Farewell to Google Domains
Why am I saying farewell to Google Domains of all things?
Well, I used them. I primarily used them because it made setting up domains with Google Workplace a breeze with pretty much no configuration on my side. Just click a few buttons, authenticate, and you were done.
But now Google Domains is being shut down and they've announced that all their assets were being sold off to Squarespace. Not that I have anything against Squarespace, but I don't use them for literally anything and have no plans to ever use them for anything. So dumping all my domains off there was just one of those very "meh" things that I didn't want to happen.
So given the news, I spent the weekend transferring all my domains to Hostinger, where I already had one domain registered (because Google Domains never supported the .tv extension) and where my websites are hosted. No, I didn't go shopping around and I really don't care that I might have saved a few dollars off the first year by transferring somewhere else. Domains are already dirt cheap. Seriously, .com domains are like $9 a year and I couldn't care less about saving a few dollars for an entire year and then have no benefit after that.
Oh the joys of transferring DNS
Hostinger helpfully asks whether you want to use their nameservers or the ones already configured for the domain. I didn't see much point in continuing to point my domains to Google's nameservers, so I said sure, switch them up. Now how that didn't actually work I have no idea. Only half the domains that transferred actually updated the nameservers and I had to go manually switch the rest.
Hostinger also had the pleasure of adding a ton of worthless DNS entries that weren't on my domain before and I did not need to be there. Worse, it didn't actually copy over all the DNS entries that were on my domain. It basically copied the first A record for each domain and all the MX records, nothing else. That means my wildcard A record, a bunch of subdomains for the animuson.net domain, and all the TXT entries for things like DKIM disappeared despite them claiming they would be copied over. And replaced with useless CAA records and a CNAME for the www subdomain (why, seriously, why).
Overall, it was a whatever kind of thing. It doesn't take long to just type the DNS records back in and delete all the crap they added. I just would have preferred not to have to do it.
An unexpected DNSSEC issue
When I first completed the transfer, I didn't know that Google Domains had enabled DNSSEC on several of my domains. Maybe it was enabled on all of them and I just didn't notice. But some of those records got copied into the new DNS config and it caused those domains to basically get cut off from the rest of the world because they could no longer be read with the invalid info. I deleted the records, and the domains started working again.
I still don't understand how to set up DNSSEC at this point. Hostinger's help article on the subject was woefully unclear on what the hell they even support. You can set it up if your domain is registered there but hosted somewhere else? I can't use it if it's registered with you and hosted with you? Do I not need it in that case or something? Because some of the security reports seem to complain regardless if it's not enabled. Unfortunately, this is pretty much the only article that discusses the topic at all. Their hosting panel where DNSSEC stuff can be configured has no instructions or links to documentation, and their DNS editor doesn't allow adding DS records which I've come to understand are needed to properly configure it.
Well, let's just leave that off and skip it for now.
Updating my email security
Part of running the security report I mentioned also revealed that I never bothered to set up MTA-STS or DMARC for my emails. DKIM had been automatically set up and configured when I attached the domains to Google Workspace, so I never really thought about it. Honestly, I hadn't even heard of MTA-STS before today so...
After re-entering all the DKIM information that was helpfully not transferred, I began my day-long journey of learning about these two features, what exactly they did, and more importantly how to configure them because apparently, a straight-forward guide isn't something common on the internet these days. Google Workspace's validation tool only gives you suggested values to enter but does not give any instructions on how to enter them. It took me a while to figure out that as part of MTA-STS, I needed to set up another subdomain with a hidden folder containing a .txt file where this information would be stored. So there was some extra legwork involved with reconfiguring the web server and regenerating security certificates to include the subdomain.
I wasn't expecting to spend my Saturday frustratingly reconfiguring all my domains and playing with my web server, but it's all done now and I'm ready for Google Domains to disappear. Thanks for being a simple place to host my domains all these years.