Bitcoin Forum

So I noticed a couple days ago that Bitcoinica suddenly went down. I thought perhaps someone else would start a thread, but after a few days with no posts I decided to look into it more. Well, as you probably guessed from the subject, Bitcoinica is not down, but it appears Comcast's DNS servers are no longer resolving the host name. Digging a little deeper, I found the following:

First, here are the current DNS addresses for Comcast users (I think it's for all users):
http://dns.comcast.net/dns-ip-addresses.php
75.75.75.75
75.75.76.76

I thought those IPs looked rather odd, but apparently they're legit -- and easy to remember. But do they do anything different? Well, here's a quote from the above page:

Click on DNSSEC and you get the following page: http://www.dnssec.comcast.net/
Another potentially pertinent quote:

So my bet is that somehow their DNSSEC initiative has decided that bitcoinica.com is not a safe website or something. Any thoughts on this? Other than changing my DNS server, it seems I can at least just connect directly to the Bitcoinica IP address (50.56.4.62), but https is not available if I do that, and come to think of it https://www.bitcoinica.com gave me the crossed out https as well. Perhaps that is the problem: Bitcoinica's certificate isn't valid, at least with Comcast? Does that sound right? Anyone else have thoughts or other details on this?

could be, is their certificate self-signed or with a major CA?

Wow and this before SOPA even. It is my understanding that this is what SOPA would be like.

For the time being use googles DNS servers 4.4.4.4 or 8.8.8.8

i was really annoyed to get this when i clicked on this site in the notable articles section:

https://strikesapphire.com/

i'm not even sure what this site is or what it represents but getting any kind of censorship doesn't sit right with me.  my isp is Cox Communications.

https://i.imgur.com/z15RW.png

Well damn.  I can't even get to it using a proxy.

http://i43.tinypic.com/1qsn75.png

That is the sites logo so that is the site itself that is blocking you out. It is a bitcoin casino.

so why would the casino ban me on their end due to "local laws in your area"?  you think that they're that paranoid to do this?

del

not paranoid, just trying to be a legitimate buisness

+1 although this is more of a "reality of the future, right now" that relatively few still have yet to comprehend.

+1 , what's smarter?:  pushing the envelope to make a statement and losing out in the long run, or playing by the rules when necessary to better ensure more long-term survival?

Are you serious?
How long do you think you would manage without those authorities?
Taxes pay for police, infrastructure,fire department, garbage disposal and other services.
Without those authorities you would get robbed twice a week and shot once a month and live in a dumpster.
If you don't want any authorities? you are welcome to move to 3rd world country - no taxes there, they will simply take all of your money and shoot you.
Look at bitcoin - no authorities - have you seen how many scams are out there? Sure you will say you get scammed - its your own problem. but i am sure you will change you tune if you will be the one who is scammed. ("it will never happen to me, i am supersmart and can't be scamed" - yeah, right)
Law is a tool to keep a community alive and functional. This tool is sometimes misused. but calling law " tool for that state to make delinquents" just shows that you have no idea how it works and what it actually does.
you are the one who needs a reality check

I have Comcast and couldn't connect.  I use OpenDNS on my computer though and it works fine now.

Less law / authority in a virtual world makes sense because any threats are not physical ones.

But in a not-so-distant transhumanism future, where carbon based life merges with the technology it created, we may think twice about litigation in virtual space as well.

they are not directly physical - but they can cause physical threat
If a hacker takes all of your money out of your bank account and charges your credit card
since banks are regulated they will be held liable for the hack and reverse those transactions
on the other hand if you had all your money in bitcoins and got hacked - you are screwed - you wont be able to pay any bills , buy food etc. this is a physical threat although it is caused by a virtual transaction

Have you been to a third world country? Do you really think there are no authorities there and everyone really gets robbed twice a week and shot all the time? I sincerely hope you were using hyperbole.

There are still laws, people dont steal from each other or they will get jailed
And actually in this case there are still taxes but they are not direct
Instead of the citizens of that country using the oil for their profit and paying some of it as taxes - they give some of the oil itself to the country instead - meaning the tax isn't paid in currency but in oil. So there are taxes unless you claim that the oil belongs to the authorities in the first place - and not to the citizens of the country - which IMHO is wrong.

tl;dr
they are paying taxes with resources since the oil should belong to the citizens and not only to the country/autorities

1) nobody forces you to live in the USA. if you stay in the USA of your own free will - you are signing a contract with the state. dont like it? move
2) So you prefer paying to a mafia rather than to official authorities? fine - its your choice. you still pay...

To red:
i was using it as an example hoping nobody here knows what i am talking about
though there are some 3rd world countries where the government has no real power or in a constant war with its citizens - i wouldnt call that proper authorities, and people do get shot and robbed quite a lot there - unless you pay the local gang

Is that why you don't steal?

Have you noticed that people are still stealing even with the laws?

How about we pay if they actually deliver? That's a pretty damn low bar btw. If I deliver you an unrequested service it doesn't matter how awesome it is, you don't owe.

when you dont like your job you look for another job
when you dont like your country's laws you either find another country or make sure the laws are changed (which is improbable in the USA)

2) correct. but the regular mafia isnt democratic. so in my opinion they are much worse. if you dont thinks so you are welcome to join/pay them instead. if you dont want to pay at all you will have to conquer your own territory and start your own country. good luck with that

me - may be not. look at game and movie piracy - no punishment - lots of people do that, its still stealing.

yes. but if there was no law there would be a lot more robbers/murderers than there are now
you have too much faith in people. A lot of people will scam/rob you if they could get away with it

you do request the service by living in that country. if you dont like it you can ask the country to change it or leave

it is immoral in your opinion - looks like most of the people in your country disagree - assuming its a democracy
you lose the time to change so you wont be sent to jail for doing it
you are welcome to deal with the mafia instead of the police - its your choice. just dont come QQing later if you get screwed by them

This is the crux of the issue. Whether the laws are moral or right is irrelevant. It's a business and if they want continue putting food on the table they need to follow the regulations. 

no. that's why i said earlier that laws are sometimes misused
I never claimed the system is perfect, but it has its uses.
It definitely not this:

I think a lot of changes need to be made - but that doesn't give me the right to ignore the current laws. It gives me the responsibility to make sure the laws are changed.

Well, I'm really glad we spawned such a fascinating conversation about power and politics  ::)

Cypherdoc, you're on Comcast. Comcast's in America the last time I checked. @myself, in case you thought you were still in Karbombistan, you actually do have rights in America. For example, you have the right to remain silent; you have the right to an attorney. You have the right to complain loudly and to lobby your congressman about not being able to use a foreign casino website. But you won't. Because you say you want freedom of speech... but really you're too lazy to do anything other than bitch on a forum. Maybe you should bitch about the fact that you live in a fascist country. You just want convenience. So everybody else in the world should bend over backwards, take risks and break laws so you can do whatever you want, whenever you want to do it. But just wait. When those foreign law-breaking casinos run off with your money? It's "Boohoo I'm being censored" one day, and "Boohoo Mr. Policeman, those criminals took my money" tomorrow. Or else, "Oh no, my government shut down my favorite casino and they won't give me my money back. Guess I'll go back to watching Regis until the next idiots come along who I can gamble with for three months before my government shuts them down." Write a letter to your fuckin Attorney General. Tell him you're a victim of censorship. It's a free country they say, and stamps are cheap.

+1

I think this post gets the best response from a bitcoin company award.

BTW, @OP
if you go directly to Bitcoinica's IP with https://50.56.4.62 -- or any direct IP address that supports https, and proceed through the warning, your connection will still be encrypted even though the certificate ID isn't recognized by the browser. So even though it shows red on the lock, if you click the lock for details you should see that it's just a validity error, but that the encryption is working.

Actually, this is NOT old, as the DNSSEC stuff just got fully implemented by Comcast as of January 10. Mostly, I was curious if Zhoutong had any input as to why his site would get blocked and what he could do to fix it. Instead, we got a massive tangent about politics and freedom. Well, guess what: I changed to Google's DNS servers and I can hit Bitcoinica again, but it still sucks that major ISPs are blocking this stuff.

And as an aside, I wrote to all three of my local representatives about SOPA/PIPA and told them the legislation sucked and I strongly opposed it. They all gave me political BS answers, including two who said something to the effect of, "the PROTECT IP Act (SOPA) has some serious problems; I've helped work on a better act called the OPEN Act that you should appreciate...." Well, I haven't looked into the OPEN Act yet, but I'm betting pretty heavily that by the time it reaches the senate floor, it too will be filled with garbage from the lobbyists of the world.

Actually, I first had this issue with Comcast in mid-December.  I was not the first experience it either.  Comcast operates a huge network, and just because it didn't affect you until recently doesn't mean you know what happened to the rest of us.

The only path back to a free and open internet (we've already lost it in many respects, and the encroachment will continue without some form of government action), is to get back to a model where anyone can buy a pipe of a certain size and resell their bandwidth.  When we were on phone lines, the FCC required that companies allow you to resell bandwidth.  Cable lines fall under different regulations, and as such we have huge monopolies who are unable to address any legitimate technical issues of individual users.

You are welcome.

Well Cambodia is no longer communist, but the song still applies.

"What you need is a holiday in Cambodia, it's tough kid but it's life... Holiday in Cambodia..."

What I wish for is authoritarian forum governance pursuing intellectual elitism. Ignorant asshats should be purged, but instead they come here and get fawned upon.

The OPEN Act (H.R.3782) is interesting, and potentially relevant to bitcoin.  Instead of censoring things, the bill implements financial sanctions for such sites.  Of course, bitcoin breaks this entirely, but hopefully this will at least get them to leave the internet's core protocols alone for a while.

wow so this is why bitcoinica hasnt been loading for me!   :o

just installed openDNS screw comcast!

You don't have to install any software. You can use googles DNS so you just point your router or pc at 4.4.4.4 or 8.8.8.8

I have to think that this is all due to someone like from the thread of the year. Someone who was up a lot of money at bitcoinica and then got liquidated saying how much of a criminal zhou is. They probably wrote to the ISP and compelled them to remove the entry (or worked for Comcast). It would be interesting though if Zhou threatened legal action in retaliation for Comcast essentially removing his site from the internet.

Comcast doesn't block Bitcoinica. Comcast correctly obeys the DNSSEC records advertised by bitcoinica.com. The fault can be blamed either on Zhoutong or his DNS vendor, domaincontrol.com. Or maybe both of them.

Comcast not only cannot be blamed, but they should be praised: they don't resolve misconfigured domain names for their customers. The whole point of DNSSEC is to avoid the possibility of using fake domain name servers.

There is a small possibility that some people can't resolve bitcoinica.com due to the problem in their equipment: some of it crashes/chokes/hangs upon seeing type 43 or type 46 DNS records or IPv6 DNS servers advertised by Bitcoinica.

I posted about this about a week ago:
https://bitcointalk.org/index.php?topic=42267.msg688795#msg688795 .
Since then I tested this on several known working setups and I'm positive that the fault is due to Zhoutong's or his DNS vendor's misconfiguration.

As a temporary workaround you can put:

50.56.4.62 bitcoinica.com

in /etc/hosts or C:\WINOWS\system32\drivers\etc\hosts .

http://upload.wikimedia.org/wikipedia/commons/thumb/0/0f/Goya_-_Caprichos_%2843%29_-_Sleep_of_Reason.jpg/230px-Goya_-_Caprichos_%2843%29_-_Sleep_of_Reason.jpg
http://en.wikipedia.org/wiki/The_Sleep_of_Reason_Produces_Monsters

I apologize for this technical issue. Apparently 3% of global DNS servers couldn't resolve bitcoinica.com properly due to DNSSEC settings.

I have investigated into this issue carefully and found that the problem was with the DNS provider we are using. They stopped signing for DNSSEC after a recent domain transfer out of GoDaddy.

I have fixed the problem now and the domain is being signed again. Comcast users, please verify that you're able to access bitcoinica.com.

Again, sorry for the issues that cause constant troubles. And thumbs up to Comcast, because one of their engineers sent us the detailed problem trace and assisted us in the resolution.

Take a deep breath. A little paranoia around recent events is to be expected so it is helpful to know that and keep it in bounds.

As it turns out the technical explanation is reasonable, DNSSEC is working the way it is supposed to work. Are you ready for IPV6?  :)

It works!

Dunno why the query time is so bad, but it resolves now.

how does openDNS or googleDNS work?

They are public dns servers.  Do you know how DNS works?

http://www.opendns.com/ http://code.google.com/speed/public-dns/

not really which is probably why i can't relate to Namecoin.

DNS or Domain Name Service simply turns a name (bitcoinica.com) into an IP address (50.56.4.62).  This IP address is used to identify the computer you are communicating with, and to help your communications find the best path to that computer.  Normally, you use the DNS server provided by your ISP, but when that server isn't providing you with the information you want, you can use any public DNS server by changing the IP address you send your queries to.

i've entered preferred DNS server numbers into my IPv4 LAN connection settings a zillion times but never really understood what the hell i was doing.  so they don't have to be Cox's but any server i so choose? ;D

Right... you can even write your own DNS server that points every name to bitcoinica's IP if you so choose ;).

well then, Cox better not mess with ME! ;)

FWIW, I've run a local DNS server since my client was OS2 2.0 and my connection was dial up, with a slow connection it did a lot for reducing perceived latency when web browsing.

These days there are a lot of alternatives, but the standard is a program called BIND, which can be had for just about any platform. Linux distributions provide it universally, and it's pretty tolerable to set up on Windows as well. It does things beyond simple caching that the built-in Windows DNS cache does not.

http://www.isc.org/software/bind

The simplest thing to set up with BIND is a caching server with forwarding, the last time I installed it under Windows ( sometime in the 1990s ) this was the default configuration. You do have to add the IP addresses for your forwarding servers ( e.g. your ISP ) and then point your local IP configuration to query the local name server at 127.0.0.1 .

The reason I mention all this is that I had a hard time replicating the problem described here, I'd never seen it. It had been so long since I did my set up I had to consider why.

As it turns out, my DNS forwarders are Comcast and Google. Here's a portion of my named.conf, one of the configuration files for bind ( the program executable is usually "named" or "named.exe" ).

        forward first;
        forwarders {
                75.75.75.75;
                75.75.76.76;
                8.8.8.8;
                8.8.4.4;
        };

Beyond that BIND will identify the authoritative name servers for a given name and query those directly, in this case NS1.XWAYLAB.COM and NS2.XWAYLAB.COM for bitcoinica.com .

So, using BIND can provide robust name resolution from multiple sources, it worked transparently for me with the bitcoinica .com DNSSEC issue present, most likely by using Google to resolve the authoritative servers and then using those to resolve the actual name.

If you do setup your own DNS, its also easy to resolve .bit IP names.

Good stuff. It reminded me that at one time or the other I've configured some of the alternate DNS services that have come and gone over the years this way.

When I first became acquainted with BIND I had to deal with a worldwide private corporate network parts of which were set up by lazy/crazy people who never bothered to RTFM before they started, definitely the bad old days. It made me handier with BIND than I ever wanted to be. Things are so much simpler these days that I'm definitely out of practice  :)