How'd you like to listen to dot NetRocks with no ads? Easy? Become a patron For just five dollars a month you get access to a private RSS feed where all the shows have no ads. Twenty dollars a month will get you that and a special dot NetRocks patron mug. Sign up now at Patreon dot dot NetRocks dot com. Hey, Carl and Richard here with your twenty twenty four NDC schedule. Will be at as many NDC conferences as possible this
year, and you should consider it tending no matter what. Ndcoslow is happening June tenth through the fourteenth. Get your tickets at ndcoslow dot com. The Copenhagen Developers Festival happens August twenty sixth through the thirtieth. Early bird discount ends April twenty sixth. Tickets at Cphdevfest dot com. Ndcporto is happening October fourteenth through the eighteenth. The early bird discount ends June fourteenth. Tickets at Ndcporto dot com. And we'll see you there, we hope. Hey, welcome
back to dot net rocks. I'm Carl Franklin and amateur Campbell our friend Anthony Eden from Dan Simple is here. But before we talk to him, Man, it's been a while since we did any small talk or anything. What's new in Vancouver. Well, I'm up in the coast now, I don't
live down the city anymore. And you know that you went to the original house, to the one that I sold I did last year, and you know it had a bit of rack at it, you know, a couple of racks here and there, a rack you know, like the server racks. Oh racks, server racks. Yeah, and so now that I mean, you know, I thought you might have been talking about wine because you do that as well. No, I had had a bunch of those two, but no, no, we're talking about the server racks. And so
when it moved up here, I'm like, I'm deracifying my life. Good for you, man, Yeah, so more cloud less rack, Well, I mean, I got a lot of stuff in the cloud. But he still need a local network and you have to have a good one. So yeah, yeah, you need to switch. I could have ended up with a couple of rack bounded switches and control of the stuff. I'm like, no, no, I'm not doing it. I'm gonna stay small so I actually built it under the stairs, mounted to a piece of plywood. I
love that Harry Potter style. So it's also flat and tidy, and I can see all the blinky lights like it's all the features you want for rack, no rack, I like that. That's very cool. Yeah, and about twenty four hours of ups on it too. I had a visitor this weekend. Mister Mark Miller was at my house. I heard of that guy. I heard they were in Connecticut, just him, Oh, okay, yeah, no, the rest of the family is in Spain still. But
he came, okay, and I od'd him on amazing Keto food. He could not stop talking about it. I mean, we had ribbis, we had cheeseburgers, we had ice cream. Uh, it was great PASTRAMI awesome all right anyway, and nobody wants to hear about that. Let's get started with better no framework, we're all the music. Awesome, all right, man? What do you got now? I don't remember if I talked about this when it came out, but this was during the pandemic. It came
out. Oh, there's a great little tool called jitsy it and jitsy is a free, open source sort of conference tool like Zoom, it's browser based and it has a wonderful API and you can host your own server. And so this article right here from build five nines, which is a great name. I love that Build five nines dot com. I had a great blog. I read it all the time. Yeah, host private video meetings and Azure with Jetsy and so all you really need is an Azure Linux VM.
The software is free and it you know, it's open source. You have a chat, password protected, conference sessions, audio and video support for many simultaneously connected users. And the really cool thing about it is there's no limit to the length of a meeting. Nice, so you don't have to deal with any of that. You just did pay for the VM. Yeah, you just have to pay for the VM. So, like, if you wanted to set up cameras and stuff and like just have them always on boom,
no problem done. And it works on it works on phones. Cool. It's amazing. Oh and of course this article came out in April twenty twenty when we were all trying to figure out Zoom at the same time. Yeah, that's right, and I did it around that time. I did a tour of the air space at the Air Force Museum in Daytona, Ohio with our friend Clemens Vasters using an open zoom and we got bombed. How
badly bombed did we get? I was recording it locally because we're going to chop it up and use it. I suddenly I realized as we got the idiot out of there, that I now had child porn on my server. Okay, so now I understand what you mean by bomb. Yeah, I don't know, because you know, Clemens likes beer. You like, no, godh kind of thing. Then again, you know, given twenty twenty
four, you could have had actual bombs dropping on you. No, no, not that part of the world, all right, So you got a cyber attack, yeah, effectively, but it was you know, that was back when all that stuff was pretty insecure. It's all gotten better now, but you know, no substitute for running your own right. But I do remember the zoom bombs that people used to just jump in all of a sudden twenty twenty Yeah, and you know, because there was no password protection,
that's right, because who needs that? We were all clumsy. This is not that long ago, that's four years ago. Well that's what I got. Who's talking to us today, Richard I grabbed a commentav of show UH eighteen eighty nine, the one we did with Magnus Martinsen. We were talking about Azure in general and across certain architectural points, and Rob had this great comedy say, this great show is always I have noticed, however, a
common theme to a lot of Azure episodes. The developer is using it wrong. Close quote like what was that the jobs line about the iPhone? You're holding it wrong. Usually this is related to Azure devs and amin's not removing extra capacity or not understanding how to structure cloud resources versus on premi resources. I think if you make a tool and the majority of really experienced tool users hit their foot with it, maybe saying the users need to figure out how
to not hit their foot with it is not the best corrective approach. Also, telling devs you didn't do your homework is a bit of a cop out. It's more likely the devs did try to do their homework. But maybe the documentation is not as clear as you might think it is, or the interface is not as clear either. I'm one hundred percent certainly the correct documentation is out there. Why you're optimism Rob, certainly the documentation out there is
incorrect. It is likely somewhere in the hay stack of wrong and just irrelevant information is also out there. Improving Azure maybe less about improving code and more about figuring out what the devs are using it for and doing wrong with it, and improving the interfacer documentation to reduce those theres. You have called us out, sir, and I read this for a reason. You are correct. You are one hundred percent correct. It shouldn't be so easy to do
this wrong. Yeah, yeah, right, and to fall into that trap. It should be easier to do it right. And that's all something we should work towards. So Rob, thank you so much for your comment and a copy of Music Cobi. It's on its way to you. And if you'd like a copy of Musico by write a comment on the website at dot at Rocks dot com or on the facebooks. We publish every show there, and if you comment there and to read in the show, we'll send you
a copy Music Coobi. And you can definitely follow us on Twitter if you want. We've been there for years, but the cool kids are now hanging out on mastadon I'm at Carl Franklin at tech Hub dot social, and I'm rich Campbell at master dot social, and all the ways you can get in touch with me are finally detailed at Carl Franklin dot com. Okay, let's bring Anthony Eden back. It's only been ten years. Well, the we gentlemen he introduced, who formerly Anthony is the founder of dn simple and the
perpetrator of numerous open source projects. He's also contributed to a wide variety of open source projects over the past twenty plus years as a software developer using multiple languages including jab A, Python, Ruby, Closure, Go, and Erlang. And yeah, welcome back, Anthony. I gotta tell the story again. It was ten years ago. Tell the story, Carl. All right, So here's how we met Anthony. We were on a road trip, right, Richard. We are must have been the twenty ten Visual Studio twenty
ten, twenty twelve, I think twenty twelve. Okay, you would remember better than me, so anyway, m because it was the road trip to never end right, thirty four cities. That was the big one. Yeah, with numb nuts. So the numb Nuts was the nickname we gave our driver. That's a nice name. Yeah, well, anyway, So I get an email because I'm you know, I'm at the table, I'm working, I'm doing email the whole time. Richard's up in the passenger seat playing
on this world and not talking to anybody. Go on a road trip with your buddy Carl. He's like the most antisocial person ever. He's just playing a game the whole time. But he won. I did well. He came in number one on this game. Briefly, So I got this email and it was from a company that I won't mention their name, but it rhymes with slow Chatty. Okay. So this person at slow chatty dot com says, hey, you know, we like your show. We would like
to advertise with you. And I read it to Richard, and Richard and I looked at each other. It's like, we hate slowpatty dot com, but we love Dansimple. So you know, I had just started because Scott Hansman told us about dansimple, so I had your I don't know, I think I just sent it to sales at dansimple dot com and I forwarded the email and I said, hey, we just got this email, but we hate these guys, would you guys be interested in advertising this and I remember
you Your reply was continue he said, interesting pitch. Yeah, interesting pitch. That's right. Go on. Now, I remember when you showed me the original email from the company that show what you renamed, and he said, what do you think of this? And I'm like, but they suck? But they suw? Why would we do that? Why would why? Well, funny enough, they were they. I was using them, and that was the origin of being simple because I was using them, and I said, this can't be as good as it gets. No, yeah,
it can't be. So I had all the knowledge I'd been working in a DNS and domain space for many, many years, and I said, all right, I'm going to try to finally try to build something after seventeen years of doing stuff with other people on this was your thing. Yeah, and that show we did back in twenty four two was really cool because you were quite the polyglot then. Yeah, which I think today isn't that weird, but at the time was pretty usual. Yeah. We did a lot of
unusual things. I mean that the remote working, for example, in twenty fourteen, and still even today we're fully remote. We always have them, which now it feels a lot more normal after COVID. You know a lot of people have learned how to work from home. We walked it right into that with saying, well, this is how we already do business. This is normal. Yeah. Yeah, it's almost like you were born in the cloud company before it was really kind of cloudish, yet like you had that
style. I think that's fair. I think that's fair. Having having run servers for a while, when I had the opportunity to no longer run servers, I said, I don't ever want to do that again. You and me both brother, you can preach. So we started registering domains at Network Solutions right as everybody did, you know. And I never used slow Patty, but I tried once and it was just like, oh, this is
ridiculous. But Network Solutions was ridiculous enough. Yeah, and on top of it, so the problem that you faced and we all faced, and the reason why we love DNS is because the simple act of registering a domain and changing things and oh god forbid, if you want to transfer it, Oh my god, they put you through all these things, and they put up, you know, fake things that you can need to click on, and then oh my god, I've just increased my subscription to five hundred dollars a
month or whatever. Oh yeah, all a deceptive creditory. Yeah, the great thing about moving away from netsol was that they made it so arduous. You're just so much keener to get it done. Yeah, right, like you didn't make it hard for me to want to leave. And I'll tell the story again, And I probably told this ten years ago, but I was using dan Simple on my phone in the security line at an airport, configuring my email server for Google, and it were and I did it with
one hand and it just worked nice. And I was like, well, this couldn't be any better. I mean, come on, yeah, I've had nothing but great experiences longtime fans, Anthony, as you know, we've been your customer for every and because you were always awesome, and I appreciate that. I appreciate that. I'm glad that you all have stuck with us, and hopefully we can keep your business for another ten years at least easily
easily. Yes, I am finally lapsing a few Donain names. I swore I would do something with someday, like you know spring cleaning that I think everybody goes through that every once in a while and like, Okay, I'm never going to do this again. I'm never And then they're like, oh, but this I have this idea, Like o'clock in the morning, I'm drunk and I registered dot net, cupcakes, dot com or something right, and I'm like, why that? Did I do what I wanted? So
funny, funny quick story. We almost built an iOS app for fast registering domains, which was going to brought up somebody said I got to be able to drunk domain and we almost built it. We went all the way through the design phase. We looked at it and I said, I said, folks, we can't build this because it's going to work. Yeah, right, and we're going to be part of a problem exactly, said I don't
want to be part of that problem. Right. You are also the first person outside Google that I ever met that said that they built something real with Go and the and simplest built on Go. Right, Yeah we have. So we have. Our our core web app is still Ruby on Rails, has been and will continue to be most likely. All of the systems that kind of integrate everything together so that send data out to our edges and a lot of the smaller sort of glue pieces. Those are all in GO and
then our name servers are in Airline. That's great, right yea, just pure speed ye erlang. I mean Airline's great for building network toolkits essentially networking things. Is really great at taking packets apart and putting them back together. Go is really good for gluing things together, super clear language, and we have a lot of small utilities. And then Rails is still our web framework of choice. It is just such a good framework and it's even today it's
it gets better each day. So that's all is a good sign. All right, So you're here to announce some new stuff that you have in the cloud and for the community. So last time, ten years ago, there was like a c sharp API that you announced, right, well, so I think I think the c sharp API we announced back actually more recently. It was about three or four years ago when we brought that out. I think ten years ago we were still just talking about D and simples at its
early ages, right, Oh yeah, yeah, that's right. So it wasn't that we had Enrique Cambro, I'll come on, yeah, talk about the API. Yes, ye had you had Enrique on talking about that, Okay, and so that was kind of the start. We always knew that we wanted to sort of help and get involved in the Windows world a little bit, and we always saw Azure is something we wanted to somehow hook up
to. Well. A couple of years back we started working on what we're calling our domain control plane, and the ideas is that you'd be able to not only manage your domains that are inside d and Simple and your dns there, but also your dns and other providers as well. And so early this
year we started working on the Azure provider and we've launched that. So essentially now from within DAN Simple, you can hook up the Azure and you can actually pull in your domains in are an Azure and manage them just like you would your DN Simple domains, manage the DNS on them, ad records, do all kinds of things, including through the API, so essentially you can
have a single place and not just asure. We also do Route fifty three and Core dns as well, right, and so the idea is that you have this unified interface for managing your domains even if you can't pull them into DN Simple, or if you want to manage them on multiple providers because now
more and more people are using at least two different providers for redundancy. Say, so, does that mean when I create a new web app in Azure and I want to add a custom domain, I don't have to add text records with asuid dot whatever to I mean, if you set up it for you, you could do that easily, right because you're in DAN simple. You could set up a template for it or something like as put in.
But even if you had it inside of Azure and you pulled that domain, and you'd be able to apply that same thing saying over to that domain over an asker. And the idea is just if you're running authoritative DNS, some part of your authoritative DNS on Azure, you should be able to manage that from within d and simple. That's our opinion of Yeah, so that's where
the domain control plane is headed well. And you know, this is why I read that comment from Rob too, because it hit me with the main tech support calls I've ever made or ever had with DN simple is because I'm adjusting DNS entries on something that's no longer be run by DN simple because I had to, because I had to pull it over to Azure DNS because Azure does a bunch of trickery with their services that it's just so much easier if the DNS is there, and then you forget you never take it out of
DN simple, and then I'm tweaking it in DM symbol. Now thing's happening. I'm like, am I losing my mind? And your textic court people are levelags like I don't think we're actually your DNS provider for this, Like what you may be losing your mind, but that is beside the point, separate, separate issue entirely. So I feel like you're building the tool that Rob was expressing around at, which is like what if you had one place to look at DNS and the fact that it happened to run in DAN simple
or running as you're routed. We're in the fifty three. Who cares? From one point of view? Yeah, and APIs are all the APIs are different, right, right, So you go to any of these APIs and you're gonna have to go digging and digging. And so essentially what we've done is do the digging for you so you don't have to anymore do the DIGGS for it, because so otherwise we're each going to roll our own on this, and we're all going to hate ourselves, so we'll just hate you pretty
much. So much easier to hate you, Yeah, hate me or love me, because I've done a good job, which is ideally what I want. Well, and that's why I'm delighted you've done it, because your UI doesn't try and deceive me like some sides, you know, generally makes things pretty dark clear by the way you did add this thing, like if you've left your DNS running a DAN symbol and it's not actually the supervisor, it makes you very clear, like this is not being used believing your entries for
this is y. Yeah, and we're going to continue. We're right now actually working on trying to make that even better as well, all the experience inside of DAN simple so that we can help people not have to go through that pain of not being able to see that something is somewhere else as well, because because it is, it's a challenge, right, there's a lot of complex DNS, which has been around for so long still is a hard thing to understand often. Yeah, I mean, and the haiku is still
true. You couldn't you know, it's not DNAs it couldn't be DNAs, it's DNSS DNS. So but you guys also do things like I don't go to who is to look for domains anymore. I just go to dan simple and I try to register domain and if it's not available, it tells me. And it's so much easier than believe it or not. Who is Net anyway has turned into like I haven't used it in a long time. My
recollection is there's like ads and crap and stuff in there as well. Then it just yeah, well, I mean they have to they're trying to monetize in some way. The interesting thing is that who is as a protocol is going to die. It's being replaced actually right now. So the new protocol it's going to replace, it's called our DAP and that is being slowly rolled out throughout the world. Wow, well, and it probably needs replacement. Who Is was from a kinder gentler It was very much time. Oh you
know, speaking of that, there have been some DNS hijacking attacks. There always have been, but I've heard I heard about some more recently in the last couple of years, like a DNS poisoning attacks. Those are kind of common. How do those things happen. Do you know about things? Yeah, I mean, in essence you have with DNS When I do a query, I go to a resolver, and then that resolver query is something else.
Well, if you can somehow poison the cash inside that resolver with a bogus answer, then it will hold on to it in its cash for a certain amount of time. And essentially that's the attack vector, and dns SEC was designed to essentially stop it. Both guys you implemented it think it's great. Yeah, I this is I got yelled at from a custom a customer with a listener who says, you know, you don't have dns SEC on your domains and stuff, And I think I mentioned it to you, Anthony,
and you're like, yeah, I mean it's funny. The adoption of that protocol, which has been around for quite a long time, has actually been a really rocky road, so much so where you have new attempts at other ways of solving that same problem. But the problem, no matter what, is still the same. Right you have to trust that the data from the originating authoritative name server has not been tampered with, and the only way
you can do that is with cryptography. You have to have something that cryptographically signed or otherwise you cannot Ultimately, you can't trust it now. And as soon as you involve certificates, ninety nine percent of us go nope and walk away. Yeah, poison like poisoning attacks, I think are probably ones that, yes, they happen. The ones that really I think you'll hear about
more often than not are just social engineering. Yeah. I mean most often the way that you get at companies, or a way that the people that want to cause hav it get at companies or individuals is by social engineering. They find a way through, Yeah, Phishing's one way. They find it through support channels. They do things like that, and and that's actually one of the reasons why in our core training, nobody joins dan Simple without going
through training on how to deal with support. Yeah, and specifically, what are the rules for accepting anything via support? And they're very limited because we can't be sure that you are who you are right unless you come into the app used multi factor authentication, then we're probably you know, then the responsibilities you we get it's a reasonable level of confidence. You know. This is another story from the wayback Machine, Carl, but it came up the other
day, which was replay TV. Oh do you remember TVO? Yeah, And of course TVO was the original. Replay TV was like their cheaper alternative, cheaper alternative, none of which worked in Canada. And I'm in Canada, right, so I get it my hands on a replay TV because I found a chunk of hacked software that could run as the replay TV host. And so I just lie to the replay TV with DNS to go, oh,
your service right here. The next she up in the rack, you know, running running Linux, where I was able to scrap, you know, pull Canadian guide data and format correctly. I loaded in the replay TV. It was never the wiser Goodness knows, you never wanted to call home, right, just you could only call to my little server world. You guys, you Canadians have been struggling with TV metadata forever since you know you can't first came on dot net rocks like in two thousand two. Well,
yeah, TV had to go away. It wasn't fixable, right, It's just like let's say the old dice in quote. It was easier. It's easier to put Wi Fi everywhere to make a good disconnected client. Right. The answer was actually what if there was no TV anymore? Yeah? Does TV even exist? Our companies still broadcasts out on the waves currently, don't know. Yeah, from what I understand, I haven't done it, but from what I understand, you can put it up an antenna and HD a
digital antenna and get an HD signal from the signal air madness. What is this stuff? But you know you can only get the probably if you're in next to a major city, you know, four or five channels. Yeah, you know, if you want to relive the seventies, which I would not, but at least, dude, I had I had an antenna that we had to had a little dial and you had to click it and like like a compass, and then you could hear it going in different places.
That's how old I am. Nice all right, So the insect's never gone anywhere. Our app is now going to replace U who is? So I mean we're inching towards more secure things. I think in general we've been moving towards certainly, you know, I know for you guys, is securing the domains because once when once the domain gets hijack, you got problems like that. Yeah, yeah, yeah, which is why we We've been one of the I think as the technology has improved for adding multi factor authentication, we've
been adopting it ahead of pretty much almost every other registrar. So you can even use hardware keys with the in Simple Now you can of course use two factor off tokens. We don't let you use your phone because frankly, it's too easy to hijack SMS. So but we have these multiple layers of security. We also since we last talked, we've added multi team member security.
You can have give team members access to only specific domains. You can give them access only to the DNS side of it, or also to the domain registration side of it. So we've put a lot of thought and energy into how you secure those domains, and we're going to keep doing so. Like this is it's an important part of what we do. Are our key elements are security and also of course good support and then making sure that we have a good API so that you can do all kinds of things with us.
And that's another thing that changed too. Because we now have API tokens you can you can easily rotate and you can have multiple API tokens with different names. You can give them access to limited resources. So it's come a long ways since ten years ago, now as I would hope it would. You know, here's another great success story for DNS simple. A friend of mine had a slow Paddy domain that he wanted to that he registered that I wanted
to take over and vice versa. So I had him create an account at dan Simple, and once he had that account, I just like it a button. Oh yeah, transfer to this guy. Here's his email address. Boom done, and then he can take it from there, and it's like so easy. Why isn't it that easy everywhere else? Well, and we so when it comes to transferring from one provider to another, it's actually still
really hard and it's not really a secret. But in addition to supporting az'rein Route fifty three, we also took the time to integrate with GoDaddy's API specifically so you can connect to it and pull down your domain registration information from that and so now you can actually see your GoDaddy domains and you can click transfer from GoDaddy Indian Simple and we'll handle everything for you. You know, I'd much rather do that than go through their painful, like suicidal risk slashing process.
Yeah. Yeah, so something it is still hard today because the industry unfortunately put a lot of energy into making it hard. Early on, they said, you know, there was a small group of companies they didn't really want to trade between each other, so like, okay, for security reasons, we'll put up these barriers that had little to do with security and more
to be a barriers. I often question whether the early decisions really had Obviously there was some good intention, but there was also I think some pushing in the direction of let's make sure to make it a little difficult so that we encourage people to stay where they are, and it should be mobile. Honestly, domain name should be easily mobile between providers, right plane and some Yeah, absolutely so. I mean the core product here, the control plane,
is just being able to see wherever your DNAs resources live everywhere. But there's sort of an inceptional part of this because you also provide an API to d and Simple so that I could integrate it into my own workflows too, Like yep, it's just it's like, well, what front end would you like? Yeah, pretty much exactly exactly. Yeah, we've we've done We've done integrations with Terraform, with chef, We've done we've done quite a few API
clients, so it's a nine different languages now. And the idea is that at the small scale, if you're if it's if it's me and I have a few domains, I just want to go through the UIO, that's fine. That's one. But if I'm running five hundred domains or six hundred domains or ten thousand domains, it's UIs impossible, right, So you should be
able to work equally well with either one of those. I just like the idea of just your it's in your CICD pipeline, that okay, we're changing these server ips to this now that it's just part of the automation, and I don't there's no exceptions there. The network guy isn't called separately for a rollout, Like if we're really going to push six, ten, fifteen times
a day, you know it better not involve calling anybody. So yeah, and we still have a lot of people that come to us and say I want to move to DAN Simple, but it's really hard because I have to send an individual email for each domain that I want to make a change on to customers at some company. That's from nineteen ninety seven right, and they just and they can't even move it. So we've been trying to think how the heck do we make that easier as well. So this is this is
where all of this originated from. As we keep saying, there's a lot of ways that it's still really hard. I bet we can still do better now. You know, you almost feel like you know why did word win over word Perfect because some early on word read and wrote word perfect files. The idea that you built a console now and the crazy part of the word perfect story, if you ever go deeper into it, is at one point word Perfect wrote their own format and word could fix it. So it's like,
hey, are you using word perfect and they've just updated that. I think it was like four point three or something, and it now it doesn't work correctly. If you're running the word It's fine. I just remember that what you've just described to me is the battle that I had the days of trying to get DNS entries out of netsaw and into you. Now, I would set up in the control plane and point to where whatever service that currently existed and say, okay, let's start moving those and you'll do the nitty
gritty. Yeah, that's the that's the vision. You know. The challenge, of course, is going to be very few providers have an API, and if they do, it doesn't even work well. And these are dangerous APIs, because this is what this is about, stealing domains like these are dangerous APIs. I want to hear more about the control plane, but let us take a quick break and we'll be right back after these messages don't go away, and we're back. You're listening to dot net Rocks. I'm Carl
Franklin, that's Richard Campbell. Howdy. We're here with our friend Anthony Eden from DAN Simple. And by the way, if you don't want to hear ads, you can subscribe to Patreon Patreon, dot dot netroocks dot com. Be a patron and you can get an AD free feed and it's not all that much money. And we were talking, we were just getting back into talking about the control plane, and I think it kind of went over my head a little bit, but because probably because I don't mess with multiple you
know, domain providers like I'm the DN simple guy all the way. But can you give us some scenarios in which this new control plane is going to be really helpful? Sure? Sure. So one straightforward example is you want to run on multiple providers. You want to run your DNS on both as your end route fifty three because you don't want to put all your eggs in one basket. Right now, when you say run your DNS, you mean
a DNS server, No, I actually mean your authoritative zones. So you want to use as yours cloud DNS and you want to use route fifty three, which is Amazons as your secondary, okay, or and the notion of secondary is kind of it's moot, like these are really multiple providers, and maybe you also want to run on DN simple. Well, you want a single interface for seeing all that you can do that. So that's one example.
And when you say that, do you you mean I would still have my domain registered at DN simple, but I would have these authoritative providers on different clouds. Is that the idea? Good? Yeah, it's an option. You can also run it through us as well. I think what we're what we're accepting here is that everybody has different needs. Right some folks, their operational team says, we need you to run on as your plan simplest
that there's no other option. But maybe doing that constantly is not working out great for them from an interface standpoint because they find it complicated or what have you. And they have team members who have used DAN Simple. Well, now they can just keep using DAN Simple even though they're managing those assets over there. It's another example as well. Sometimes different departments have different needs.
Right, so maybe your core operations are going to be on one of the major cloud providers, but maybe your marketing team who's spinning up sites regularly, they need something that's faster. They need something that's relatively reasonably priced that they can get in and do it and get out quick and get everything set up in one shot. They'd rather do it on DAN Simple than have to go through putting it on Azure. But you still want to have a unified interface
to see all of this and to manage all of this. And that's the idea behind the domain control plan. Now I can imagine a marketing team team cranking out subdomains constantly for every promotion, right it's you know special Spring Special twenty four dot dot at rocks dot com, and and you do subdomains are even even even domains because with all the TL these now you have so many choices you can do these you can do these custom domains that are that are
on some TLD that's going to be for a limited time. Yeah right, and that's totally okay. Yeah, and you again, you might be at a separate provider, might be a different set of services, like I've certainly been dealing now with companies where it's not just that they have a WS and Azure and on prem and other, but now they're expecting the transactions to coordinate between them. Yeah. Yeah, but they want it. They want a
message bys system to speak to them all. And so the pipeline's complicated, and you're editing up with each of these interfaces to deal with each of these things. Anything that might be simply by that for me, I'm excited to look at this question might be more of a selfish self interest thing. But so I don't often get to talk to an expert like you once you know on these things. So answer me this, is there any reason why anyone should not use a TTL of sixty seconds? Yes, there is why.
So the if you're using a TTL with sixty seconds, you're going to be constantly hitting the surface, constantly hating the surfer. Dennis is not a fault proof protocol with UDP, it was never designed to be. And so you're going to have slower responses most likely because you're not going to be taking advantage
that cash that's out at the edge. So because you have multiple cashing layers, right, and that matters in many cases, the difference between having your customer potentially who say, let me just give an example, if your customer is somewhere in Asia, they might be routed and a very complex route to get a DNS query out to one of our name servers, even though our name servers in Tokyo or Singapore. Yeah, they have a cash right, yeah, right, And so cash helps that the minute you do it down
to sixty seconds, you bust those cashes pretty much constantly. Yeah, who wants to sixty second d and as cash And most of my even most of my fail over systems were really in the five to ten minute range more than like an hour. Well on the only problem there is that if you need to update something now, you have to wait ten minutes, right, So is the way to do it to you set it to ten minutes and then
when you're going to update it, you send it to a minute. Wait ten minutes, then change it. Maybe everything gets repopulated, and then go back to ten minutes. I think that's a smart way of doing it if you want to make sure that the change, the switchover happens quickly. Yeah, then that's definitely the approach you want to do. You want to shorten that TTL just when you're doing that change. Alternatively, you allow the fact
that there's going to be two systems running at once. You design for that case, and you allow that to happen. Naturally, resolve any of the things that happen during that transition using whatever you have in your back end implementation, and you move on, and then you don't even have to worry about those TTLs. See. You know this is probably stuff Richard talks about on run as radio, but I don't get to talk about this stuff much. Yeah, we were talking about moving over to a multiple you know, to
a replacement scale site. You know, we talk about the drain. Right, we'd set up the new entries, the old system would remain running and we just keep shutting down services. But you'd have to wait till you hadn't had a ping for an hour before you turn the last one off. So it's like, now every TTL is drained, do you shut that off?
Yep? Yeah, yeah. We've had to do the same thing as well over the years, numerous times where we've had to sort of slowly spin down some service that we've had, and we have to I mean even today we're still dealing with it some legacy IP addresses that we have assigned to name service that almost nobody uses, but somebody's using it and we don't want to disrupt
them. So we just really like when we think of when we think of terms of transitions, it's offully often in terms of years right transitioning things, and it adds a whole other layer of complexity because you have to keep that transition happening plainly. But man, it sure is nice when stuff just keeps working for the customer, right, Like ultimately that's how we see it is.
It's just they shouldn't even know. This is one of the nice things about the cloud environment is like, eventually I've wound this down to a single small instance that's costing me five bucks, awad me, I'll keep that going. That's fine until it hasn't been hit for a long time. You remember those days, Richard, when we would spin up a new sequel server when we ever we had a new podcast. Yeah what though, you did not? Oh your own v ms? Yeah yeah, they don't do that anymore,
has no databases. It's just yeah, me too nice. I had to unlearn that behavior, the joy of the joy of text of text files, right, absolutely. You know how often a podcast entry changes? Never? You make it once and it never changes. Why is it in a dynamic data store? Yeah? Yeah. All of our so our blog at the in simple, our support pages, our developer pages are all static sites and they're all generated with a static site generator. And what a difference.
It just makes things so much easier to to keep running that you just don't have to think about it, right because there's no there's nothing to break. Yeah, here's another gotcha. When you register a domain name or a web app in Azure, you don't want that IP address to change. And if you don't get a static IP address or something, it could just change and then one day your site's down. You go to Azure portal. Oh the IP address is different. That's fun. Wow, it feels like that's the
thing. Ask me how I know it? How do you know? I think I know exactly how you know about But it feels like that's the thing where this is an example back to that original comment in the beginning, that should just be automated. Yeah, if if that address changes, then something like in our case, a web hook gets fired. Plus if the name is in as you're already it should just update, right. But even if it's outside of Azure, there should be a web hook that's fired that something
else can pick up. Which I mean, that's one of the reasons I moved my DNS for run as because it was running in an Azure app service over to the as your side. Because you don't really have control over your IP address as an Azure they do, so if you hook the whole thing together, they do that for you. I'm sure there's this solution. It's just six pages of work I didn't have to do, just move the DNS. Yeah, you know what the solution is, Like, we'll let it
do what I do. Run a PowerShell script that runs every hour that checks the website to make sure it's up and looks for some valid data that's coming out of your data store. I see the shape of your hammer there, dude. You know, but this is a great use. This is an example of where the Azure integration actually might make sense in d N Simple because you can leave that DNS zone over there, but you can see it inside
of the en Simple next to all your other zones. And not only you see it, but let's say you wanted to add some subdomain to it. You can actually do that from inside d and Simple, and it'll synchronize the two together. What less time in the asure portal? Are you crazy? Yeah? I know, Mantain's right. How do I get this lovely new feature? Where do I go? How do I get it? How do I turn it on? Just just log in? Just log in and turn it on. It's under your account. If you log in, you can
take a look and there should be on any domain. You'll also see ways to turn on various connectors. So yeah, it's we call these integrated providers. You can turn them on either on the domain level or on the app level, and once they're hooked up, essentially they do bidirectional sync. Right, that's beautiful. You just had a thumbs up bubble up here right over you? Is that your I know? Is that an iPhone feature? But it was weird because I was scratching my shoulder, and I'm like, why
is it? You're scratching your shoulder with your thumb up, and all of a sudden, you see these thumbs up coming over your head. What is that? I can't get that to work. When I try to get it to work, it never works. It only works if I do a gesture that I'm not intending to make that show Apple. This technology is getting too complicated, it's getting weird. Yeah, it should be more simple, right, that's what I think. All right, So tell us about pricing.
What are we looking at for using this new tool? Okay, so that's actually really cool news. If you're on our solo plan, you don't pay anything for it. Wow, whoa way, that's hard to argue. And then so last year we changed our pricing so we move more to usage based pricing, which is essentially you only pay for the zones that you use, you pay for the query volume that you use if you're on a Solar A
team's plan. And then we decided that for the domain control plane, that for connections to domains elsewhere, for now, we're not going to charge anything. We're going to give it to everybody whoever is it then simple no charge for it, So you can start hooking up today with no additional charge. And if you use us for DNS, then the zones you use you'll pay for those, but otherwise you don't. I can't argue with that. Man. Wow, great, it's very nice. Yeah, we'll let it go.
Is there anything that we missed in terms of the control plane? I think the only thing that I'd really love to know, and this is going to be something that our customers and whether new or old, are going to tell us, is where do we go next with you? What providers are really ones that you'd love to see us integrate with? Tell Us just reach out to support a dance dot com and say, hey, I use this
provider. I would love it if you add one, or in the app when you select providers, and there's an option for you don't have my provider, and you can tell us which provider you want us to use. So I see three essential services here. We only talked about two of them early,
the registration, the DNS. The third one is certif is SSL, t LS, yeah, SERTs, which still is I mean, let's encrypt has made it better for no other reasons, so much better actually as your sert is genius, right, actually, as your managed SERTs are free. Yeah, well it's the let's encrypt SERTs. But it's just like, yeah, but let's encrypt is kind of has a little root gold set mechanism. Yeah, I did that and then it stopped. Now that's the beauty of
it. It again, you don't. So for example, our redirection service terminates HDPS connections using let's encrypt certificates and does automatic rotation of those certificates, hooks into your DNS so that it puts I mean, it just handles everything. And that really Let's encrypt has changed the game around certificate that time. I can't I know why some people still hold on to this idea that they want to have a certificate for a year or two years, which, by
the way, now you can't do more than two. Yes, you used to really get twenties, Yeah, nottymore. Now they keep getting short, and eventually I think it's going to keep getting shorter and shorter. Because automation is amazing. Yeah. It makes it so that if you can do something in automated fashion, scheduled or unscheduled, it means you have the ability to fix stuff really fast, yep, because if something goes wrong outside of your
control, you can essentially put things back the right way. I love having things in Azure because I'm already authenticated, you know. That's why I love these managed certificates, because I don't have to go through a third party provider improved to them. I am who I say I am. I'm already authenticated through Azure. They know me, like, yes, that's me, I logged in giving a certificate. Automated certificates, being in front of services was
really something we should have done a long long time ago. I'm super happy to see that the that it's been adopted so widely now. And and if you're using a provider that it provides any kind of hosting and they don't automate that, I just it makes me wonder why, like get on their backs and say automated. Yeah, yeah, so, And I can see obviously your path forward is being able to pull from more registration sources, being able
to connect to more DNS service. We can argue whether any you need more seerts or not, because once you get the leeds of grip, you're got it done. So and I don't know there's another service area you got to go. So there's obviously the increasing in each of those three areas, but
is there another area to add? I'd say just you know, training and education is in Your blogs are great for that, your blog posts, but you know, just keeping your customers because when your customers know what they're doing, you're they're going to be a lot happier. But you know, DNS, if you're just you know, if you're just coming into the IT world,
it can be it can be overwhelming. I'm digging into stuff like static stores, so yeah, you know, because I have this problem now right that I stick it in blob storage and ash or is it seeing an S three bin somewhere? Yeah, we've talked about so. One of the things we've talked about off and on over the years is do we want to move beyond the domain protocols? Right? Obviously with certificates, we did that already
to some small extent. Yeah, they're directly related to domain protocols. Yeah, but for example, cashing, you know, basically cashing of HDP is a very common next step. Yeah. Our biggest concern is that it changes the dynamics of the type of traffic we're handling, and all of a sudden, we're handling actual content, and that steps over a line where you start dealing with with copyright infringement, you know, takedown notices, yeah, real
time effects, yeah, all of that sort. Yeah, and so and so that's one of those things that we've always said, you know, what our business is about domains. We really want that to be our core business, and so we're going to make the best business of that and keep making that better. And we've stuck to our guns for almost it'll be fifteen years now, wow, next year? Now does that mean you're going to go
all in on our app? So our DEPP is a requirement. Ever, anybody who's a registrar is going to have to run our app because our DAP essentially makes it so instead of having this public you know, text file that people are looking at, they actually are you're allowed to have limits to who can see what. So, for example, law enforcement's going to be able to see one level, the general populations will be able to see another level.
Other registrars and registries will be able to see different levels. And so information privacy, which is becoming a really big thing in most places in the world that actually is going to be built into the protocol, whereas and who is it was just like, here's a text file and what goes in it is completely random. Woo yeah, scrape orama. So only lawn only law enforcement can see backdoor dot dot NetRocks dot com, honeypot dot dot NetRocks dot com. I mean, if enough people came to us and said, we
really want this thing. So domain registration didn't exist in the first version of DNS. Right when I launched in twenty ten, it was just DNS. And the only reason domain registry was added Indian symbol is because a bunch of people who I knew came in and said, the main registration is terrible. Can you please just do something about it. Yeah, you made DNS nots
suck. Can you make registration not suck too? Yes? And I said okay, And that has continued the hell of domain registration that will not leave my life real they ever will. I think you a first slow Patty, Weren't you at first? I personally was. We originally built on another provider, and we've since changed things behind the scenes several times because the world keeps
changing. Like I said, that's the other thing about these SERTs, right is we're constantly having the root domain hacks and things like you don't want a long duration cert when he's like, that's not a valid cert anymore. It's
dangerous. And that's another reason also why we rotate DNS set keys automatically, which which very few people do. And we do it because we basically took that same concept that that let's encrypt made popular and said we're gonna do the same thing for DNA sex right done, And as long as we can hook into a registrar that'll allow us to rotate those keys automatically, they will be
rotated automatically. There's not a choice. Yeah, and which really means are there is are infrastructure up to automatically replace those routinely because that's that that's our best chance to resist these attacks, is that the keys are constantly changing. Yeah, and if it could, because if you're halfway, let's say you're thirty days into a ninety day window and you do have some sort of a breach, run the rotation right now. Yeah, problem solved, key,
you know, compromise key gone granted. Problem solved might be you have other issues, like how do you let your keys get compromised, but at least you're taking a one step towards a little bit more security than you would if you're sitting there. And while who Bob down in accounting I think has the certificate usually a password on his U notepad on his desk. Can you go grab that? Bob, Accounting gets a bad rap on this show. Sorry, always always counting. It's not his fault, there is. God has
to say no more often really does yes. He When Alice comes and says, Bob, can you do this? Bob needs to go. Not a chance. Where the hell is my red stapler? By the way, all right, so before we go, one other question, what is your experience with c sharp if any? So when we wrote the original API clients, I went through it. I looked at a little bit and played around with it. That that's about the extent of it. I grew up in the
world of Max. When I was a kid, my dad had Max around in backs VMS systems, so it was it was it was really old school or new school, and I never really did the Windows thing. I spent a few years writing Java on Windows machines, but I've been mostly either Mac or Linux guy for my entire life, so I hadn't had much a need for c sharp, but you know c sharp runs on Mac and Lenux. Now it's okay. I do know. There's probably a lisp guy, right. I did have some time with closure, as shown in my bio.
I did like Lisp, but Erlang is still my favorite language. There's something about Erlang that every time I use it, it makes me go, aw, this is so much fun. This is such a great language because it's so different than anything else out there. Yeah, it's that functional thinking mindset. In any I meet Haskell people like that too. They're just delighted with what they've written. I just love I love the way how functions in Erlang
are. They basically accept the shape of the data that they shape, and you have different variations of them that they accept different data that shape differently, And I just there's just something about it that it's like, man, that's such an elegant way of handling some of these problems. So granted, if don't look at me anymore to write code, because I've written a lot of bad code in my life anymore, and I no longer try to make it
pretty. So I'm not the best first thing, but it's still my favorite. It's also not like a vegan militant about it, you know what I mean. You know, whatever you want to do, it's fine. We just want to handle your domains. Yeah, A couple a couple of years back, we did. We did the advent of code and I wrote everything in C plus plus. Wow, So why the heck not? You know,
just it's fun. There's nothing to me. And this is one of the things that I have to say that as we move more and more towards a world where code assist tools based on AI are going to be part of a normal developer's daily routine, I'm saddened a little bit by it because I love writing code, and honestly, there's going to get to a point here where we will not write much code anymore. We'll still be thinking in systems unless we want to. Like I for me, it's better than doing puzzles.
I mean yeah, I mean too. I love it. I love it, and I hope right now I spend almost all my time just running and simple and thinking about the business and things like that. I hope someday I'll be able to retire from running the business and focus again writing code because it's just such a such an enjoy. Well, you're doing something right because for these fifteen or whatever years that we've been using your services, it's been
a dream. So it's a great it's a really good team who highly recommended, who really focuses on stuff and I appreciate that. Thank you again, Carl for being a customer and Richard for being a customer for seco to your team and they do great show they do. And you'll have to come back in another ten years and tell us what you will be to it's a deal. If we're still around in ten years and still kicking, and y'all are still kicking, we will do this sooner, I'm sure. I hope so
well, I hope so you can. You can call me in any time. I'm always having me to talk, all right, cool anthy and thank you very much for spending this time with us, and uh wow, great stuff. This is my pleasure. Thank you both, all right, and we'll see you next time. Dot net rocks. Dot net Rocks is brought to you by Franklin's Net and produced by Pop Studios, a full service audio, video and post production facility located physically in New London, Connecticut and of
course in the cloud online at ew op dot com. Visit our website at d O T N E t R O c k s dot com for RSS feeds, downloads, mobile apps, comments, and access to the full archives going back to show number one, recorded in September two thousand and two. And make sure you check out our sponsors. They keep us in business. Now go write some code, See you next time. You got jamddle Vans and