Latest news of the domain name industry

Recent Posts

As .wed goes EBERO, did the first new gTLD just fail?

Kevin Murphy, December 11, 2017, Domain Registries

A wedding-themed gTLD with a Bizarro World business model may become the first commercial gTLD to outright fail.

.wed, run by a small US outfit named Atgron, has become the first non-brand gTLD to be placed under ICANN’s emergency control, after it lost its back-end provider.

DI understands that Atgron’s arrangement with its small New Zealand back-end registry services provider CoCCA expired at the end of November and that there was a “controlled” transition to ICANN’s Emergency Back-End Registry Operator program.

The TLD is now being managed by Nominet, one of ICANN’s approved EBERO providers.

It’s the first commercial gTLD to go to EBERO, which is considered a platform of last resort for failing gTLDs.

A couple of unused dot-brands have previously switched to EBERO, but they were single-registrant spaces with no active domains.

.wed, by contrast, had about 40 domains under management at the last count, some apparently belonging to actual third-party registrants.

Under the standard new gTLD Registry Agreement, ICANN can put a TLD in the emergency program if they fail to meet up-time targets in any of five critical registry functions.

In this case, ICANN said that Atgron had failed to provide Whois services as required by contract. The threshold for Whois triggering EBERO is 24 hours downtime over a week.

ICANN said:

Registry operator, Atgron, Inc., which operates gTLD .WED, experienced a Registration Data Directory Services failure, and ICANN designated EBERO provider Nominet as emergency interim registry operator. Nominet has now stepped in and is restoring service for the TLD.

The EBERO program is designed to be activated should a registry operator require assistance to sustain critical registry functions for a period of time. The primary concern of the EBERO program is to protect registrants by ensuring that the five critical registry functions are available. ICANN’s goal is to have the emergency event resolved as soon as possible.

However, the situation looks to me a lot more like a business failure than a technical failure.

Multiple sources with knowledge of the transition tell me that the Whois was turned off deliberately, purely to provide a triggering event for the EBERO failover system, after Atgron’s back-end contract with CoCCA expired.

The logic was that turning off Whois would be far less disruptive for registrants and internet users than losing DNS resolution, DNSSEC, data escrow or EPP.

ICANN was aware of the situation and it all happened in a coordinated fashion. ICANN told DI:

WED’s backend registry operator recently notified ICANN that they would likely cease to provide backend registry services for .WED and provided us with the time and date that this would occur. As such, we were aware of the pending failure worked to minimize impact to registrants and end users during the transition to the Emergency Back-end Registry Operator (EBERO) service provider.

In its first statement, ICANN said that Nominet has only been appointed as the “interim” registry, while Atgron works on its issues.

It’s quite possible that the registry will bounce back and sign a deal with a new back-end provider, or build its own infrastructure.

KSregistry, part of the KeyDrive group, briefly provided services to .wed last week before the EBERO took over, but I gather that no permanent deal has been signed.

One wonders whether it’s worth Atgron’s effort to carry on with the .wed project, which clearly isn’t working out.

The company was founded by an American defense contractor with no previous experience of the domain name industry after she read a newspaper article about the new gTLD program, and has a business model that has so far failed to attract customers.

The key thing keeping registrars and registrants away in droves has been its policy that domains could be registered (for about $50 a year) for a maximum period of two years before a $30,000 renewal fee kicked in.

That wasn’t an attempt to rip anybody off, however, it was an attempt to incentivize registrants to allow their domains to expire and be used by other people, pretty much the antithesis of standard industry practice (and arguably long-term business success).

That’s one among many contractual reasons that only one registrar ever signed up to sell .wed domains.

Atgron’s domains under management peaked at a bit over 300 in March 2016 and were down to 42 in August this year, making it probably the failiest commercial new gTLD from the 2012 round.

In short, .wed isn’t dead, but it certainly appears extremely unwell.

UPDATE: This post was updated December 12 with a statement from ICANN.

Second emergency registry tested with dead dot-brand

Kevin Murphy, April 27, 2017, Domain Registries

ICANN is running its second test of the Emergency Back-End Registry Operator system, designed as a failover for bankrupt gTLDs.

This time, the EBERO under the microscope is CORE Association, one of the three approved providers.

It this week took over operation of .mtpc, a dot-brand gTLD that Mitsubishi applied for, was delegated, never used, and then decided it didn’t want to run any more.

ICANN said:

ICANN is conducting a test of the Emergency Back-End Registry Operator program. Simulating an emergency registry operator transition will provide valuable insight into the effectiveness of procedures for addressing potential gTLD service interruptions. Lessons learned will be used to support ICANN’s efforts to ensure the security, stability and resiliency of the Internet and the Domain Name System.

The first test was conducted by ICANN and EBERO provider Nominet earlier this year, using the similarly unloved dot-brand .doosan.

I expect we’ll see a third test before long, using CNNIC, the third EBERO provider.

It would have plenty of dead dot-brands to choose from.

ICANN tests emergency registry with dead dot-brand

Kevin Murphy, January 27, 2016, Domain Registries

ICANN is running a test of its Emergency Back-End Registry Operator program, using the dead dot-brand gTLD .doosan as its guinea pig.

Doosan Group, a large Korean conglomerate, decided to kill off its gTLD, .doosan, last September. ICANN revealed the news in October.

The dot-brand had never been put to productive use and really only ever had nic.doosan live.

As it’s a dot-brand, it’s protected by the part of the Registry Agreement that prevents it being transferred to another registry operator.

Rather than letting the gTLD slip away into the night, however, ICANN is taking it as an opportunity to test out its EBERO system instead. ICANN says:

Simulating an emergency registry operator transition will provide valuable insight into the effectiveness of procedures for addressing potential gTLD service interruptions. Lessons learned will be used to support ICANN’s efforts to ensure the security, stability and resiliency of the Internet and the Domain Name System.

EBERO is the process that is supposed to kick in when (or if, I guess) a gTLD with a significant number of third-party registrations goes out of business and no other registry wants to take it over.

The EBERO provider takes over the running of the TLD’s critical functions for a few years so it can be wound down in an orderly fashion, giving registrants enough time to migrate to other TLDs.

Nominet, one of the designated EBERO operators, has taken over .doosan for this test, which is only a temporary measure.

Its IANA record was updated today with Nominet named as the technical contact and ICANN as the sponsor and administrator. Its name servers have switched over to Nominet’s.

Right now, www.nic.doosan resolves to ICANN’s EBERO web page. The non-www. version doesn’t seem to do anything.

ICANN said it will provide updates when the test is over.

ICANN security advisor predicts “hundreds” of new gTLDs will “go dark”

Kevin Murphy, December 4, 2015, Domain Registries

A security company led by a member of ICANN’s top security committee reckons that “hundreds” of new gTLDs are set to fail, leading to web sites “going dark”.

Internet Identity, which provides threat data services, made the prediction in a press release this week.

IID’s CTO, quoted in the release, is Rod Rasmussen. He’s a leading member of the Anti-Phishing Working Group, as well as a member of ICANN’s influential Security and Stability Advisory Committee.

He has a dim view of new gTLDs:

Most new gTLDs have failed to take off and many have already been riddled with so many fraudulent and junk registrations that they are being blocked wholesale. This will eventually cause ripple effects on the entire domain registration ecosystem, including consolidation and mass consumer confusion as unprofitable TLDs are dropped by their sponsoring registries.

The press release acknowledges that ICANN has an Emergency Back-End Registry Operator (EBERO) program, which will keep failing gTLDs alive for up to three years after the original registry operator goes out of business.

But it continues:

questions abound as to who would risk an investment in poorly performing TLDs, especially as they start to number in the hundreds. “That’s why eventually some are going to just plain go dark,” added Rasmussen.

The prediction is for “2017 and beyond”. Given the existence of the EBERO, we’re probably looking at 2020 before IID’s claim can be tested.

It’s a bit of a strange prediction to come out of a security company.

The whole point of EBERO is to make sure domain names do not go dark, giving either the registry the chance to sell on the gTLD or the registrants a three-year heads-up that they need to migrate to a different TLD.

It would be a bit like being told that there’s a horrible bit of malware that is set to brick your computer, but that you’ll be fine if you change your anti-virus provider in the next three years.

I could live with that kind of security threat, personally.

But what are the chances of hundreds of live, non-dot-brand going fully post-EBERO dead in the next few years?

I’d say evidence to date shows the risk may be over-stated. It may happen to a small number of TLDs, but to “hundreds”?

We’ve already seen new gTLD registries essentially fail, and they’ve been taken over by others even when they’re by definition not profitable.

Notably, .hiv — which has a contractual agreement with ICANN to not turn a profit — failed and was nevertheless acquired by Uniregistry.

We also see registries including Afilias and Donuts actively searching for failing gTLDs to acquire.

CNNIC hit by “largest ever” denial of service attack

Kevin Murphy, August 26, 2013, Domain Registries

Chinese ccTLD operator CNNIC suffered up to half a day of degraded performance and intermittent accessibility yesterday, after being hit by what it called its “largest ever” denial of service attack.

CNNIC is one of ICANN’s three Emergency Back-End Registry Operators, contracted to take over the running of any new gTLD registries that fail. It’s also the named back-end for seven new gTLD applications.

According to an announcement on its web site, as well as local reports and tips to DI, the first wave of DDoS hit it at about midnight yesterday. A second wave followed up at 4am local time and lasted up to six hours.

According to a tipster, all five of .cn’s name servers were inaccessible in China during the attack.

Local reports (translated) say that many Chinese web sites were also inaccessible to many users, but the full scale of the problem doesn’t seem to be clear yet.

China’s .cn is the fourth-largest ccTLD, with close to 10 million domains under management.

  • Page 1 of 2
  • 1
  • 2
  • >