21.53.208
- Your DNS server contacts your computer and serves it those IP addresses. (A record’s are domain name to IP Address)
Now lets say there’s a DNS spoof attack:
- Before the “world” server can get back to your DNS server, the hackers server interjects with it’s own authoritative claim that lemmy is here:
lemmy.world. 300 IN A [attack site IP]
- Your DNS server contacts your computer and serves it that IP address. Your computer then contacts the attack site and you get a virus.
-
Could users set a temporary entry in their hosts file pointing the .ml domains to public IPs in order to regain access to their account if they needed to?
-
Can Lemmy federate to an IP address directly or will the settings only accept an fqdn?
-
Will a Lemmy instance work behind a reverse proxy.
Thanks for taking the time to answer questions.
There are several problem with this including total lack of SSL without the proper cert for that other domain, also Lemmy.ml’s IP seems to be running a reverse proxy so the internal IP that we would want to connect to is not visible to the world this is common for web security, the owners must set allowed domains and ports in their config file.
If none of that was a problem Lemmy itself does not do well with changing domains, as highlighted here: https://lemmy.nrd.li/comment/190200
- Yes. Unless there’s some kind of crazy domain-level hi-jinks involved with Lemmy (I am not versed in Lemmy), pointing directly to the IP will work if you bypass it by spoofing your DNS (Hosts file, for example).
- I don’t know how Lemmy federation works, sorry :(
- See #2
Sorry that I couldn’t answer more of your questions.
-
So, how some companies get right to sell TLDs? Can I start selling TLDs nowdays? It’s just that they were there first and get all top level domains and now we have to pay for it?
Thanks in advance.
They paid a huge amount of money to get a TLD
Companies don’t/can’t sell TLD’s. Only IANA can decide those. When the internet first started, .org, .net, .com etc. were handed out to non-profit organizations and the costs were purely to keep the servers running. Eventually though, when IANA decided to hand out country codes like .io (Indian Ocean), .cat (Catalonia) or .tv (Tuvalu), those countries rent their “desirable” names to private organizations that sell domain registrations for lots of money. In 2013, IANA decided to enact the gTLD auctions to help raise more money. Basically, if you wanted to (and had a lot of money & DNS engineers on staff), you could register any TLD you want provided you were willing to make a large donation to IANA. If someone else wanted it, they had to go into an action war over it. That’s how we ended up with things like .party or .sport or .world cough Now-a-days, if you want a TLD, you’d have to convince IANA to give you one… But good luck with that. They won’t give you one unless you’re some major corporation that can actually handle it. They also just don’t give them out. Usually it’s only when they really feel like more TLD’s are needed. It’s a very serious responsibility and mismanagement could accidentally DDOS a DNS root zone & impact the internet.
Why is it always dns
deleted by creator
They don’t know unless the DNS server tells them. For example, a very popular webhost Akamai uses a complex DNS + web hosting suite (DNS edgesuit to be exact) to send that type of data to the web servers. It can also allow for many many other features.
Woot we’re saved.
So why do we need the .com or .org or whatever at all? And the www. as well?
I remember when I had to type the whole http://www.cakefarts.com and now just cakefarts.com works. What changed? And what’s next?
To answer your other question: most likely, www.cakefarts.com is now accessible from cakefarts.com for one of three reasons:
- Your web browser automatically checks the A record “www” if “cakefarts.com” doesn’t have an A record. A records are the records in a DNS server that says “this domain goes here”
- The site cakefarts.com put their website on cakefarts.com and placed a CNAME record called “www” that points to cakefarts.com
- cakefarts.com has an APEX record that points to www.cakefarts.com
For the ‘record’, www is just a really common record name. There’s nothing special about it. You could have dudebro.cakefarts.com or wwwwwww.cakefarts.com. It’s up to the domain owner.
The “.com” and “.org” and all other Top Level Domains are owned/controlled by some organization.
Com and org are your original TLDs, so since they were around first you see them everywhere. At some point countries got their own TLDs so Mali got “ml” for example but Tuvalu got “tv”. (Yes, technically “.tv” has nothing to do with television.) And a few years back there was open bidding for a bunch of new TLDs which is where “.sport” or “.dentist” come from.
Anyone some entity owns/controls them and then can sell any word or domain under it. So if you want “greatgatsby.com” you have to talk to the “.com” owners. If you want “greatgatsby.sport” you talk to the “.sport” owners. Usually there is another company or agreement that groups these together so you can manage all your domains in one place.
So anyways now you own a domain like “greatgatsby.sport”, what do you want to host? Mail at “mail.greatgatsby.sport”? A website at world wide web aka “www.greatgatsby.sport”? Up to you.
Over time, largely by convention “www” became where you put your website.
From there you have two options, you can setup a redirect from “http://greatgatsby.sport” to “http://www.greatgatsby.sport” or you can do a little hosting “trick” and just make “http://greatgatsby.sport” return your website.
Btw, .com is owned by the US Department of COMmerce. .org is owned by a non-profit organization called “Public Internet Registry”
Why is it always DNS?
How does the TLD get reclaimed? I’m assuming whoever was previously the “owner” of the .ml tld was on board and Mali didn’t just come along and snatch it away?
So here’s the thing about TLD’s, ownership of them is determined by IANA (Internet Assigned Numbers Authority). They’re basically my career’s gods. If they tell me to jump, I ask “how high”. They control the DNS root zone. Effectively, that’s the actual top-level of ALL domains. If they decide to remove a TLD or reassign it, all you can do is lodge a complaint straight to their shredder. They’re owned and operated by ICANN, a non-profit organization.
Back in 2013, Mali allowed a private Netherlands company to “manage” (rent) their TLD, .ML Recently, that company (Freenom) got sued by Meta. Even though I don’t really like Meta, as a network engineer, I don’t like Freenom even more. They turn a blind eye to bad actors on the internet, refuse to investigate hackers/scammers/DDOSers, and generally refuse to play ball. They are a huge pain in the ass. Due to the lawsuit, IANA reassigned ML to Mali since they asked for it. At the end of the day you “cant” sell a country-level TLD. Mali was renting it to Freenom under the table. This happens a lot and IANA usually just looks the other way. .io for example is the freakin’ Indian Ocean.
So yeah, Mali didn’t “snatch” it. They just asked IANA to reassign it and there isn’t shit Freenom can do about it since they never “really” owned it in the first place.
lemmygrad.ml and lemmy.ml are gone? So sad.
Anyway.
Link to the actual post OP screenshotted: https://very.bignutty.xyz/notes/9hf13it1ced3b2za
Screenshots of text are not the way. The crappy “hey, a text thing I want to share, let me take an accessibility-poisoning screenshot and upload that graphic file like a psychopath instead of just copy/pasting either the link to the text or the text itself like a decent human being” routine needs to die with Reddit, we have to be better than that here.
Screenshots of text preserve the state of the text at the time it was seen…
Yes, it’s not good for accessibility but it’s a good way to quickly capture a moment in time.
(I would recommend perhaps also copy/pasting a synopsis for people who might be vision impaired etc)
So copy/paste the text for your snapshot, and link to the original.
That’s kinda what I was saying? Include the snapshot but also the original text body as a copy/paste for those using screen-readers or other such tools
Also, modern tools are getting pretty good at dealing with text embedded in images. It isn’t ideal but this partially mitigates a large concern (accessibility). Rather than complaining about people taking screenshots maybe pressure should be placed on the screenshot tools, and image formats, to better capture the raw text exactly and embed it as extra data along with the image.
At the least, put the screenshot and the link in the post. We can do both, people.
Yeah, this is the correct way, because posts often become inaccessible.
deleted by creator
So copy/paste the text, and link the original.
In the case of this post, the ability to go to the original and learn the further info added by the author in subsequent posts is of use.
deleted by creator
Screenshots are no more unalterable or trustworthy than text. Why not copy/pasted text and a link?
deleted by creator
No, but everyone can access and read that in their own choice of viewing tech without problem, even on very large or very small monitors, even through automatic translation apps, even in an audio screen reader or a braille interface.
An important part of the fuel of the exodus from Reddit to here was Reddit deliberately shitting on users who happen to have special accessibility needs. Lemmy - the software and the user community - needs to be better than that to earn its place as rightful successor.
deleted by creator
They can do that in the image as well.
We should copy paste the text, post a screenshot as an attachment, and a link, and then carve the screenshot into a stone tablet to be put on display in the basement of the british national history museum
holy shit guys, just post the data however the fuck is easiest
That’s not necessarily accessible to disabled people who have to use screen readers though. ~Cherri
Yeah, it’s 2023, just take a video of your screen and upload that like the kids all do now.
And then play that video on your screen, take a video of that screen with your phone while shaking the phone around and mumbling over the audio, and upload that phone video to TikTok.
I did share it. It’s in the comments.
Yeah that’s not gonna happen
Accessibility should be enhanced to read text from image. Enduser shouldn’t care about how he should share an information. How hard is it to read a font from a text?
It’s called a single-point of failure in Engineering.
Funny enough it wasn’t even a technical one but a contractual one.
Maybe there is some kind of lesson here on the risk of delegating critical structural elements to 3rd parties that rent rather than own that which they’re selling …
Unfortunately that has always been the nature of TLDs
It’s called a single-point of failure in Engineering.
For that instance, yes. For the whole of Lemmy, no. Everything else keeps on chugging along.
Indeed.
Imagine if this had happenned to a centralized system like Reddit…
A centralized system wouldn’t have this problem since the only reason they can’t just use another domain name is because of refederation. A great example of this happening is piracy websites, which notoriously get shutdown only to pop up five minutes later with a new domain.
This is actually a critical flaw IMO in federated applications as a whole. Not being able to change domain names makes your entire platform (as an instance runner) tightly coupled to the initial decision you make when first setting up the instance.
I think its called “redundancy L”
Visited lemmy.ml : it is on.
When was it down ?I just visited lemmy.ml as well and still up, however cannot get to lemmy.fmhy.ml in any app or browser.
Yeah. Lol all the people celebrating the demise of that nasty commie site. Also the admins created lemmy.
It was quite hard to find any information on this, so I will post what I found.
https://domainincite.com/tag/freenom
https://tech.slashdot.org/story/23/05/26/2121222/phishing-domains-tanked-after-meta-sued-freenom
That second link is less relevant but interesting.
Why is Meta suing Freenom?
The lawsuit points to a 2021 study (PDF) on the abuse of domains conducted by Interisle Consulting Group, which discovered that those ccTLDs operated by Freenom made up five of the Top Ten TLDs most abused by phishers.
Oof. Also what a bizarre landscape where this comes out in 2021 and the only action on it is a private corporation personally suing them over a year later. Where’s ENISA and EC3?
There is also the recent news about how millions of US Military emails (.mil) were sent to Malia instead (.ml).
Yikes…
Why is Meta suing Freenom?
Freenom gives away domains, many of which are used by phishers and other bad actors. Meta is suing them for not being responsive to their complaints about this. And I guess the injury inflicted on their users by phishers.
Wait, is it actually Feeenom’s fault? Isn’t it from whatever the server the malicious actions comes from?
For example I use one of their domains along with a Digital Ocean droplet, and I used it briefly to increase my seeding ratio by portforwarding my Qbittorrent port, after several months I got a letter from DO (which is amusing because my country couldn’t care less about torrenting lol) which I think is correct, I don’t think this is Feeenom’s fault.
I’m assuming they’ve run afoul of something similar to the DMCA safe harbor provisions. Basically under the DMCA a hosting provider isn’t responsible for violations due to user submitted content as long as they’re responsive to notifications and remove the content quickly when notified.
Now that applies to copyright not domain names, but I’m assuming there’s some kind of similar law at play. Meta has said that Freenom has been ignoring complaints about domains registered with them that are being used for phishing attacks. It could also be a DMCA issue because I think it does have some anti-domainsquating provisions in it that prevent you from E.G. registering say cocacola.ml as you aren’t the holder of that trademark.
In theory depending on where Freenom is run out of they might be able to just ignore the lawsuit, but it’s probable that doing so will get them blocked by various ISPs and organizations.
Thanks for the explanation I think being Freenom a “free” entity they could care less about complaints, but let’s see hot this evolves then.
Registrars not only have rights, but also responsibilities. They physically own the domain names and bear responsibility to ensure their domain names follow international rules.
Which is good because phishing sites suck especially when they start hitting high up on google searches
Yes.
deleted by creator
FYI I have made a tool that can backup / copy your account settings, subscriptions, and blocks to a new account: https://github.com/CMahaff/lasim
There are others out there as well if you look.
Obviously the loss of .ml communities would still be catastrophic to Lemmy, but at least your new account won’t start from ground-zero, and you can be less effected by downtime by having 2 accounts with the same subscriptions.
Yeah this sucks for my small but growing community. Ive created an alternative instance elsewhere (on .world) but hopefully .ml doesnt go down forever.
So should I just go ahead and make an account somewhere else? Made mine like a month ago and just picked ml at random
Doesn’t hurt! You can always make another account.
Alright went with .one - anything i don’t know about this instance? Run by KKK or anything? Lol
I’ve never heard anything but I’ve never looked too hard either!
The domain bs is a interesting case of scummy practices in general, .tv was missused in a similar way with awful contracts, essentially scamming a already increadably poor country!
Didn’t Tuvalu massively benefit from being assigned a TLD that is popular? I read they were able to build an airport with .tv money
Yea, they managed to get it back at some point but it was under external control with close to no benefit for them for a long time!
There is also
.iofor the Indian Ocean territories. They seem to be fine with it. It is interesting they have problem with it. I wonder what the actual motivation is, because it can’t be due to a lack of viable domain for businesses.The US and UK build a military base and established it with that ages ago so I am not surprised the current population is fine with it but they expelled the original population to do so! :/
Goddamn, looks like im switching registrars soon. Thanks for the link.
I can understand why refederation needs to be done manually, but I’m confused as to why transferring users and histories is a maybe. Web and database hosting are mutually exclusive from domain hosting/registration.
With ActivityPub all of the primary ids contain the domain of the hosting server. So if you lose your domain none of the other instances know that you’re the authority on those communities, posts, comments or users. So essentially federation breaks with all of the old data.
That seems really dumb given the technical aspects as well as the purpose of domains.
Just like email right?
Same issue is why mastodon needs your origin server to be online to migrate to a new server. In both cases, federating a public key for the server or accounts would allow either to pop up at a new domain and prove it has the authority to migrate links to the new location.
Why was .ml selected to begin with?
.ml stands for Marxist/Leninist apparently. Communists try not to let idealism get in the way of practicality challenge(impossible)
To be fair this is a pretty crazy black swan event they couldn’t have possibly seen coming. But yeah, this is why novelty domain suffixes are novelties.
It was totally possible to see coming. The .ml domain deal and its expiration was known far in advance and I’ve been seeing posts about it for months.
This is 100% incompetence on whoever set up the site.
Lemmy was started in 2019. And before the Reddit meltdown, it was more a bunch of very nerdy friends for whom a server going down was Tuesday.
Interesting … I always wondered why the
.ml. In my trade ML is mostly used to mean “machine learning”, aka AI, but it didn’t seem fitting here.No that’s not true… .ml is the TLD for Mali and lemmy.ml selected it because it was free… This claim you’re making is like people claiming AC/DC stands for anti-christ devil-child. No, it’s electrical currents, hence the lightning bolt…
With that said, they did censor anti-china rhetoric, had many pro-china trolls/brainwashed users, and started censoring words, including “bitch.” So I’m not defending the instance. But this claim about what .ml means is just blatantly false! It’s a country’s TLD!
Free
Considering the cost to host servers and develop both the backend and the Jerboa app, I dont think $10 a year on a .org would have ended the project?
Always thought it’s a play on machine learning, but I’m most probably wrong.
Many people said it was because “Marxist Leninist”
Personally I think more people should be aware of the evil company that is Freenom. (Not saying Meta is not evil.)
Or at least the people that unwittingly transact with them and give them attention / money.
What did they do?
Overall a sketchy company. The most nefarious of their practices is seizing the “free” domains they give away when it becomes popular.
you say we should be ware, yet you provide no information.
thanks for nothing
could have looked around this post or googled instead of being rude and being a lazy fuck
