[anderspitman]

This is awesome.

But I wish a service existed that made domain names easy enough to use that the average person could manage them. IMO you shouldn't have to learn DNS and TLS in order to securely use a domain name. If I want to sign up to have Fastmail host my email, why do I have to manually copy and paste a bunch of DNS records? Fastmail already knows exactly what records need to be set. I should be able to OAuth redirect over to my domain registrar and approve giving Fastmail control over a subdomain of my choosing, and Fastmail should be able to use a simple open protocol to update the records.

[matthewaveryusa]

The oauth flow you just mentioned exists, I just did it to confirm my domain in cloudflare with google workspace: google did an oauth flow and I got a cloudflare popup asking me to add a dns record for an hour. It was very cool.

[anderspitman]

This is news to me. Can you provide more details or point to some documentation of this feature?

[matthewaveryusa]

My friend, it took me a few hours to find it -- there's zero documentation on Cloudflare about cloudflare supporting it, but it's supported [1], but godaddy luckily is a lot more vocal about it [2], here's the spec:

https://www.domainconnect.org/

Don't you hate it when you have a good idea and someone already did it, but also love it because it's validation of your good idea?

[1] https://www.godaddy.com/engineering/2019/04/25/domain-connec...

[2] https://dash.cloudflare.com/domainconnect/v2/domainTemplates...

[anderspitman]

Wow, I'm still reading the spec but on the surface this appears to be almost exactly what I've been looking for for over a year[0] and somehow unable to find. I really appreciate you taking the time.

And yeah I hear what you're saying about ideas haha.

[0]: https://news.ycombinator.com/item?id=23761788

[ate53]

My problem with this spec is it requires Service Providers and DNS Providers to know about each other. It's essentially formalising the status quo of cookie cutter setups for big name providers.

[anderspitman]

Yeah, I read the website and the entire spec. I think it's pretty good, but it's built by big names for big names. There's nothing wrong with that, but I'm concerned it might not be appropriate for things like quickly pointing a simple A Record at a self-hosted open source service. Maybe I'm wrong. I'm having a good discussion with the spec developers here: https://github.com/Domain-Connect/spec/issues/64

[Lyrex]

In my personal experience I find that zone files work quite well as universal format for that. To pick up your Fastmail example: Fastmail could generate a matching zone file for your domain and let you download it. You could then upload it to any domain service provider that supports importing zone files.

It's obviously not as hassle-free than something like your oauth example, but it's using the infrastructure that is already there.

[63]

Incidentally, just an hour ago I was setting up a mail server on a Digital Ocean droplet, and had to manually copy and paste 20+ DNS entries because Digital Ocean doesn't support zone file upload (only download). So, the zone file seems like a good enough solution if only everyone would use it.

[wpietri]

That's a good idea, but it would require all the registrars agreeing on a few different protocols and people doing the hard work of implementing them reliably at many, many, many different participants. Since lots of those participants are competitors (e.g., many registrars provide hosting, email service, etc), I think it would be very hard to get enough momentum that places like, say, GoDaddy would feel obligated to participate.

[anderspitman]

It seems like a pretty useful feature one of the big boys could offer to differentiate themselves. Or I could see a new entrant in the domain seller space marketing this as a main feature.

[wpietri]

But it only works if it has significant compliance. If a new entrant offers the service, there's little reason for other places to implement it, because only a tiny percentage of their customers will be using it. And the big boys have a disincentive because they already offer things like email and web hosting. Making it easy for people to buy those services elsewhere will cut in to their revenue.

[anderspitman]

See @matthewaveryusa's comment above[0]. Looks like it already exists and is supported by GoDaddy, Google, CloudFlare, 1and1, and others. Still reading the spec but it looks pretty good.

[0]: https://news.ycombinator.com/item?id=29575264