Chinese ccTLD operator CNNIC suffered up to half a day of degraded performance and intermittent accessibility yesterday, after being hit by what it called its “largest ever” denial of service attack.
CNNIC is one of ICANN’s three Emergency Back-End Registry Operators, contracted to take over the running of any new gTLD registries that fail. It’s also the named back-end for seven new gTLD applications.
According to an announcement on its web site, as well as local reports and tips to DI, the first wave of DDoS hit it at about midnight yesterday. A second wave followed up at 4am local time and lasted up to six hours.
According to a tipster, all five of .cn’s name servers were inaccessible in China during the attack.
Local reports (translated) say that many Chinese web sites were also inaccessible to many users, but the full scale of the problem doesn’t seem to be clear yet.
China’s .cn is the fourth-largest ccTLD, with close to 10 million domains under management.
The Chinese government-controlled news agency Xinhua has dropped out of the race for the new gTLD .广东 — the local name of Guangdong, China’s most populous province.
The withdrawal clears a path for the only other applicant for the string, Guangzhou Yu Wei Information Technology, to pass more quickly through the ICANN approval process.
Guangzhou Yu Wei is affiliated with Zodiac Holdings, the Cayman Islands-based portfolio applicant founded by James Seng, but it also has backing from the Guangdong provincial government.
As a formally designated Geographic string, government backing is necessary for approval.
Xinhua had not appeared especially enthusiastic about its bid. Its prioritization number of 1772 means it didn’t bother to participate in ICANN’s lottery last December.
Zodiac, on the other hand, took advantage of the IDN bias in the process and wound up with a priority of 79. It passed Initial Evaluation in early April.
The company filed a Community application, but a Community Priority Evaluation will obviously no longer be required. It intends to restrict .广东 to registrants that can prove a local presence.
Zodiac is using .cn registry CNNIC as its back-end registry provider.
Neustar, Nominet and CNNIC have been picked to provide backup registry services for new gTLDs that fail.
ICANN has named the three companies as Emergency Back-End Registry Operators for the new gTLD program.
They’ll be responsible for taking over the management of any new gTLD that goes out of business, putting registrants at risk of losing DNS resolution and registry functions.
The idea is that the EBERO(s) would be paid out of funds placed in escrow by gTLD applicants, in order to gracefully wind down any failed TLD over the space of a few years.
In reality, I doubt there’s going to be much call for their services; M&A activity is a more likely outcome for gTLDs that fail to meet their sales expectations.
ICANN highlighted the geographic diversity of the three companies (Nominet is British, Neustar American and CNNIC Chinese) as a stability benefit of its selections.
The three were chosen from 14 respondents to an RFI published last year.
The absence of an EBERO was one of the shortfalls of the new gTLD program highlighted by Verisign in its recent letter warning ICANN about perceived security and stability risks.
While ICANN has acknowledged that the EBEROs are unlikely to be ready to roll before the first new gTLDs start to launch, it has noted that they don’t need to be.
If any new gTLD catastrophically fails during the first few months of launch, it will reflect extremely poorly on the financial and technical evaluations applicants have been undergoing for the last nine months.
CNNIC, the .cn registry, is going to open up its .中國 internationalized domain name to Latin-script strings next month, and sunrise kicks off this weekend.
Registered trademark owners will be able to apply for domains matching their marks from Sunday, according to registrars. The deadline to apply is October 11.
A second week-long sunrise, starting October 16, will enable owners of ASCII .cn or .com.cn domains to apply for the same string under .中國.
The .中國 IDN ccTLD means “.china” in Simplified Chinese. Previously only Chinese-script domain names could be registered.
Phishing attacks from .ru domains dropped by almost half in the second quarter, after tighter registration rules were brought in, according to new research.
Attacks from the Russian ccTLD namespace fell to 528, compared to 1,020 during the first quarter, according to Internet Identity’s latest report.
IID attributed the decline to the newly instituted requirement for all registrants to provide identifying documents or have their domains cancelled, which came into effect on April 1.
The report goes on to say:
Following a similar move by the China Internet Network Information Center in December 2009, spam researchers suggested that this tactic only moves the criminals to a new neighborhood on the Internet, but has no real impact on solving the problem.
I wonder whose ccTLD is going to be next.
The IID report also highlights a DNS redirection attack that took place in June in Israel, which I completely missed at the time.
Apparently, major brands including Microsoft and Coca-Cola started displaying pro-Palestine material on their .co.il web sites, for about nine hours, after hackers broke into their registrar accounts at Communigal.