Latest news of the domain name industry

Recent Posts

Second emergency registry tested with dead dot-brand

Kevin Murphy, April 27, 2017, Domain Registries

ICANN is running its second test of the Emergency Back-End Registry Operator system, designed as a failover for bankrupt gTLDs.

This time, the EBERO under the microscope is CORE Association, one of the three approved providers.

It this week took over operation of .mtpc, a dot-brand gTLD that Mitsubishi applied for, was delegated, never used, and then decided it didn’t want to run any more.

ICANN said:

ICANN is conducting a test of the Emergency Back-End Registry Operator program. Simulating an emergency registry operator transition will provide valuable insight into the effectiveness of procedures for addressing potential gTLD service interruptions. Lessons learned will be used to support ICANN’s efforts to ensure the security, stability and resiliency of the Internet and the Domain Name System.

The first test was conducted by ICANN and EBERO provider Nominet earlier this year, using the similarly unloved dot-brand .doosan.

I expect we’ll see a third test before long, using CNNIC, the third EBERO provider.

It would have plenty of dead dot-brands to choose from.

ICANN tests emergency registry with dead dot-brand

Kevin Murphy, January 27, 2016, Domain Registries

ICANN is running a test of its Emergency Back-End Registry Operator program, using the dead dot-brand gTLD .doosan as its guinea pig.

Doosan Group, a large Korean conglomerate, decided to kill off its gTLD, .doosan, last September. ICANN revealed the news in October.

The dot-brand had never been put to productive use and really only ever had nic.doosan live.

As it’s a dot-brand, it’s protected by the part of the Registry Agreement that prevents it being transferred to another registry operator.

Rather than letting the gTLD slip away into the night, however, ICANN is taking it as an opportunity to test out its EBERO system instead. ICANN says:

Simulating an emergency registry operator transition will provide valuable insight into the effectiveness of procedures for addressing potential gTLD service interruptions. Lessons learned will be used to support ICANN’s efforts to ensure the security, stability and resiliency of the Internet and the Domain Name System.

EBERO is the process that is supposed to kick in when (or if, I guess) a gTLD with a significant number of third-party registrations goes out of business and no other registry wants to take it over.

The EBERO provider takes over the running of the TLD’s critical functions for a few years so it can be wound down in an orderly fashion, giving registrants enough time to migrate to other TLDs.

Nominet, one of the designated EBERO operators, has taken over .doosan for this test, which is only a temporary measure.

Its IANA record was updated today with Nominet named as the technical contact and ICANN as the sponsor and administrator. Its name servers have switched over to Nominet’s.

Right now, www.nic.doosan resolves to ICANN’s EBERO web page. The non-www. version doesn’t seem to do anything.

ICANN said it will provide updates when the test is over.

ICANN security advisor predicts “hundreds” of new gTLDs will “go dark”

Kevin Murphy, December 4, 2015, Domain Registries

A security company led by a member of ICANN’s top security committee reckons that “hundreds” of new gTLDs are set to fail, leading to web sites “going dark”.

Internet Identity, which provides threat data services, made the prediction in a press release this week.

IID’s CTO, quoted in the release, is Rod Rasmussen. He’s a leading member of the Anti-Phishing Working Group, as well as a member of ICANN’s influential Security and Stability Advisory Committee.

He has a dim view of new gTLDs:

Most new gTLDs have failed to take off and many have already been riddled with so many fraudulent and junk registrations that they are being blocked wholesale. This will eventually cause ripple effects on the entire domain registration ecosystem, including consolidation and mass consumer confusion as unprofitable TLDs are dropped by their sponsoring registries.

The press release acknowledges that ICANN has an Emergency Back-End Registry Operator (EBERO) program, which will keep failing gTLDs alive for up to three years after the original registry operator goes out of business.

But it continues:

questions abound as to who would risk an investment in poorly performing TLDs, especially as they start to number in the hundreds. “That’s why eventually some are going to just plain go dark,” added Rasmussen.

The prediction is for “2017 and beyond”. Given the existence of the EBERO, we’re probably looking at 2020 before IID’s claim can be tested.

It’s a bit of a strange prediction to come out of a security company.

The whole point of EBERO is to make sure domain names do not go dark, giving either the registry the chance to sell on the gTLD or the registrants a three-year heads-up that they need to migrate to a different TLD.

It would be a bit like being told that there’s a horrible bit of malware that is set to brick your computer, but that you’ll be fine if you change your anti-virus provider in the next three years.

I could live with that kind of security threat, personally.

But what are the chances of hundreds of live, non-dot-brand going fully post-EBERO dead in the next few years?

I’d say evidence to date shows the risk may be over-stated. It may happen to a small number of TLDs, but to “hundreds”?

We’ve already seen new gTLD registries essentially fail, and they’ve been taken over by others even when they’re by definition not profitable.

Notably, .hiv — which has a contractual agreement with ICANN to not turn a profit — failed and was nevertheless acquired by Uniregistry.

We also see registries including Afilias and Donuts actively searching for failing gTLDs to acquire.

CNNIC hit by “largest ever” denial of service attack

Kevin Murphy, August 26, 2013, Domain Registries

Chinese ccTLD operator CNNIC suffered up to half a day of degraded performance and intermittent accessibility yesterday, after being hit by what it called its “largest ever” denial of service attack.

CNNIC is one of ICANN’s three Emergency Back-End Registry Operators, contracted to take over the running of any new gTLD registries that fail. It’s also the named back-end for seven new gTLD applications.

According to an announcement on its web site, as well as local reports and tips to DI, the first wave of DDoS hit it at about midnight yesterday. A second wave followed up at 4am local time and lasted up to six hours.

According to a tipster, all five of .cn’s name servers were inaccessible in China during the attack.

Local reports (translated) say that many Chinese web sites were also inaccessible to many users, but the full scale of the problem doesn’t seem to be clear yet.

China’s .cn is the fourth-largest ccTLD, with close to 10 million domains under management.

ICANN selects new gTLD backup providers

Neustar, Nominet and CNNIC have been picked to provide backup registry services for new gTLDs that fail.

ICANN has named the three companies as Emergency Back-End Registry Operators for the new gTLD program.

They’ll be responsible for taking over the management of any new gTLD that goes out of business, putting registrants at risk of losing DNS resolution and registry functions.

The idea is that the EBERO(s) would be paid out of funds placed in escrow by gTLD applicants, in order to gracefully wind down any failed TLD over the space of a few years.

In reality, I doubt there’s going to be much call for their services; M&A activity is a more likely outcome for gTLDs that fail to meet their sales expectations.

ICANN highlighted the geographic diversity of the three companies (Nominet is British, Neustar American and CNNIC Chinese) as a stability benefit of its selections.

The three were chosen from 14 respondents to an RFI published last year.

The absence of an EBERO was one of the shortfalls of the new gTLD program highlighted by Verisign in its recent letter warning ICANN about perceived security and stability risks.

While ICANN has acknowledged that the EBEROs are unlikely to be ready to roll before the first new gTLDs start to launch, it has noted that they don’t need to be.

If any new gTLD catastrophically fails during the first few months of launch, it will reflect extremely poorly on the financial and technical evaluations applicants have been undergoing for the last nine months.

  • Page 1 of 2
  • 1
  • 2
  • >