How do you prevent other users from using my domain name in DNS Manager?
How long can I assign a domain name to my Linode, and how can I check that the DNS propagation is finished?
When I create a domain name in DNS Manager and add A/AAAA records that point to my Linode's IP address, there is not a step to verify the ownership of the domain. If someone else also uses my domain name to add a domain zone in their account, how do you resolve this problem?
5 Replies
These are some excellent questions! I'll address each one individually below.
How long can I assign a domain name to my Linode?
Provided that the DNS zone for your domain remains active on your account and you're utilizing Linode's name servers for your domain, you can always create DNS records that point to any of your Linodes from within our DNS Manager. These records will stick around for as long as you keep them, but if your Linode's IP address changes, or if you want to point your domain to a new Linode, you'll want to update the corresponding DNS record(s). Keep in mind that in order to use our DNS Manager, you must always have at least one active Linode service on your account.
how can I check that the DNS propagation is finished?
DNS changes can sometimes take up to 72 hours to propagate throughout various DNS servers around the world, although it usually takes much less time than that. Apart from using tools like dig or nslookup, you can also use websites like DNSChecker.org to see if your DNS records have propagated.
When I create a domain name in DNS Manager and add A/AAAA records that point to my Linode's IP address, there is not a step to verify the ownership of the domain. If someone else also uses my domain name to add a domain zone in their account, how do you resolve this problem?
In the event that someone else adds a DNS zone for your domain to their DNS Manager, you'll receive an error message explaining that the DNS zone already exists when attempting to create the DNS zone on your account. If you own the domain, you'll want to open a Support ticket letting us know, and you'll also want to include the name of the domain that you're trying to add. This will allow us to begin a domain dispute process where we will reach out to both accounts involved. We'll typically ask the complainant to add a unique string to an arbitrary field in the domain's WHOIS information. This allows us to verify ownership of the domain at the registrar level. Once we've verified that you own the domain through the process above, we will take steps to add the domain to your DNS Manager.
Ok, Thank you for your quick reply and I am clear now.
And I have another question, in case that my website has too many user accesses and gets slow down, what are possible solutions to deal with?
I know I can update to a stronger machine but is there any other solution?
You can limit access in both your web server and firewall:
FIREWALL
iptables -A INPUT -p tcp -m tcp --dport 80 -m limit --limit 25/min --limit-burst 100 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -m limit --limit 25/min --limit-burst 100 -j ACCEPT
These two rules throttle inbound http (--dport 80) and https (--dport 443) traffic. They both put a limit of 25 packets/min and a burst limit of 100 packets.
Note that the use of the word packets here is intentional. A packet and a request are not the same. An http/s request can span multiple packets.
You can find an explanation of how --limit and --limit-burst work here:
https://superuser.com/questions/1007843/limit-and-limit-burst-in-iptables
The rules would be configured the same way for IPv6…use ip6tables instead of iptables. Sorry…I don't know how to do this in any of this in ufw or any of the other "easy-to-use" firewall configuration front-ends…
WEB SEVER
You can set this up on apache (per Location) using mod_ratelimit:
https://httpd.apache.org/docs/2.4/mod/mod_ratelimit.html
I have read that ngnix does some amount of rate-limiting internally but I don't know any of the details.
-- sw
To prevent other users from using your domain name in DNS Manager, you can set up domain name registration lock or transfer lock. This helps protect your domain from unauthorized changes. If you're looking to move WordPress site to new domain, make sure to update the DNS records accordingly after the transfer.
When you assign a domain name to your Linode, it typically takes up to 48 hours for DNS propagation to complete globally. During this time, different DNS servers around the world update their records to point to your Linode's IP address.
To check if DNS propagation is finished, you can use online tools like "DNS propagation checker." These tools show you the status of your DNS records across various DNS servers.
Regarding domain ownership verification in DNS Manager, the hierarchical domain name system ensures that each domain name is unique and owned by the correct entity. If someone else tries to add your domain zone in their account, conflicts can arise. Resolving this problem usually involves verifying ownership through domain registrars or domain management tools provided by your DNS service provider. This process ensures proper management and security within the hierarchical domain name system.