311

GoDaddy really lived up to its bad reputation and recently changed their API rules. The rules are simple: either you own 10 (or 50) domains, you pay $20/month, or you don't get the API. I personally didn't get any communication, and this broke my DDNS setup. I am clearly not the only one judging from what I found online. A company this big gating an API behind such a steep price... So I will repeat what many people said before me (being right): don't. use. GoDaddy.

you are viewing a single comment's thread
view the rest of the comments
[-] loudwhisper@infosec.pub 35 points 4 months ago

NameCheap

WOW! I did not know that. I just checked and after a little search:

We have certain requirements for activation to prevent system abuse. In order to have API enabled, your account should meet one of the following requirements:

- have at least 20 domains under your account;
- have at least $50 on your account balance;
- have at least $50 spent within the last 2 years

$50 in last 2 years is not much, but for those who renew for many years, it is still stupid.

Ironically, Namecheap is what the people in https://github.com/navilg/godaddy-ddns/issues/32 migrated to!

I really wish that domain registration was done in a different way, but even in current scenario, gutting features for such a basic service to extract a few bucks and risking losing customers...?

[-] lemmyvore@feddit.nl 9 points 4 months ago

These are ancient holdovers. Nowadays DNS hosting with API is a dime a dozen. You may have to pay for it occasionally but it's not going to be even close to $20/mo.

[-] loudwhisper@infosec.pub 12 points 4 months ago

$20/month for a service that anyway is low traffic (especially for hobbyists) is a completely insane price. Even more insane is that their cheapest subscription still doesn't offer any API access. I agree anyway, but are these staying in business just because they have a consolidated market share? Do they have access to more TLDs? I don't know, I am genuinely confused. I have absolutely no reason whatsoever to even think of using GoDaddy again.

[-] lemmyvore@feddit.nl 5 points 4 months ago

I like the way Bunny.net does paid DNS, 20M monthly queries for $1 and $0.1/M after that. With an API included, ofc. Now that's the kind of pricing I can get into as a self-hoster, not $20/mo.

GoDaddy advertises a lot, basically. So whenever a person who's never owned a domain before searches for "get a new domain" they're gonna get GoDaddy, NameCheap and (ironically) Google Domains as the top results. That's pretty much all there is to it.

[-] loudwhisper@infosec.pub 2 points 4 months ago

Yep, I like bunny in fact. It didn't have all the features I needed back then, but it's a very good product, I heard very good things.

I also agree about the pricing. I ended up not using desec.io, but if I did, I would have probably set a 1-2 Euros recurring donation, as I feel that's a totally acceptable price.

As for why people use GoDaddy well... I feel personally attacked as that's exactly how I ended up there, when I didn't know better.

[-] catloaf@lemm.ee 6 points 4 months ago

That can't be right. I only had two domains (one now) and I've been using the API just fine. And basically any purchase will clear those dollar amounts.

[-] loudwhisper@infosec.pub 8 points 4 months ago

I found it on their FAQ.

Yes, it is generally less restrictive, but... I have 4 domains, and now I have renewed all of them for the maximum amount. They will all expire after 2033. So unless I decide to add more domains (which is unlikely), I won't spend a cent in the next ~9 years. I wonder if they really enforce it as it is written or they consider still the renewal an expense "split" over the duration.

Still, I really don't understand. You can - and should - have proper rate limits on the API. You have API keys that uniquely identify the source, what is "the abuse" they are trying to prevent this way...?

[-] hedgehog@ttrpg.network 4 points 4 months ago

Doesn’t their API also require you to allow-list IPs, making it basically useless for dynamic DNS?

From https://www.namecheap.com/support/api/intro/ under “Whitelisting IP.”

[-] loudwhisper@infosec.pub 2 points 4 months ago

That's a very interesting gotcha. They don't seem to support address ranges either. Unless once you add the whitelist the requests still work from any address (their documentation is ambiguous). This is even more confusing.

[-] catloaf@lemm.ee 1 points 4 months ago

Not sure. Personally I only use it for Let's Encrypt DNS challenges.

this post was submitted on 14 Jul 2024
311 points (98.7% liked)

Selfhosted

40199 readers
258 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS