I've seen a lot about porkbun lately and they somehow seem to be the de facto option among HN folks.
Currently I am thinking of focusing on AWS route 53 domains under the assumption that there is always a non-zero chance of needing something else on AWS so it reduces the number of accounts/IAM (either 1 or 0 versus guaranteed 1). Anyone have their favorite reasons to go with porkbun instead?
I'm in the process of moving my domains to Porkbun. Of course, I was leaning on the included mail forwards that Google provided, so that part has been fun.
Trying to remember why I registered with Google in the first place... I guess it was only that they had the .dev? Nothing really else there. Mail fwds over at porkbun no problem
.app Support too! Made the switch already, fast and cheaper than what I was paying at Google. Can't really complain about that but I wonder what delays they ran into if they were hoping for a July release.
I've never quite understood this idea that Cloudflare is an MITM. An MITM is by definition a covert intermediary. Cloudflare is a service provider that's deliberately employed by a site operator. If CF is a MITM then so is AWS, GCP, and every other CDN service provider.
I guess MITM has a specific (adversarial) definition and I've bastardized it. The only cloud load balancers that I use are layer 4, so they're not unwrapping HTTPS for me, but your point is taken.
I've never thought that it had to be covert or even nefarious to be a MITM. It's a man-in-the-middle if it's sitting between two endpoints talking to each other and intercepting the data stream.
For instance, I proxy all of my web traffic in order to be able to filter my HTTPS streams. It's neither covert nor nefarious, but is still a man-in-the-middle. It's just not a man-in-the-middle attack.
That link is what are normally called vanity nameservers. That allows "branding" them so that "dig NS foo.com" says ns1.foo.com and ns2.foo.com instead of pinky.ns.cloudflare.com and brain.ns.cloudflare.com. But CloudFlare is still the provider.
What you cannot do is set your domain's nameservers to some other other provider, e.g. Route53. There's just no option to tell the registry you want to use non-CloudFlare backed values (outside of "call us" enterprise plans).
This is particularly nefarious when combined with buying a new domain. New domains can't be transferred to another registrar for 60 days, so if you need a DNS feature or config CloudFlare can't provide on a domain you just bought, you're just totally stuck for 2 months.
I was similarly confused, I recall seeing this in the UI -- looking again, it seems I need to upgrade to the business plan.
That's disheartening. Pay more for us to do less.
The document you've provided extends my confusion.
Both the 'Primary (Full setup)' and 'Secondary DNS' pages it calls out... seem to indicate that CloudFlare has to stay in the mix. Either the authoritative nameserver (defeating the point), or as a child receiving transfers.
This feels deliberately obtuse.
Edit: The peer comment from V99 helped me understand. This is their vanity solution - still CF. Reportedly cannot place the SOA elsewhere
I hope a CF person sees this: i am on a corporate network and I can't login to my CF portal to manage domains because I am on firefox. Tracking protection and adblocking is disabled. It worked, now it doesn't because it is stuck on "are you a human captcha". It doesn't even attempt to present me with a captcha challenge, just a checkbox that refreshes the page!
As far as I can tell you are conspiring google to enable each other's monopolies. Please fix this! You shouldn't have supported firefox to begin with when I signed up.
If anyone thinks this can be a legitimate FTC complaint I will be glad to document evidence and file it. I have never tried before.
The largest content gate keeper and the largest searchengine/browser maker are conspiring to force users into using a specific client that advantages them both in order to engage in ecommerce and communication. This is like if at&t and apple conspired to ban phone calling/internet by android users or if shell gas stations refused to service a specific brand of cars.
Ditto, reading this I was confused. Long time CF and Firefox user... no issue accessing their UI
Though, the Ansible module for their API is pretty good. I'd recommend it for anyone already in the ecosystem
I only really use the UI in cases like this - transferring domains over. So infrequent that I'm not really bothered to consider automating -- that may be possible
Don't know about your situation, but the only time I'm reminded Cloudflare exists is also when they throw me into a captcha loop that I can't get out of. In fact since yesterday gitlab.com has been blocking me with a Cloudflare captcha that's just stuck in a loop of making me click a "Verify you're a human" checkbox. I click it, it spins for a bit, then shows the same checkbox again. :D (Glad I don't use gitlab for anything serious.)
https://www.cloudflare.com/tld-policies/