Endurance International, the domain name registrar that owns some of the world’s biggest web hosting brands, has been hit by a “network firmware” bug that took out one of its data centers.
It’s not currently clear how many many of the 10 million+ domains that EIG hosts were affected, but the outage seems to have lasted at least 17 hours and is only just being resolved right now.
Customers of EIG brands BlueHost and HostGator are among those known to be affected. HostGator alone hosts over 9 million domains, according to Wikipedia.
The outage, affecting a Provo, Utah data center, seems to have begun at 11am local time (7pm UTC) yesterday.
On the BlueHost Facebook page, the company wrote at about 8am UTC today:
Our NetOps team addressed the source of the problems affecting some customers: a bug in the firmware utilized in our vendor’s hardware. We worked very closely with this vendor and we have implemented a bug fix that is beginning to propagate across the network now. You may find some performance inconsistencies during this rollout, but they should resolve fairly quickly.
In more recent updates on Twitter and Facebook and forums, the companies said that some customers may still be affected by the bug, but that they’re quickly coming back online.
Endurance owns dozens of domains and hosting brands. In the registrar space, its best known and largest are probably FastDomain, Domain.com, Dotster and, following the recent acquisition, Directi.
Today’s downtime is the third significant outage in the last 12 months.
“Tens of thousands” of web sites are going dark due to ICANN’s new email verification requirements and registrars are demanding to know how this sacrifice is helping solve crimes.
These claims and demands were made in meetings between registrars and ICANN’s board and management at the ICANN 49 meeting in Singapore last week.
Go Daddy director of policy planning James Bladel and Tucows CEO Elliot Noss questioned the benefit of the 2013 Registrar Accreditation Agreement during a Tuesday session.
The 2013 RAA requires registrars to verify that registrants’ email addresses are accurate. If registrants do not respond to verification emails within 15 days, their domains are turned off.
There have been many news stories and blog posts recounting how legitimate webmasters found their sites gone dark due to an overlooked verification email.
Just looking at my Twitter stream for an “icann” search, I see several complaints about the process every week, made by registrants whose web sites and email accounts have disappeared.
Noss told the ICANN board that the requirement has created a “demonstrable burden” for registrants.
“If you cared to hear operationally you would hear about tens and hundreds of thousands of terrible stories that are happening to legitimate businesses and individuals,” he said.
Noss told DI today that Tucows is currently compiling some statistics to illustrate the scale of the problem, but it’s not yet clear what the company plans to do with the data.
At the Singapore meeting, he asked ICANN to go to the law enforcement agencies that demanded Whois verification in the first place to ask for data showing that the new rules are also doing some good.
“What crime has been forestalled?” he said. “What issues around fraud? We heard about pedophilia regularly from law enforcement. What has any of this done to create benefits in that direction?”
Registrars have a renewed concern about this now because there are moves afoot in other fora, such as the group working on new rules for privacy and proxy services, for even greater Whois verification.
Bladel pointed to an exchange at the ICANN meeting in Durban last July, during which ICANN CEO Fadi Chehade suggested that ICANN would not entertain requests for more Whois verification until law enforcement had demonstrated that the 2013 RAA requirements had had benefits.
The exact Chehade line, from the Durban public forum transcript, was:
law enforcement, before they ask for more, we put them on notice that they need to tell us what was the impact of what we did for them already, which had costs on the implementers.
Quoted back to himself, in Singapore Chehade told Bladel: “It will be done by London.”
Speaking at greater length, director Mike Silber said:
What I cannot do is force law enforcement to give us anything. But I think what we can do is press the point home with law enforcement that if they want more, and if they want greater compliance and if they want greater collaborations, it would be very useful to show the people going through the exercise what benefits law enforcement are receiving from it.
So will law enforcement agencies be able to come up with any hard data by London, just a few months from now?
It seems unlikely to me. The 2013 RAA requirements only came into force in January, so the impact on the overall cleanliness of the various Whois databases is likely to be slim so far.
I also wonder whether law enforcement agencies track the accuracy of Whois in any meaningfully quantitative way. Anecdotes and color may not cut the mustard.
But it does seem likely that the registrars are going to have data to back up their side of the argument — customer service logs, verification email response rates and so forth — by London.
They want the 2013 RAA Whois verification rules rethought and removed from the contract and the ICANN board so far seems fairly responsive to their concerns.
Law enforcement may be about to find itself on the back foot in this long-running debate.
Some of the largest domain name registrars are failing to support new gTLDs properly, leading to would-be registrants being told unregistered names are unavailable.
The .menu gTLD went into general availability yesterday, gathering some 1,649 registrations in its first half day.
It’s not a great start for the new gTLD by any stretch, but how much of it has to do with the channel?
I tested out searches for available names at some of the biggest registrars and got widely different results, apparently because they don’t all properly support tiered pricing.
Market leader Go Daddy even refuses to sell available names.
The .menu gTLD is being operated by a What Box? subsidiary, the inappropriately named Wedding TLD2.
The company has selected at least three pricing tiers as far as I can tell — $25 is the baseline registry fee, but many unreserved “premium” names are priced by the registry at $50 and $65 a year.
For my test, I used noodleshop.menu, which seems to carry the $65 fee. Whois records show it as unregistered and it’s not showing up in today’s .menu zone file. It’s available.
This pricing seems to be accurately reflected at registrars including Name.com and 101domain.
Name.com, for example, says that the name is available and offers to sell it to me for $81.25.
Likewise, 101domain reports its availability and a price of $97.49. There’s even a little medal icon next to the name to illustrate the fact that it’s at a premium price.
So far so good. However, other registrars fare less well.
Go Daddy and Register.com, which are both accredited .menu registrars, don’t seem to recognize the higher-tier names at all.
Go Daddy reports the name is unavailable.
And so does Register.com.
For every .menu name that carried a premium price at Name.com, Go Daddy was reporting it as unavailable.
With Go Daddy owning almost half of the new gTLD market, you can see why its failure to recognize a significant portion of a new gTLD’s available nice-looking names might impact day-one volumes.
The experience at 1&1, which has pumped millions into marketing new gTLD pre-registrations, was also weird.
At 1&1, I was offered noodleshop.menu at the sale price of $29.99 for the first year and $49.99 thereafter, which for some reason I was told was a $240 saving.
Both the sale price and the regular price appear to be below the wholesale cost. Either 1&1 is committed to take a $15 loss on each top-tier .menu name forever, or it’s pricing its names incorrectly.
A reader informed me this morning that when he tried to buy a .menu premium at 1&1 today he was presented with a message saying he would be contacted within 24 hours about the name.
He said his credit card was billed for the $29.99, but the name (Whois records seem to confirm) remains unregistered.
I’d test this out myself but frankly I don’t want to risk my money. When I tried to register the same name as the reader on 1&1 today I was told it was still available.
If I were a new gTLD registry I’d be very worried about this state of affairs. Without registrars, there’s no sales, but some registrars appear to be unprepared, at least in the case of .menu.
The French registrar OVH has been told by ICANN that it can opt out of a requirement to retain its customers’ contact data for two years after their domain names expire.
The move potentially means many more registrars based in the European Union will be able to sign the 2013 Registrar Accreditation Agreement and start selling new gTLD domains without breaking the law.
ICANN said last night:
ICANN agrees that, following Registrar’s execution of the 2013 RAA, for purposes of assessing Registrar’s compliance with the data retention requirement of Paragraph 1.1 of the Data Retention Specification in the 2013 RAA, the period of “two additional years” in Paragraph 1.1 of the Data Retention Specification will be deemed modified to “one additional year.”
It’s a minor change, maybe, and many EU-based registrars have been signing the 2013 RAA regardless, but many others have resisted the new contract in fear of breaking local laws.
Now that OVH has had its waiver granted, it’s looking promising that ICANN will also start to allow other EU registrars that have requested waivers to opt-out also.
ICANN has been criticized for dragging its feet on this issue, and I gather the OVH is still the only registrar to have been given the ability to opt out.
Domain name registrar Name.com carried out what can only be described as a completely abysmal charity fund-raising drive during this week’s South by Southwest conference, and disadvantaged kids need your help as a result.
During the conference, Name.com got one of its more photogenic customer support guys to go around the streets of Austin, Texas, asking random passers-by to high-five him.
The high-fives were recorded on a great big electronic device the guy carried on his back. For every high-five he got, Name.com promised to donate a nickel ($0.05) to charity.
The Austin’s Children’s Center provides services for child victims of abuse in Austin, Texas.
But if you watch all of the Name.com videos linked to above, you’ll learn rather more about Name.com than you will about the charity it’s supposedly raising money for.
And all this effort raised a pathetic $500.
There are people reading this post who have regularly spent more than that on dinner.
During the final video, a representative of the charity, the Austin’s Children’s Center, says “We have to raise 65% of our annual budget, and this year it’s $7 million.”
So Name.com raised a whopping 0.007% of its chosen charity’s annual funding needs, while putting rather a lot of effort into attempting to raise its own corporate profile.
I gather that the highfive-counting electronic gizmo that the CSR carried around on his back in the videos costs around $1,200 to buy, meaning that the stunt actually ran at a loss.
Name.com could have donated an extra $1,200 to this charity if it had not run the stunt at all.
That’s assuming, of course, that it didn’t pay the guy carrying the camera, or the guy who did the editing, or the guy who wrote the blog post, or the guy who sent me the press release today…
This kind of crap makes me sick.
I donated $25 to the Center today in protest at Name.com’s bullshit.
If you want to donate in protest too, which I strongly encourage you to do, do it here.
Not many people have donated yet. This charity really does need your help.
If you’re not convinced yet, watch this video and then donate if you find it funny.