Conversation

Notices

1. Embed this notice
   Chester Wisniewski (chetwisniewski@securitycafe.ca)'s status on Wednesday, 01-Jan-2025 06:38:07 JST Chester Wisniewski

   I like my .ca domain names, but the provisioning is soooo slow. Every time I create a new domain, I want to USE it. The delegation seems to take hours to propagate sometimes, where a .com in 2024 seems almost instantaneous.

   • Embed this notice
     Tim W (admin (and human)) (tim@union.place)'s status on Wednesday, 01-Jan-2025 06:38:04 JST Tim W (admin (and human))

     in reply to

     @chetwisniewski because .com is effectively instantaneous. And there's absolutely no reason in 2024 for .ca to be any slower. 😟

   • Embed this notice
     Chester Wisniewski (chetwisniewski@securitycafe.ca)'s status on Wednesday, 01-Jan-2025 06:44:22 JST Chester Wisniewski

     in reply to

     • Tim W (admin (and human))

     @tim Some sort of odd timer, might be an issue with Hurricane Electric. Exactly 60 minutes after purchase it recognized the delegation.

   • Embed this notice
     Tim W (admin (and human)) (tim@union.place)'s status on Wednesday, 01-Jan-2025 06:44:22 JST Tim W (admin (and human))

     in reply to

     @chetwisniewski to be clear I entirely believe that the .ca registry may be doing something stupid, I'm just saying there's definitely no reason they HAVE to do that stupid thing and I agree that they shouldn't. 😀

   • Embed this notice
     Chester Wisniewski (chetwisniewski@securitycafe.ca)'s status on Wednesday, 01-Jan-2025 06:52:15 JST Chester Wisniewski

     in reply to

     • Tim W (admin (and human))

     @tim Strange thing was a local whois from my server showed the delegation, but Hurricane Electric's DNS service did not. It is possible HE checked as soon as I added the domain (race condition) and won't check for another 60 mins as a rate limiter?

   • Embed this notice
     Tim W (admin (and human)) (tim@union.place)'s status on Wednesday, 01-Jan-2025 06:52:15 JST Tim W (admin (and human))

     in reply to

     @chetwisniewski the thing that matters for things like LetsEncrypt is going to be DNS, not WHOIS. WHOIS is basically entirely advisory / for human consumption (especially these days with ubiquitous domain privacy).

   • Embed this notice
     Tim W (admin (and human)) (tim@union.place)'s status on Wednesday, 01-Jan-2025 06:55:47 JST Tim W (admin (and human))

     in reply to

     @chetwisniewski yeah, I'm saying they're probably looking at the TLD's DNS, not the WHOIS, to confirm/find that delegation.

     Also, who still bothers to do delegation checks before allowing you to set up a zone? Unless they're mixing their internal authoritative and recursive there's ~no reason for HE to be doing that. Weird choice they're making.

   • Embed this notice
     Chester Wisniewski (chetwisniewski@securitycafe.ca)'s status on Wednesday, 01-Jan-2025 06:55:48 JST Chester Wisniewski

     in reply to

     • Tim W (admin (and human))

     @tim Right, but for me to set up DNS on HE's servers it needs to see the delegation.

   • Embed this notice
     Tim W (admin (and human)) (tim@union.place)'s status on Wednesday, 01-Jan-2025 06:56:48 JST Tim W (admin (and human))

     in reply to

     @chetwisniewski there's a million good reasons to allow zones to be set up without delegation and very few reasons not to, all of which can be relatively easily mitigated against.