The DNS management of Freenom is not that intuitive and it does not support API to automate dns record changes.
This is where Cloudflare shines. Cloudflare’s DNS management is faster and easier than Freenom and it also has API support to automate DNS management.
Move the DNS name server from freenom to Cloudflare
Create a free account on cloudflare
After logging in to cloudflare it will ask to add the domain. Once the domain is registered it may take some time for cloudflare to detect the domain, if you get an error, please wait for 30 mins and try to add the domain name again.
Add an A record in the next page where cloudflare asks to add a dns record and click Continue.
Once domain is added cloudflare will give 2 nameservers to add to freenom to migrate the dns management. Add these 2 name servers in your freenom account in your domain management under Management Tools >> Nameservers
On cloudflare click Done, Check Nameservers button. It will take 5 mins to 30 mins for the nameservers to update, cloudflare will send an email once the nameserver is active and the domain is added to cloudflare
Once the domain name is activated in cloudflare the dns entries can be added in DNS tab under the domain name in cloudflare
The scammer may call your cell phone service provider and say your phone was lost or damaged. Then they ask the provider to activate a new SIM card connected to your phone number on a new phone they own.
If your mobile service provider believes the story and activates the new SIM card, the scammer will get a sim with your number on it and will get all your text messages, calls, and data on the new phone.
The scammer could open new cellular accounts in your name or buy new phones using your information.
They could also log in to your accounts that use text messages as a form of multi-factor authentication. How? Because they’ll get a text message with the verification code they need to log in.
Armed with your login credentials, the scammer could log in to your bank account and steal your money, or take over your email or social media accounts. And they could change the passwords and lock you out of your accounts.
How can you protect yourself from Sim Swap Scam
Don’t reply to calls, emails, or text messages that request personal information. These could be phishing attempts by scammers looking to get personal information to access your cellular, bank, credit or other accounts. If you get a request for your account or personal information, contact the company using a phone number or website you know is real.
Limit the personal information you share online. If possible, avoid posting your full name, address, or phone number on public sites. An identity thief could find that information and use it to answer the security questions required to verify your identity and login to your accounts.
Set up a PIN or password on your cellular account. This could help protect your account from unauthorized changes. Check your provider’s website for information on how to do this.
Consider using stronger authentication on accounts with sensitive personal or financial information. If you do use Multi-Factor Authentication, keep in mind that text message verification may not stop a SIM card swap. If you’re concerned about SIM card swapping, use an authentication app or a security key.
Consider using Google Authenticator or similar Time-Based OTP app as multifactor authentication instead of SMS wherever possible
What to do if you are a target of a SIM swap scam
Contact your cellular service provider immediately to take back control of your phone number. After you regain access to your phone number, change your account passwords.
Check your credit card, bank, and other financial accounts for unauthorized charges or changes. If you see any, report them to the company or institution.
Let’s Encrypt has recently started supporting wildcard certificates using its new ACME2 protocol. This means that you can have a single wildcard certificate like *.asknetsec.com and use it on all the other sub-domains like blog.askenetsec.com, email.asknetsec.com.
This makes is very easy to manage certificates for different sub-domains. Until now each sub-domain needed its own certificate generated for the specific sub-domain.
Certbot is not available in the default ubuntu repository. Run the below command to add ppa repository.
sudo add-apt-repository ppa:certbot/certbot
This will add the repository from where certbot can be installed
sudo add-apt-repository ppa:certbot/certbot This is the PPA for packages prepared by Debian Let’s Encrypt Team and backported for Ubuntu(s). More info: https://launchpad.net/~certbot/+archive/ubuntu/certbot Press [ENTER] to continue or ctrl-c to cancel adding it
gpg: keyring `/tmp/tmp1hyvak__/secring.gpg’ created gpg: keyring `/tmp/tmp1hyvak__/pubring.gpg’ created gpg: requesting key 75BCA694 from hkp server keyserver.ubuntu.com gpg: /tmp/tmp1hyvak__/trustdb.gpg: trustdb created gpg: key 75BCA694: public key “Launchpad PPA for certbot” imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) OK
sudo apt update
Run below command to install certbot
sudo apt install certbot
Make sure that you are using Certbot version 0.22 or above. Certbot before the version 0.22 does not support wildcard certificate.
Replace *.asknetsec.com with your domain name for example *.yourdomainname.com. Once you run this command it will generate a text DNS value.
The command output will be similar to the one below
debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator manual, Installer None Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to cancel): email@example.com Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
——————————————————————————- Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let’s Encrypt project and the non-profit organization that develops Certbot? We’d like to send you email about EFF and our work to encrypt the web, protect its users and defend digital rights. ——————————————————————————- (Y)es/(N)o: N Starting new HTTPS connection (1): supporters.eff.org Obtaining a new certificate Performing the following challenges: dns-01 challenge for asknetsec.com
——————————————————————————- Please deploy a DNS TXT record under the name _acme-challenge.asknetsec.com with the following value:
Before continuing, verify the record is deployed.
——————————————————————————- Press Enter to Continue
Create a text DNS record for the sub-domain _acme-challenge.yourdomainname.com with the value generated by certbot when the above command is run. In my case the value was AVOwxVcSTfASueHcoOosBFF4sxEFZuso5ip6w63GrMs.
You will have to wait for some time for the new DNS record to propagate over the internet. I waited for 10 minutes and pressed enter.
Press Enter to Continue Waiting for verification… Cleaning up challenges
IMPORTANT NOTES: – Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/asknetsec.com-0001/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/asknetsec.com-0001/privkey.pem Your cert will expire on 2018-06-21. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run “certbot renew” – If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Congratulations!! The wildcard certificate is generated. You can use this wildcard certificate with any sub-domain you create for your domain name.
This command runs DNS query and show the resolved ip address. The dns query to myip.opendns.com. using the resolver1.opendns.com DNS resolver outputs the public IP address from where the DNS query is generated.
Please note the period (.) at the end of the myip.opendns.com., this makes sure that the DNS suffix is not added to the query and query is absolute.