Gandi Bar - Internet - Comments

New extensions on the way! - Weblogs CO

Weblogs CO — Fri, 10 May 2013 01:00:24 -0400

This is a good step indeed but the trio of com/net/org will still remain the premium choice for generic needs. Although , i think these domains will negatively affect other ccTLD's.

New extensions on the way! - Wes

Wes — Sun, 28 Apr 2013 05:17:43 -0400

Ah, never mind. Found it...

New extensions on the way! - Wes

Wes — Wed, 24 Apr 2013 15:32:02 -0400

Where can I see my current position on the Gandi pre-booking? I think I could see it earlier somewhere and it showed me as #1 for one domain.

New extensions on the way! - Ryan (Gandi)

Ryan (Gandi) — Tue, 02 Apr 2013 08:56:52 -0400

Nicole, please be sure to contact our customer care department who will be able to help you with your question in a more one-to-one context. Thanks!

New extensions on the way! - Nicole

Nicole — Sun, 31 Mar 2013 04:26:40 -0400

Hello, I reserved some extensions a few days ago, but now as I reserve more, I don't see them listed. I only see the ones listed that I reserved during this login. What happened? Did I reserve or not?

New extensions on the way! - Callum

Callum — Sat, 30 Mar 2013 06:21:28 -0400

Very exciting! .app is definitely one to look forward to.

New extensions on the way! - Noc

Noc — Thu, 28 Mar 2013 13:36:05 -0400

Hi, its very exciting. I guess not all this extensions will survive only the most demanded ones am i right ?

Gandi helps to found the Internet Infrastructure Coalition - bloga

bloga — Fri, 05 Oct 2012 16:44:58 -0400

It wont be long until the festive season is upon us. You have provided me with much needed inspiration, thank you. Oh and while your at it please take a look at my blog http://www.vernonhgshistory.org/blo...

Mozilla Thunderbird uses Gandi! - juicy couture shop

juicy couture shop — Tue, 10 Jul 2012 22:07:26 -0400

Travel labels currently popular on the market a specialized used to decorate the trunk; very popular with consumers; particularly attracted the attention of many young people. On the one hand as each checked baggage; whether it is air or sailing; will leave a belong to the label of the trip; a result, some young people to buy these in different colors to distinguish the destination of labels; attached to the backpack; decoration; another aspect can temporarily satisfy their own desire to travel more countries and regions.

Mozilla Thunderbird uses Gandi! - Pothi Kalimuthu

Pothi Kalimuthu — Thu, 07 Jun 2012 22:53:59 -0400

Excellent partnership. Nice to see Gandi.net in Thunderbird.

DNSSEC at Gandi (UPDATED) - Thomas (Gandi)

Thomas (Gandi) — Tue, 15 May 2012 18:27:00 -0400

Some of you have been asking about securing .info domains with DNSSEC at gandi.net. The .info extension is compatible with DNSSEC (it can be signed), but we have not implemented the interface to support it yet.

DNSSEC at Gandi (UPDATED) - Nicolas (Gandi)

Nicolas (Gandi) — Mon, 30 Apr 2012 04:07:53 -0400

Gian: it's already available on .com

DNSSEC at Gandi (UPDATED) - Gian

Gian — Sun, 29 Apr 2012 11:28:58 -0400

What about .com domains? When DNSSEC will be available for those domains?

Thanks

DNSSEC at Gandi (UPDATED) - Thomas (Gandi)

Thomas (Gandi) — Mon, 23 Apr 2012 10:22:28 -0400

Hi Walter,
It's all about maintaining a trust chain from the authoritative servers. You don't need to get a cert from a CA, just get the public key(s) of the zones you want to use as trust anchors. You can then generate and sign your keys using bind.
Here's a tutorial you can check out:
http://www.nlnetlabs.nl/publication...
Enjoy!

DNSSEC at Gandi (UPDATED) - Jonas B.

Jonas B. — Fri, 20 Apr 2012 14:59:44 -0400

Worked like a charm! Thanks!

DNSSEC at Gandi (UPDATED) - Walter

Walter — Fri, 20 Apr 2012 01:41:32 -0400

Does this require Verisign/Thawte or is self-signed OK? And if OK, would it cause any problems?

DNSSEC at Gandi (UPDATED) - Alex Dupuy

Alex Dupuy — Mon, 16 Apr 2012 13:04:55 -0400

This is great - between this and IPv6 support, I will be transferring my .us registration to you. My current registrar (dyn.com) provides IPv6 but not DNSSEC support for .us (at a very slightly higher price) and I was looking at some of the cheaper services (namecheap.com, name.com) but I have only one domain, I'd rather get better support for what I am already paying than save a few $$$. BTW, found your service through comments on the xkcd blag - better than advertising, but you should buy a t-shirt from Randall for the business you'll be getting that way.

On the Management and Coherence - of the Internet - Thomas

Thomas — Thu, 12 Apr 2012 04:23:25 -0400

The location of one of our data centers in the US does of course make that data center subject to US law, and yes, sure, that is a concern. I'd also point out that even if you locate your server overseas (you have that choice at Gandi), it's unlikely that the French or any other government would actually prevent US authorities from seizing the data and/or server if they really want it.
Your domain name is protected by another legal framework at the registries, and we do host the domains entirely in France, so that is subject to another process. Still, it's not impossible for authorities to shut you down, and increasingly the registries appear to be co-operating and not insisting on due process.
At Gandi we will do our best to insist that your privacy os respected, and that the legal due process is followed to the letter. That's our commitment to ourselves and to our customers. We respect the law, and we will not see your rights trampled just for the convenience of a prosecutor or investigator on a fishing expedition. Not if we can help it.
That being said, the laws are being changed as we write this. The key is for you, and all Internet users, to find your voice and speak out against the current trend towards stripping away due process and privacy laws, often in the name of stopping piracy. Write to your representatives, call their offices, contribute to organizations like the EFF (http://eff.org) that fight the legal battles to protect your rights. That's the only way to really ensure that privacy is respected.

On the Management and Coherence - of the Internet - WebUser

WebUser — Tue, 10 Apr 2012 13:53:21 -0400

So if Gandi is concerned about this, doesn't it concern you that one of your two datacenters are in the US, and even more so that one is in Maryland/DC/VA I think. So they can not only seize the domain controls, but even seize your servers, tap them, or whatever they desire, and rest assured the carriers will all comply..

DNSSEC at Gandi (UPDATED) - Romuald

Romuald — Tue, 20 Mar 2012 05:42:18 -0400

@Kyhwana
You'll be able to push the DNSKEY record using the control panel (as we compute the DS record on our side).
The API isn't live yet, but it should be quite soon (since our website use it :p)

Concerning the transfer, we don't import DS records automatically yet. Send a mail to support asking to import records (after the transfer is finalized), then you should be able to delete it from your control panel.

DNSSEC at Gandi (UPDATED) - Kyhwana

Kyhwana — Mon, 19 Mar 2012 18:03:07 -0400

Hmm, is .org available yet? Am I able to push new DS keys for .org using your API/control panel?

I shifted to name.com because you guys kept dragging your feet on DNSSEC, only to discover that name.com can't delete DS keys. -.-

If I shift my .org domain back, will you be able to delete that DS and let me reupload a new one?

Also, the .nz root domain is signed, just not any of the 2nd level domains under it, will you support .nz when those get signed?

DNSSEC at Gandi (UPDATED) - jordan shoes

jordan shoes — Sun, 18 Mar 2012 07:12:11 -0400

dragging feet I started to move domains away. But after the first one went away you enabled DNSKEY options.

DNSSEC at Gandi (UPDATED) - DickVisser

DickVisser — Sat, 17 Mar 2012 14:33:13 -0400

After 2 years of dragging feet I started to move domains away. But after the first one went away you enabled DNSKEY options.
So you guys just saved yourselves a customer!

DNSSEC at Gandi (UPDATED) - Nicolas (Gandi)

Nicolas (Gandi) — Sat, 10 Mar 2012 17:42:00 -0400

Dubya:we will have a look at it...it's just a question of test and adaptation of our system. If the DNSSEC implementation at the registry is quite standard, it's easy to add.

DNSSEC at Gandi (UPDATED) - Dubya

Dubya — Sat, 10 Mar 2012 10:35:26 -0400

.li and .in also supports DNSSEC (according to https://en.wikipedia.org/wiki/List_...). Why don't you offer DNSSEC on these?

DNSSEC at Gandi (UPDATED) - rudivd

rudivd — Fri, 09 Mar 2012 13:59:56 -0400

Wow, this is the best thing since the invention of the wheel I would imagine !
Thanks all of you at Gandi, you guys Rock !
Go set it up asap !

Rudi

DNSSEC at Gandi (UPDATED) - Somebody

Somebody — Fri, 09 Mar 2012 10:36:52 -0400

Thanks for implementing this.

DNSSEC at Gandi (UPDATED) - Nicolas (Gandi)

Nicolas (Gandi) — Thu, 08 Mar 2012 05:27:55 -0400

Rebeca: no news about .PE and DNSSEC, I will contact the registry about it
Evaryont: it won't be included in our next reelease for sure, we target it for the following (end of march/beg of April)
Treyka: Thxs, I made a request to ICANN about it

DNSSEC at Gandi (UPDATED) - treyka

treyka — Thu, 08 Mar 2012 01:31:38 -0400

Yes! Thanks for implementing this! Took a while but good job, y'all!

Now you guys should see about getting the ICANN list updated: http://www.icann.org/en/news/in-foc...

DNSSEC at Gandi (UPDATED) - Evaryont

Evaryont — Thu, 08 Mar 2012 00:24:29 -0400

Is there a time table available when the .at and .me domains will have DNSSEC available?

Thanks for this!

DNSSEC at Gandi (UPDATED) - Rebeca

Rebeca — Wed, 07 Mar 2012 15:08:15 -0400

Do you know when the .pe domain will be compatible with DNSSEC?

DNSSEC at Gandi (UPDATED) - Lennie

Lennie — Wed, 07 Mar 2012 04:54:13 -0400

Cool thanks

DNSSEC at Gandi (UPDATED) - Thomas

Thomas — Tue, 06 Mar 2012 21:09:42 -0400

Lennie,
Yes, we will be putting the DNSSEC functions we now have in the GUI under the API. That's a fairly easy thing to do, so we hope to roll it out soon.

DNSSEC at Gandi (UPDATED) - Lennie

Lennie — Tue, 06 Mar 2012 20:58:55 -0400

@Michael Moore Would you answer my question too ?:

Will you be adding the ability to update the trust-anchors through the Gandi XML-RPC API also so it can be automated ?

That should be a lot less work to add I would think.

DNSSEC at Gandi (UPDATED) - Michael Moore (Gandi)

Michael Moore (Gandi) — Tue, 06 Mar 2012 20:48:09 -0400

Yes, it is only allowed for external nameservers and not yet for Gandi's nameservers yet. We are working on making it available on Gandi's nameservers, but that is a significant undertaking, considering the amount of domains registered with us and the large majority of them using our nameservers.

DNSSEC at Gandi (UPDATED) - Lennie

Lennie — Mon, 05 Mar 2012 20:27:24 -0400

@plc I don't know if you understand English, but I think that means that your domains are using Gandi nameservers. You can currently only use DNSSEC with your "own" nameservers. It was also mentioned in the article.

DNSSEC at Gandi (UPDATED) - plc

plc — Mon, 05 Mar 2012 04:23:53 -0400

Sur mon tableau de bord, sur mon .com DNSSEC est grisé et il y a marqué en popup "L''utilisation de DNSSEC est actuellement impossible sur les DNS de Gandi"

Idem sur mes .fr, .biz, .net...

DNSSEC at Gandi (UPDATED) - Lennie

Lennie — Sun, 04 Mar 2012 15:47:12 -0400

Thank you for that, very cool.

Will you be adding the ability to update the trust-anchors through the Gandi XML-RPC API also so it can be automated ?

DNSSEC at Gandi (UPDATED) - Romuald

Romuald — Sun, 04 Mar 2012 05:48:06 -0400

@Stéphane
We've passed the .org registry certification last friday, so it should be available this week on your control panel.

DNSSEC at Gandi (UPDATED) - Stéphane Graber

Stéphane Graber — Sat, 03 Mar 2012 21:45:21 -0400

Thanks for finally implementing this!

Now I guess I just need to wait for .org to appear on the list (mine is currently signed and published in the DLV as a workaround ...).

The United States Congress is Set to Enable Internet Censorship Tools - Stan

Stan — Sun, 29 Jan 2012 14:25:28 -0400

Does Gandi provide financial support to OccupyOakland?

The Evolution of Domain Names - Thomas

Thomas — Fri, 27 Jan 2012 12:26:22 -0400

Good question. As with any new technology, there will be a period of adoption. Early adopters with high risk tolerances will go first, other more squeamish (or less well funded) types will follow. While it's new it will be novel, so that will get them some press.
If you want my opinion, it's not going to make much difference to existing domains/brands. There will be an effect, of course, but I think it will be more like the shiny new thing effect: good to draw attention to a domain name that represents something new, but not really more or less valuable than the old .com that all your customers remember and can type blindfolded. It's also true that the advent of search engines has changed the landscape to favor older domains (age of domain is a factor in SEO), and sites that are engineered to be easily found in a search. Bottom line is: Domain names matter if they are established and easy to remember. To me melbourne.com is as memorable as foo.melbourne...

The Evolution of Domain Names - Michael Searles

Michael Searles — Wed, 25 Jan 2012 03:01:22 -0400

Thanks for the article.

One question -- to what extent do you think the dollar value of a registered brand.com domain (eg. Melbourne.com) will be affected by the registration of the corresponding .brand domain (eg. .Melbourne)? Will domain name resellers have reason to feel nervous that the value of their portfolios stand to be reduced one domain at a time?

Update on the new gTLDs - Josh

Josh — Mon, 03 Oct 2011 20:55:49 -0400

Does any means exist for entities with interest in a particular name to explicitly prevent the registration of certain names as gTLDs, without actually having to register those gTLDs themselves?

TheRegister.co.uk comments on gandi's removal of SSL certificate for googlesharing.net - Stephan

Stephan — Thu, 08 Apr 2010 12:28:50 +0200

John / Nikita : please read my comment on the last post, thanks (http://www.gandibar.net/post/2010/0...)

TheRegister.co.uk comments on gandi's removal of SSL certificate for googlesharing.net - John Kramer

John Kramer — Wed, 07 Apr 2010 21:06:11 +0200

Joe, can you please stop being vague about your status as a CA and give us specifics? What do you mean by "technology platform?" To be specific:

1) Does Comodo have a copy of the private key that you use to sign certificates?
2) Does Comodo manage, run, or have access to the OCSP server that is used to revoke certificates?
3) Does Comodo manage, run, or have access to the CRL that is used to revoke certificates?

From what I can tell, Comodo has by far the worst security record of any CA in the business. Monopoly or not, if you're putting customer data in their hands, you're putting your customers at risk (as we've seen with this revocation).

TheRegister.co.uk comments on gandi's removal of SSL certificate for googlesharing.net - Joe (Gandi)

Joe (Gandi) — Wed, 07 Apr 2010 18:09:06 +0200

@John - Comodo provides the technology platform but we are the CA for our standard and pro certificates. They provide additional validation for the Business SSL product. All this info is on our SSL page https://www.gandi.net/ssl We use Comodo because they are still an independent player and have good products. Most of the other SSL providers are owned by Verisign, and without additional players it would be a near monopoly market. Gandi tends to shy away from monopoly situations. And no register.com doesn't do our domain registration we've been an independent registrar for over 10 years.

@Nikita - the story does keep changing, and that's because the real facts are slowly being dug out. The support team responded to Moxie saying the cert was revoked because of 'whois, google trademarks and general fraud'. When the CEO asked why the cert was revoked, he was told the same thing and communicated it. Only as we've picked apart the details have we discovered that the 'google' bit was added by our support and not part of the reasons given by Comodo for revoking the cert. All of this did not happen simultaneously and as I've said before there have been several parties involved and many many people. So only now do we have the full story, which I will be writing up shortly. We have certainly contributed to making it more confusing and the 'google' storyline is part of that. Thanks for bearing with us.

Joe

TheRegister.co.uk comments on gandi's removal of SSL certificate for googlesharing.net - Nikita

Nikita — Wed, 07 Apr 2010 16:39:51 +0200

@Joe your story keeps changing. The CEO of your company claiming that the certificate was revoked because of trademark violations is very different from the public statement you made that some over zealous support staff got confused. And both of these facts are light years away from what you're now telling us. If you keep lying to us, how can we believe what is going to be in the "report" you're going to issue from Comodo.

And wow, Comodo of all people?

TheRegister.co.uk comments on gandi's removal of SSL certificate for googlesharing.net - John Kramer

John Kramer — Wed, 07 Apr 2010 16:10:12 +0200

Joe, are you saying that gandi.net does not even run the CA that it advertises? And that it is actually run by Comodo, the CA who easily has the worst reputation in the business? How is it possible for you to advertise "no bullshit" when you're just reselling everything to Comodo, the biggest bullshit player of all?

What else? Do you just have register.com handle all your registrar activity too?

TheRegister.co.uk comments on gandi's removal of SSL certificate for googlesharing.net - Joe (Gandi)

Joe (Gandi) — Wed, 07 Apr 2010 13:51:29 +0200

@John, @Nikita - yes Stephan did say that it was related to google, because this was the information he had at the time, which turned out to be incorrect. The certificate was pulled by Comodo (who provide their technology to us as a partner), citing whois and fraud as the reason. The google confusion was introduced by our team and it was a mistake and speculative. We had and have not heard from google.

We're gradually unpicking this story which is complicated because it involves several parties (us, Comodo, Moxie) and Moxie is deliberately providing false information, which doesn't make it easy.

For those worried about their certificates, there is a big difference between incorrect information, and deliberately falsified information. The issue here was falsified information, e.g. fake company names, non-existent addresses, attempts to register using different company names at different times, none of which were real, etc.

The fraud accusation is based on attempting to secure a certificate based on falsified documentation.

If you're a normal customer who isn't playing games with the whois records or company records you have nothing to fear.

We have introduced our own inaccuracies during this period (e.g. the goolge bits), but we continue to stand by the decision to revoke a certificate that was based on deliberately falsified information. We also acknowledge we could have handled it better, and apologise for the confusion this has caused.

We are continuing to investigate with Comodo and will provide a full summary once we have the final facts and proofs. Thanks all,

Joe