This is still the header! Main site

DNS Updates


... why is it so hard to update DNS records automatically?

This is post no. 45 for Kev Quirk's #100DaysToOffload challenge. The point is to write many things, not to write good ones. Please adjust quality expectations accordingly :)

Domain names is probably the closest thing to something you can own on the internet.

Sure, technically, it's an entry in some database of... for ".com" domains, it's actually Verisign, but depending on the top level domain, it's various companies, nonprofits & governments. Also, you need to keep paying them to keep one... but regardless:

You can buy and sell them (... and they're sometimes do get sold for impressive prices, demonstrating how the buy-sell mechanism is not just a fake one)... also:

you can keep them indefinitely (... I guess if you piss off the US government in a major way, they can take your .com's away, but they'd totally do it to your house, too, in such a case.)

Contrast this with... anything else, really. Your Facebook profile or Gmail address? Just do something that the relevant company doesn't like: it's gone. With domain names, you can even transfer them between registrars! Not to even mention their actual purpose: you can point them at anything you want.

Add to this that they're neatly hierarchical: you can delegate name server responsibilities, so you can excercise the full power of a domain registry on your own subdomain. No wonder everyone has a few of them registered these days; it's really rare to see an email address ending with these days, and they're also very common as usernames / identity providers, too, since...

... ohh wait. Wrong universe.

Why all this still sucks

So you bought a domain, just the way the Computer People told you. They said you can have a fancy-looking email address with this thing. And a website.

They were also talking about some stuff about "domain registrars" and "hosting" and "MX records"; they always do that instead of telling me what to click on. But... regardless: I kinda get it that "domains" are somehow separate from... email and... the internet pages. But: email first! I just want to get my fancy to go to my gmail address.

Well okay, apparently you need to pay for this. Weird. I thought gmail was free. But... aaanyway: I just did sign up for... a thing. So I should just follow... um... these... steps??

Like, what do they even mean by...

a part of the page linked above, with an ugly-looking table

... well okay, this isn't easy in any sense of the word. I will just pay Herbert the Sysadmin Guy like $100 to set it up. Once and for all. You definitely shouldn't try this if you don't have $100 to give to sysadmin people.

How it sucks

So. Technically, you can update DNS automatically. With a pre-shared symmetric key and some obscure command line tools. With full access to the entire domain. You definitely wouldn't want to give said keys to random email providers to automate this for you.

The only case I encountered where this works somewhat reasonably is with dynamic DNS, where even people who insist on this being Complicated didn't have a choice automating. The result: about 87 different protocols for the same thing... of... setting not even arbitrary records but just an IP address. With a pre-registered subdomain.

No standards, really.

It is, of course, trivial for a sysadmin to edit some DNS records. The "problem" is that... not everyone is a sysadmin. And if we don't make this easy to use, almost everyone will keep using their gmail addresses and Facebook profiles.

How it could not suck

Do you want to give access to to make the following change to's MX (e-mail) record?


Imagine an actual standard for this.

... do expect a followup article on how this would actually make things a whole lot better if it worked this easily.

... comments welcome, either in email or on the (eventual) Mastodon post on Fosstodon.