Latest news of the domain name industry

Recent Posts

CIRA replaces CORE as emergency backup registry

Kevin Murphy, August 28, 2019, Domain Registries

ICANN has switched around its line up of emergency registry providers, swapping out CORE Association for CIRA.

The organization last night announced that its three newly contracted Emergency Back-End Registry Operators are Nominet, CNNIC, and CIRA.

EBEROs are failsafe registries that will take over any gTLD that has failed or is on the verge of failing outright, putting its customers domains at risk.

The EBERO is responsible for winding down these gTLDs in an orderly fashion, giving registrants the chance to migrate to a different TLD.

So far, only .wed has entered the program, when the project with the imaginative business model of making it impractical to renew domains went out of business in 2017.

Nominet now caretakes .wed under the EBERO program.

Both Nominet (.uk) and CNNIC (.cn) have been approved EBEROs since 2013, under five-year contracts with ICANN.

CORE was also approved in 2013, but appears to have lost its contract. It’s been replaced by CIRA, the Canadian Internet Registry Association.

“We are honoured to be among this select group of trusted registry operators,” Dave Chiswell, VP of product development for CIRA, said in a statement. He said CIRA only suffered eight hours of downtime when it migrated .ca to a new back-end platform recently.

A key reason for CIRA replacing CORE is very likely geography. When ICANN put out its request for proposals last year, it made a big deal about how it wanted coverage in Europe, Asia and North America — where most gTLD registries are concentrated.

CORE is based in Switzerland. CIRA is obviously based in Canada and CNNIC is Chinese.

Another side-effect of the contract renegotiations is that ICANN is now paying 30% less for the services of the three providers, according to a recent board resolution.

The three providers are contracted for five years.

Whether, and to what extent, they’ll ever actually be triggered to provide EBERO services is open to debate.

Currently, there are six gTLDs in advanced stages of ICANN compliance proceedings, putting them at risk of having their contracts revoked: .whoswho, and five Persian-themed strings.

It’s not inconceivable than one or more of these gTLDs could wind up in EBERO, but ICANN appears to be cutting the registries a lot of slack to resolve their issues.

Five more gTLD deadbeats fingered by ICANN

The company that tried unsuccessfully to get the .islam new gTLD has been slammed by ICANN for failing to pay its dues on five different gTLDs.

Asia Green IT System, based in Turkey, has been considered “past due” on its registry fees since at least January, according to an ICANN breach notice sent yesterday.

The company runs .nowruz (Iranian New Year), .pars (refers to Persia/Iran), .shia (a branch of Islam), .tci (a closed dot-brand) and .همراه (.xn--mgbt3dhd, appears to mean something like “comrade” in Persian).

The only one of these to actually launch is .nowruz. It came to market March last year — bizarrely, it didn’t leave sunrise until a week after Nowruz was over — and has scraped just over 40 registrations. It does not appear to have any active web sites.

With little to no revenue, one can imagine why it might have difficulty paying ICANN’s $25,000 annual per-TLD registry fee, which it will have been paying for almost four years before lapsing.

None of its mandatory “nic.example” sites resolve for me today, though its “whois.nic.example” sites can be reached once you click through an SSL security warning.

The primary registry web site for AGIT, agitsys.com, also does not resolve for me.

ICANN’s breach notice claims that it has been unable to contact anyone at the registry, despite many outreach attempts, since January. It believes it has outdated contact data for the company.

AGIT is perhaps best-known to DI readers for its unsuccessful attempts to apply for .islam and .halal.

ICANN rejected these applications last October after an outcry from governments of Muslim-majority nations and the Organization for Islamic Cooperation.

Given AGIT’s apparent difficulties, perhaps that was a good call.

If the registry doesn’t cough up by June 13, ICANN may start termination proceedings.

It’s the 19th published breach notice ICANN has sent to a gTLD registry. In most cases, even the handful of cases that have escalated to termination, the registry has managed to resolve the issue before losing their contracts.

The only gTLD to actually get terminated to date I believe is .wed, which is currently being wound down by Nominet in its role as Emergency Back-End Registry Operator.

The most-recent registry breach notice, filed against .whoswho in January, is still “under review” by ICANN.

As .wed goes EBERO, did the first new gTLD just fail?

Kevin Murphy, December 11, 2017, Domain Registries

A wedding-themed gTLD with a Bizarro World business model may become the first commercial gTLD to outright fail.

.wed, run by a small US outfit named Atgron, has become the first non-brand gTLD to be placed under ICANN’s emergency control, after it lost its back-end provider.

DI understands that Atgron’s arrangement with its small New Zealand back-end registry services provider CoCCA expired at the end of November and that there was a “controlled” transition to ICANN’s Emergency Back-End Registry Operator program.

The TLD is now being managed by Nominet, one of ICANN’s approved EBERO providers.

It’s the first commercial gTLD to go to EBERO, which is considered a platform of last resort for failing gTLDs.

A couple of unused dot-brands have previously switched to EBERO, but they were single-registrant spaces with no active domains.

.wed, by contrast, had about 40 domains under management at the last count, some apparently belonging to actual third-party registrants.

Under the standard new gTLD Registry Agreement, ICANN can put a TLD in the emergency program if they fail to meet up-time targets in any of five critical registry functions.

In this case, ICANN said that Atgron had failed to provide Whois services as required by contract. The threshold for Whois triggering EBERO is 24 hours downtime over a week.

ICANN said:

Registry operator, Atgron, Inc., which operates gTLD .WED, experienced a Registration Data Directory Services failure, and ICANN designated EBERO provider Nominet as emergency interim registry operator. Nominet has now stepped in and is restoring service for the TLD.

The EBERO program is designed to be activated should a registry operator require assistance to sustain critical registry functions for a period of time. The primary concern of the EBERO program is to protect registrants by ensuring that the five critical registry functions are available. ICANN’s goal is to have the emergency event resolved as soon as possible.

However, the situation looks to me a lot more like a business failure than a technical failure.

Multiple sources with knowledge of the transition tell me that the Whois was turned off deliberately, purely to provide a triggering event for the EBERO failover system, after Atgron’s back-end contract with CoCCA expired.

The logic was that turning off Whois would be far less disruptive for registrants and internet users than losing DNS resolution, DNSSEC, data escrow or EPP.

ICANN was aware of the situation and it all happened in a coordinated fashion. ICANN told DI:

WED’s backend registry operator recently notified ICANN that they would likely cease to provide backend registry services for .WED and provided us with the time and date that this would occur. As such, we were aware of the pending failure worked to minimize impact to registrants and end users during the transition to the Emergency Back-end Registry Operator (EBERO) service provider.

In its first statement, ICANN said that Nominet has only been appointed as the “interim” registry, while Atgron works on its issues.

It’s quite possible that the registry will bounce back and sign a deal with a new back-end provider, or build its own infrastructure.

KSregistry, part of the KeyDrive group, briefly provided services to .wed last week before the EBERO took over, but I gather that no permanent deal has been signed.

One wonders whether it’s worth Atgron’s effort to carry on with the .wed project, which clearly isn’t working out.

The company was founded by an American defense contractor with no previous experience of the domain name industry after she read a newspaper article about the new gTLD program, and has a business model that has so far failed to attract customers.

The key thing keeping registrars and registrants away in droves has been its policy that domains could be registered (for about $50 a year) for a maximum period of two years before a $30,000 renewal fee kicked in.

That wasn’t an attempt to rip anybody off, however, it was an attempt to incentivize registrants to allow their domains to expire and be used by other people, pretty much the antithesis of standard industry practice (and arguably long-term business success).

That’s one among many contractual reasons that only one registrar ever signed up to sell .wed domains.

Atgron’s domains under management peaked at a bit over 300 in March 2016 and were down to 42 in August this year, making it probably the failiest commercial new gTLD from the 2012 round.

In short, .wed isn’t dead, but it certainly appears extremely unwell.

UPDATE: This post was updated December 12 with a statement from ICANN.

Second emergency registry tested with dead dot-brand

Kevin Murphy, April 27, 2017, Domain Registries

ICANN is running its second test of the Emergency Back-End Registry Operator system, designed as a failover for bankrupt gTLDs.

This time, the EBERO under the microscope is CORE Association, one of the three approved providers.

It this week took over operation of .mtpc, a dot-brand gTLD that Mitsubishi applied for, was delegated, never used, and then decided it didn’t want to run any more.

ICANN said:

ICANN is conducting a test of the Emergency Back-End Registry Operator program. Simulating an emergency registry operator transition will provide valuable insight into the effectiveness of procedures for addressing potential gTLD service interruptions. Lessons learned will be used to support ICANN’s efforts to ensure the security, stability and resiliency of the Internet and the Domain Name System.

The first test was conducted by ICANN and EBERO provider Nominet earlier this year, using the similarly unloved dot-brand .doosan.

I expect we’ll see a third test before long, using CNNIC, the third EBERO provider.

It would have plenty of dead dot-brands to choose from.

ICANN tests emergency registry with dead dot-brand

Kevin Murphy, January 27, 2016, Domain Registries

ICANN is running a test of its Emergency Back-End Registry Operator program, using the dead dot-brand gTLD .doosan as its guinea pig.

Doosan Group, a large Korean conglomerate, decided to kill off its gTLD, .doosan, last September. ICANN revealed the news in October.

The dot-brand had never been put to productive use and really only ever had nic.doosan live.

As it’s a dot-brand, it’s protected by the part of the Registry Agreement that prevents it being transferred to another registry operator.

Rather than letting the gTLD slip away into the night, however, ICANN is taking it as an opportunity to test out its EBERO system instead. ICANN says:

Simulating an emergency registry operator transition will provide valuable insight into the effectiveness of procedures for addressing potential gTLD service interruptions. Lessons learned will be used to support ICANN’s efforts to ensure the security, stability and resiliency of the Internet and the Domain Name System.

EBERO is the process that is supposed to kick in when (or if, I guess) a gTLD with a significant number of third-party registrations goes out of business and no other registry wants to take it over.

The EBERO provider takes over the running of the TLD’s critical functions for a few years so it can be wound down in an orderly fashion, giving registrants enough time to migrate to other TLDs.

Nominet, one of the designated EBERO operators, has taken over .doosan for this test, which is only a temporary measure.

Its IANA record was updated today with Nominet named as the technical contact and ICANN as the sponsor and administrator. Its name servers have switched over to Nominet’s.

Right now, www.nic.doosan resolves to ICANN’s EBERO web page. The non-www. version doesn’t seem to do anything.

ICANN said it will provide updates when the test is over.

ICANN security advisor predicts “hundreds” of new gTLDs will “go dark”

Kevin Murphy, December 4, 2015, Domain Registries

A security company led by a member of ICANN’s top security committee reckons that “hundreds” of new gTLDs are set to fail, leading to web sites “going dark”.

Internet Identity, which provides threat data services, made the prediction in a press release this week.

IID’s CTO, quoted in the release, is Rod Rasmussen. He’s a leading member of the Anti-Phishing Working Group, as well as a member of ICANN’s influential Security and Stability Advisory Committee.

He has a dim view of new gTLDs:

Most new gTLDs have failed to take off and many have already been riddled with so many fraudulent and junk registrations that they are being blocked wholesale. This will eventually cause ripple effects on the entire domain registration ecosystem, including consolidation and mass consumer confusion as unprofitable TLDs are dropped by their sponsoring registries.

The press release acknowledges that ICANN has an Emergency Back-End Registry Operator (EBERO) program, which will keep failing gTLDs alive for up to three years after the original registry operator goes out of business.

But it continues:

questions abound as to who would risk an investment in poorly performing TLDs, especially as they start to number in the hundreds. “That’s why eventually some are going to just plain go dark,” added Rasmussen.

The prediction is for “2017 and beyond”. Given the existence of the EBERO, we’re probably looking at 2020 before IID’s claim can be tested.

It’s a bit of a strange prediction to come out of a security company.

The whole point of EBERO is to make sure domain names do not go dark, giving either the registry the chance to sell on the gTLD or the registrants a three-year heads-up that they need to migrate to a different TLD.

It would be a bit like being told that there’s a horrible bit of malware that is set to brick your computer, but that you’ll be fine if you change your anti-virus provider in the next three years.

I could live with that kind of security threat, personally.

But what are the chances of hundreds of live, non-dot-brand going fully post-EBERO dead in the next few years?

I’d say evidence to date shows the risk may be over-stated. It may happen to a small number of TLDs, but to “hundreds”?

We’ve already seen new gTLD registries essentially fail, and they’ve been taken over by others even when they’re by definition not profitable.

Notably, .hiv — which has a contractual agreement with ICANN to not turn a profit — failed and was nevertheless acquired by Uniregistry.

We also see registries including Afilias and Donuts actively searching for failing gTLDs to acquire.

CNNIC hit by “largest ever” denial of service attack

Kevin Murphy, August 26, 2013, Domain Registries

Chinese ccTLD operator CNNIC suffered up to half a day of degraded performance and intermittent accessibility yesterday, after being hit by what it called its “largest ever” denial of service attack.

CNNIC is one of ICANN’s three Emergency Back-End Registry Operators, contracted to take over the running of any new gTLD registries that fail. It’s also the named back-end for seven new gTLD applications.

According to an announcement on its web site, as well as local reports and tips to DI, the first wave of DDoS hit it at about midnight yesterday. A second wave followed up at 4am local time and lasted up to six hours.

According to a tipster, all five of .cn’s name servers were inaccessible in China during the attack.

Local reports (translated) say that many Chinese web sites were also inaccessible to many users, but the full scale of the problem doesn’t seem to be clear yet.

China’s .cn is the fourth-largest ccTLD, with close to 10 million domains under management.

ICANN selects new gTLD backup providers

Neustar, Nominet and CNNIC have been picked to provide backup registry services for new gTLDs that fail.

ICANN has named the three companies as Emergency Back-End Registry Operators for the new gTLD program.

They’ll be responsible for taking over the management of any new gTLD that goes out of business, putting registrants at risk of losing DNS resolution and registry functions.

The idea is that the EBERO(s) would be paid out of funds placed in escrow by gTLD applicants, in order to gracefully wind down any failed TLD over the space of a few years.

In reality, I doubt there’s going to be much call for their services; M&A activity is a more likely outcome for gTLDs that fail to meet their sales expectations.

ICANN highlighted the geographic diversity of the three companies (Nominet is British, Neustar American and CNNIC Chinese) as a stability benefit of its selections.

The three were chosen from 14 respondents to an RFI published last year.

The absence of an EBERO was one of the shortfalls of the new gTLD program highlighted by Verisign in its recent letter warning ICANN about perceived security and stability risks.

While ICANN has acknowledged that the EBEROs are unlikely to be ready to roll before the first new gTLDs start to launch, it has noted that they don’t need to be.

If any new gTLD catastrophically fails during the first few months of launch, it will reflect extremely poorly on the financial and technical evaluations applicants have been undergoing for the last nine months.

New gTLD failure risk bond capped at $300k

Kevin Murphy, December 26, 2011, Domain Policy

New generic top-level domain applicants will have to find between $18,000 and $300,000 per gTLD to cover the risk of their business failing, according to ICANN.

ICANN revealed the figures, which have been calculated from prices quoted by 14 potential emergency back-end registry operators, in a pre-Christmas info-dump on Friday.

The so-called Continued Operations Instrument is designed to cover the cost of paying an EBERO to manage and/or wind down a failed gTLD business over up to three years.

All new gTLD applicants must either secure credit or put cash in escrow to cover the COI, the amount of which depends on how many domains under management they anticipate.

This table shows the size of the COI for various sizes of zone.

Projected Number of DomainsEstimated 3 Year COI (USD)
10,000$18,000
25,000$40,000
50,000$80,000
100,000$140,000
250,000$250,000
>250,000$300,000

This essentially means that any registry that plans to grow its gTLD into a commercially successful volume business needs to find $300,000 to cover the cost of its potential failure.

Only five previously introduced new gTLDs have topped 250,000 domains under management in their first five years: .info (with 8 million today), .biz, .name, .mobi and .tel (which peaked at 305,000).

Smaller gTLDs, comparable to a .cat, .jobs or .travel, will only have to find $40,000 to $80,000. It’s likely that the majority of .brand applicants will only need to secure the minimum $18,000.

While potentially expensive, it’s welcome clarity into new gTLD funding requirements, albeit coming just two weeks before ICANN begins to accept applications.

ICANN also threw a bone to potential applicants from countries with poor access to credit.

The organization previously only contemplated allowing credit from banks with an ‘A’ rating or higher, but it now says it will accept, in its discretion, financial instruments from the highest-rated institution available to the applicant.

ICANN said it may also consider becoming a party to these credit agreements, again in its sole discretion, but that such applicants could lose points when their application is scored as a result.

Half the industry fighting over EBERO contracts

Kevin Murphy, December 15, 2011, Domain Registries

ICANN received a whopping 14 responses to its recent request for emergency back-end registry operators, contracts that could turn lucrative if and when new gTLDs start going out of business.

Following a request for information last month, responses received before the December 5 deadline came from Europe, Asia and North and South America, ICANN’s Karla Valente blogged.

While 14 may not seem like a lot, I’m only aware of 19 companies that are actively marketing new gTLD back-end registry services, so it’s a pretty high response rate.

The EBERO’s job is to make sure domain names continue to work after a new gTLD registry goes out of business. In the worst case scenario, it keeps the names resolving for up to three years, giving registrants the opportunity to migrate to another TLD.

The EBERO may, and I’m speculating here, also have an advantage in talks to take over the failed TLD full-time.

The successful providers will be paid from the Continuing Operations Instrument, a big chunk of cash that all new gTLD applicants are obliged to put aside to pay for their own funeral costs.

The price the successful EBEROs intend to charge is an important consideration when applicants calculate the size of their own COI, but those numbers have not yet been revealed.

The EBERO idea has come in for a bit of criticism due to ICANN’s high technical demands – 25,000 concurrent connections for an essentially stagnant TLD, for example – which some say favors incumbent registry operators such as VeriSign, Afilias and Neustar.

ICANN may wind up selecting more than one EBERO when it makes its decision early next year.

  • Page 1 of 2
  • 1
  • 2
  • >