Latest news of the domain name industry

Recent Posts

Plug-in works around seized domains

Kevin Murphy, April 15, 2011, Domain Tech

Disgruntled coders have come up with a new Firefox plug-in to help people find piracy web sites after their domain names are seized by the authorities.

MAFIAA-Fire hooks into the browser, checking DNS queries against a list supplied by the developers, to see if the name corresponds to a seized domain.

If it does, the browser is redirected to an approved mirror. If it does not, the DNS query is handled as normal through the browser’s regular resolvers.

The plug-in was created in response to the seizure of domain names alleged to be involved in distributing bootleg movies, music and software.

The US Immigration and Customs Enforcement agency has been sending court-ordered take-down notices to US-based registry operators such as VeriSign for the last several months.

Some sites immediately relocate to top-level domains outside of US jurisdiction. MAFIAA-Fire is designed to make the process of finding these new sites easier.

As the plug-in site acknowledges, if any fraudulent data were to make its way onto its manually-authenticated list of domains, it could cause a security problem for end users.

MAFIAA stands for “Music and Film Industry Association of America”, a corruption of RIAA and MPAA. The “Fire” suffix comes from the fact that fire melts ICE.

The plug-in, which was first reported by TorrentFreak, is hosted at a .com address.

Surf any .com with a text message?

Kevin Murphy, April 8, 2011, Domain Tech

A company called DotGo has launched a service it says will enable mobile phone users to access specially built web-based services using SMS text messaging.

This is (borderline) relevant to the domain name industry because DotGo has obtained the phone numbers that spell out DOTCOM, DOTORG, DOTNET, DOTEDU and DOTGOV when typed on handsets.

Using the system, developers use the company’s custom markup language to create a text-based service, for example a news feed, which they dump into their web server’s root directory.

Consumers can then access this service by sending the name of the service’s domain, minus the extension, to the number 368266 (DOTCOM).

So for cnn.com, you’d send the message “cnn” to 368266. CNN would then reply with a list of headlines from its RSS feed, say. You’d then reply with the number of the story you want to read.

Or you could text “weather 94110” to the same number to quiz weather.com about the forecast in San Francisco.

If this sounds overly complicated, there are a few demos you can try in a normal browser that may explain it better.

The DotGo service has been around for about 18 months, but it’s only today that the company has launched its suite of tools for developers.

The service appears to be ad-supported, free to both developers and users at the basic level with subscription-based upgrades available.

It’s all very clever, but will anyone want to use it? I hear there’s a thing called an “iPhone” nowadays that does a pretty good job at bringing the web to mobile users.

The service seems to be only available in the US (though the web site is pretty vague on that count) and no, DOTMOBI isn’t an option.

Domain security arrives in .com

Kevin Murphy, April 1, 2011, Domain Tech

VeriSign announced late yesterday that it has fully implemented DNSSEC in .com, meaning pretty much anyone with a .com domain name can now implement it too.

DNSSEC is a domain-crypto protocol mashup that allows web surfers, say, to trust that when they visit wellsfargo.com they really are looking at the bank’s web site.

It uses validatable cryptographic signatures to prevent cache poisoning attacks such as the Kaminsky Bug, the potential internet-killer that caused panic briefly back in 2008.

With .com now supporting the technology, DNSSEC is now available in over half of the world’s domains, due to the size of the .com zone. But registrants have to decide to use it.

I chatted to Matt Larson, VeriSign’s VP of DNS research, and Sean Leach, VP of technology, this afternoon, and they said that .com’s signing could be the tipping point for adoption.

“I feel based on talking to people that everybody has been waiting for .com,” Larson said. “It could open the floodgates.”

What we’re looking at now is a period of gradual adoption. I expect a handful of major companies will announce they’ve signed their .coms, probably in the second half of the year.

Just like a TLD launch, DNSSEC will probably need a few anchor tenants to raise the profile of the technology. Paypal, for example, said it plans to use the technology at an ICANN workshop in San Francisco last month, but that it will take about six months to test.

“Most people have their most valuable domains in the .com space,” said Leach. “We need some of the big guys to be first movers.”

There’s also the issue of ISPs. Not many support DNSSEC today. The industry has been talking up Comcast’s aggressive deployment vision for over a year now, but few others have announced plans.

And of course application developer support is needed. Judging from comments made by Mozilla representatives in San Francisco, browser makers, for example, are not exactly champing at the bit to natively support the technology.

You can, however, currently download plugins for Firefox that validate DNSSEC claims, such as this one.

According to Leach, many enterprises are currently demanding DNSSEC support when they buy new technology products. This could light a fire under reluctant developers.

But DNSSEC deployment will still be slow going, so registries are doing what they can to make it less of a cost/hassle for users.

Accredited registrars can currently use VeriSign’s cloud-based signing service for free on a trial basis, for example. The service is designed to remove the complexity of managing keys from the equation.

I’m told “several” registrars have signed up, but the only one I’m currently aware of is Go Daddy.

VeriSign and other registries are also offering managed DNSSEC as part of their managed DNS resolution enterprise offerings.

Neither of the VeriSign VPs was prepared to speculate about how many .com domains will be signed a year from now.

I have the option to turn on DNSSEC as part of a Go Daddy hosting package. I probably will, but only in the interests of research. As a domain consumer, I have to say the benefits haven’t really been sold to me yet.

Microsoft spends $7.5 million on IP addresses

Kevin Murphy, March 24, 2011, Domain Tech

It’s official, IP addresses are now more expensive than domain names.

Nortel Networks, the bankrupt networking hardware vendor, has sold 666,624 IPv4 addresses to Microsoft for $7.5 million, according to Delaware bankruptcy court documents (pdf).

That’s $11.25 per address, more than you’d expect to pay for a .com domain name. Remember, there’s no intellectual property or traffic associated with these addresses – they’re just routing numbers.

This, I believe, is the first publicly disclosed sale of an IP address block since ICANN officially announced the depletion of IANA’s free pool of IPv4 blocks last month.

The deal came as part of Nortel’s liquidation under US bankruptcy law, which has been going on since 2009. According to a court filing:

Because of the limited supply of IPv4 addresses, there is currently an opportunity to realize value from marketing the Internet Numbers, which opportunity will diminish over time as IPv6 addresses are more widely adopted.

Nortel contacted 80 companies about the sale a year ago, talked to 14 potential purchasers, and eventually received four bids for the full block and three bids for part of the portfolio.

Microsoft’s bid was the highest.

The Regional Internet Registries, which allocate IP addresses, do not typically view IP as an asset that can be bought and sold. There are processes being developed for assignees to return unused IPv4 to the free pool, for the good of the internet community.

But this kind of “black market” – or “gray market” – for IP addresses has been anticipated for some time. IPv4 is now scarce, there are costs and risks associated with upgrading to IPv6, and the two protocols are expected to co-exist for years or decades to come.

In fact, during ICANN’s press conference announcing the emptying of the IPv4 pool last month, the only question I asked was: “What is the likelihood of an IPv4 black market emerging?”.

In reply, Raul Echeberria, chair of ICANN’s Number Resource Organization, acknowledged the possibility, but played down its importance:

There is of course the possibility of IPv4 addresses being traded outside of the system, but I am very confident it will be a very small amount of IPv4 addresses compared to those transferred within the system. But it is of course a possibility this black market will exist, I’m not sure that it will be an important one. If the internet community moves to IPv6 adoption, the value of the IPv4 addresses will decrease in the future.

I doubt we’ll hear about many of these sales in future, unless they come about due to proceedings such as Nortel’s bankruptcy sale, but I’m also confident they will happen.

The total value of the entire IPv4 address space, if the price Microsoft is willing to pay is a good guide, is approximately $48.3 billion.

IPv4 addresses to run out Thursday

Kevin Murphy, February 1, 2011, Domain Tech

ICANN will announce the final depletion of its pool of IPv4 addresses this Thursday.

The Number Resource Organization will hold a “ceremony and press conference to make a significant announcement and to discuss the global transition to the next generation of Internet addresses”.

The NRO is ICANN’s supporting organization representing Regional Internet Registries, the outfits responsible for handing out IP addresses to network operators.

ICANN, the Internet Society and the Internet Architecture Board will also participate in the event, scheduled for Thursday February 3 at 1430 UTC. It will be webcast here.

Today, APNIC, the Asia-Pacific RIR, said that it has been assigned two /8 blocks of addresses, meaning IANA is down to its Final Five chunks.

Thursday’s ceremony will presumably entail ICANN/IANA officially handing out these last five blocks to the five RIRs, one each, as called for by its allocation policy.

After that, it’s all gone. No more IPv4. The age of IPv6 is upon us.

It is currently estimated that the RIRs will themselves run out of IPv4 in September. After that, if they need IP addresses they’ll receive IPv6.

IPv4 is rapidly becoming a scarce commodity.

Many people, including ICANN chairman Peter Dengate Thrush, have predicted a “gray market” for addresses to appear, with address blocks changing hands for less than the cost of upgrading to IPv6.

The focus on Thursday, however, will be all about the measures network operators need to implement in order to remain viable on an internet increasingly running IPv6 equipment.