Tagged “DNS”

DKIM Deep Dive

DKIM (DomainKeys Identified Mail) is another type of email deliverability record that helps recipient servers be confident that you authorized any given email. DKIM uses public-key-cryptography to mathematically sign important parts of your messages. This post is a deep dive into how it works and what it's good for.

SPF: Sunscreen for your Email

Sender Policy Framework (SPF) is a type of email deliverability record that helps servers that receive email verify that the sender is allowed to send. It's been around for a few years and has been taken up by every large email provider. This post is a deep dive into how it works and what it's good for.

Email: The Good Parts

Everybody knows what email is. You click "Compose", fill in the recipient's email address, write your message, maybe give it a pithy subject, and hit "Send". Some time later your recipient opens their email and reads your message. Simple, right?

There are an awful lot of interesting things happening between "Send" and "Some time later". This post is an overview of what happens when you hit "send", and how your message makes its way to your recipient.

Your DNS Provider Should Not Be Your Registrar

Note: This article references events that happened in December 2014.

Hopefully, by time you're reading this DNSimple will have recovered from their DDoS-powered outage. Today has probably been a terrible day for everybody over there and I'm sure they're ready for a break. While you can't do much to directly defend against DDoS attacks, you can insure yourself against DNS outages.

If you're a DNSimple customer right now or a NameCheap customer several times earlier this year, you know what happens when your DNS service goes out. Your website is inaccessible, emails are probably bouncing, and so are customers and their wallets. It's all around bad news.

The cheapest insurance you can buy is to host your nameservers and your registrar at different companies. That way, if your registrar gets attacked it's no big deal because they're not involved with your day-to-day name resolution, and if your nameservers are attacked you can easily change them. You can't do that if the web interface you need to use is down at the same time as your nameservers.

DNS: The Good Parts

Frequently I come across confusion with domain names. Why doesn't my website work? Why is this stupid thing broken, everything I try fails, I just want it to work!! Invariably the question asker either doesn't know what DNS is or doesn't understand how something fundamental works. More generally, people think that DNS is scary or complicated. This article is an attempt at quelling that fear. DNS is easy once you understand a few basic concepts.

How and why I'm not running my own DNS

A few months ago I posted about how I run my own DNS servers using my virtual private servers and tinydns. Well, it turns out that's not a great idea, for a few reasons. First, because if I mess up I'm entirely shut out of my servers. I tried to turn off a service on them the other day and accidentally turned of the tinydns service instead and it took me ages to get back in. Running DNS on the same machines that handle email and web hosting for almost every piece of my online presence is just way too fragile.

How I run my own DNS servers

For the longest time I used zoneedit as my DNS provider of choice. All of my important domains were hosted there, they never really did me wrong. A few months back I decided that I wanted to learn how DNS actually works in the real world, though. Like, what does it actually take to run my own DNS servers?