Comment on PSA: GoDaddy gated their own API. DDNS users warned
timewarp@lemmy.world 2 months ago
This is what NameCheap does too. It’s freaking stupid. Domain registrations should not be managed by corporations.
I’m saying this for years, but a) it’s quite late (seems like a 1990s issue) and b) OpenNIC is a bit of a joke atm (but support it anyways)
ICANN never should’ve been a creature of US-NTIA, but of the UN. The US has no right to decide for the digital world how everyone communiticates. No one really should (apart from about stuff like CSAM).
Damn. I always though they were one of the good ones.
I still think they are but maybe my needs are simple. It was definitely better when I switched over during one of the migrations.
They’ve been my go-to rec for like 6 years 😢
Their support is top tier, which is important when it’s important. But this complicates things. I’ll have to take a close look at the competition these days.
loudwhisper@infosec.pub 2 months ago
WOW! I did not know that. I just checked and after a little search:
$50 in last 2 years is not much, but for those who renew for many years, it is still stupid.
Ironically, Namecheap is what the people in github.com/navilg/godaddy-ddns/issues/32 migrated to!
I really wish that domain registration was done in a different way, but even in current scenario, gutting features for such a basic service to extract a few bucks and risking losing customers…?
lemmyvore@feddit.nl 2 months ago
These are ancient holdovers. Nowadays DNS hosting with API is a dime a dozen. You may have to pay for it occasionally but it’s not going to be even close to $20/mo.
loudwhisper@infosec.pub 2 months ago
$20/month for a service that anyway is low traffic (especially for hobbyists) is a completely insane price. Even more insane is that their cheapest subscription still doesn’t offer any API access. I agree anyway, but are these staying in business just because they have a consolidated market share? Do they have access to more TLDs? I don’t know, I am genuinely confused. I have absolutely no reason whatsoever to even think of using GoDaddy again.
lemmyvore@feddit.nl 2 months ago
I like the way Bunny.net does paid DNS, 20M monthly queries for $1 and $0.1/M after that. With an API included, ofc. Now that’s the kind of pricing I can get into as a self-hoster, not $20/mo.
GoDaddy advertises a lot, basically. So whenever a person who’s never owned a domain before searches for “get a new domain” they’re gonna get GoDaddy, NameCheap and (ironically) Google Domains as the top results. That’s pretty much all there is to it.
catloaf@lemm.ee 2 months ago
That can’t be right. I only had two domains (one now) and I’ve been using the API just fine. And basically any purchase will clear those dollar amounts.
loudwhisper@infosec.pub 2 months ago
I found it on their FAQ.
Yes, it is generally less restrictive, but… I have 4 domains, and now I have renewed all of them for the maximum amount. They will all expire after 2033. So unless I decide to add more domains (which is unlikely), I won’t spend a cent in the next ~9 years. I wonder if they really enforce it as it is written or they consider still the renewal an expense “split” over the duration.
Still, I really don’t understand. You can - and should - have proper rate limits on the API. You have API keys that uniquely identify the source, what is “the abuse” they are trying to prevent this way…?
hedgehog@ttrpg.network 2 months ago
Doesn’t their API also require you to allow-list IPs, making it basically useless for dynamic DNS?
From www.namecheap.com/support/api/intro/ under “Whitelisting IP.”
loudwhisper@infosec.pub 2 months ago
That’s a very interesting gotcha. They don’t seem to support address ranges either. Unless once you add the whitelist the requests still work from any address (their documentation is ambiguous). This is even more confusing.
catloaf@lemm.ee 2 months ago
Not sure. Personally I only use it for Let’s Encrypt DNS challenges.