Latest news of the domain name industry

Recent Posts

Google shifts 400,000 .site domains

Kevin Murphy, August 22, 2017, Domain Registries

Google has given away what is believed to be roughly 400,000 subdomains in Radix’s .site gTLD as part of a small business web site service.

Since its launch a couple of months ago, the Google My Business web site builder offering has been offering small businesses a free one-page site with a free third-level domain under business.site.

Google My Business also offers users the ability to upgrade to a paid-for second-level domain via its Google Domains in-house registrar.

Google the search engine indexes 403,000 business.site pages currently. Because each subdomain is limited to a single page, it is possible that the number of subdomains is not too far behind that number, Radix believes.

This means that business.site is likely almost as large as the .site gTLD itself, which currently has about 450,000 names in its zone file.

Given the rapid growth rate, it seems likely the subdomain will overtake the TLD in a matter of weeks.

According to Radix, business.site was purchased off of its registry reserved premium list. The sale price has not been disclosed.

It’s good publicity for the TLD, and merely the latest endorsement by Google of the new gTLD concept.

As well as being the registry for many new gTLDs, Google parent Alphabet uses a .xyz domain and its registrar uses a .google domain.

Google dumps Nazi domain in hours

Kevin Murphy, August 14, 2017, Domain Registrars

Neo-Nazi blog The Daily Stormer found itself without a registrar for the second time in a day this evening, after Google cancelled its registration.

The company told BBC News:

We are cancelling Daily Stormer’s registration with Google Domains for violating our terms of service.

The cancellation came not many hours after GoDaddy, the controversial site’s original registrar, gave its owners 24 hours to find a new registrar.

That was in response to people on Twitter complaining that the Stormer had published an article attacking a victim of alleged right-wing domestic terrorism, which GoDaddy said broke its terms of service inciting violence.

The current Whois record for dailystormer.com indicates that it is still with Google, but in a clientTransferProhibited status.

That means it should not be possible to transfer the name to a third registrar, unless and until Google changes the status.

The domain still resolves, however, from where I’m sitting.

It might be that the Stormer will now find itself registrar-hopping and/or facing a period of downtime.

Now new gTLDs are being scapegoated for child abuse material (rant)

The guy responsible for getting the string “rape” closely restricted for no reason in .uk domain names is now gunning for ICANN and new gTLDs with a very similar playbook.

Campaigner John Carr, secretary of the little-known Children’s Charities’ Coalition on Internet Safety, wants ICANN to bring in strict controls to prevent convicted pedophiles registering domains in child-oriented domains such as .kids.

He’s written to the UK prime minister, the two other ministers with the relevant brief, the US federal government and the California attorney general to make these demands.

That’s despite the fact that he freely acknowledges that he does not have any evidence of a problem in existing kid-oriented TLDs and that he does not expect there to be a problem with .kids, should it be delegated, in future.

Regardless, ICANN comes in for a bit of a battering in the letter (pdf), with Carr insinuating that it and the domain industry are quite happy to throw child safety under the bus in order to make a quick buck. He writes:

ICANN has definitely not been keeping the internet secure for children. On the contrary ICANN shows complete indifference towards children’s safety. This has led to real dangers that ICANN could have prevented or mitigated.

ICANN, the Registries and the Registrars have an obvious financial interest in increasing the number of domain names being sold. Their interest in maximising or securing their revenues appears sometimes to blind them to a larger obligation to protect the weak and vulnerable e.g. in this instance children.

Despite this worrying premise, Carr admits in an accompanying paper (pdf) that the Russian version of .kids (.дети), which has been live for three years and only has about 1,000 registrations, does not seem to have experienced a deluge of sex offenders.

Nevertheless, he says ICANN should have forced the .дети registry to do criminal background checks on all registrants to make sure they did not have a record of sexual offences.

While at the time of writing we have no information which suggests anything untoward has happened with any Russian .kids websites, and we understand the volume of sales has been low so far, the matter should never have been left open in that way. When ICANN let the contract it could have included clauses which would have made it a contractual obligation to carry out the sort of checks mentioned. The fact that ICANN did not do this illustrates a degree of carelessness about children’s well-being which is tantamount to gross negligence.

Quite how a domain registry would go about running criminal records checks on all of its customers globally, and what the costs and the benefits would be, Carr does not say.

The letter goes on to state incorrectly that Amazon and Google are in contention for .kids.

In fact, Google applied for the singular .kid. While the two strings are in contention due to an adverse String Confusion Objection, there’s also a second applicant for .kids, the DotKids Foundation, which proposes to keep .kids highly restricted and which Carr is either unaware of or deliberately omits from his letter.

Based on his assumption that .kids is a two-horse race between Amazon and Google, he says:

while I am sure both Google and Amazon will choose to do the right thing, whichever one is the eventual winner of the contract, the point is matters of this kind should never have been left as an option

So not only does Carr not have any evidence that extant “.kids” domains are currently being abused years after delegation, he’s also sure that .kids won’t be in future.

But he wants Draconian background checks implemented on all registrants anyway.

His letter coincides with the release of and heavily cites the 2016 annual report (pdf) of the Internet Watch Foundation — the organization that coordinates the takedown of child abuse material in the UK and elsewhere.

That report found that new gTLD domains are being increasingly used to distribute such material, but that Verisign-run TLDs such as .com are still by far the most abused for this purpose.

The number of takedowns against new gTLD domains in 2016 was 272 (226 of which were “dedicated to distributing child sexual abuse content”) the IWF reported, a 258% increase on 2015.

That’s 272 domains too many, but averages out at about a quarter of a domain per new gTLD.

There were 2,416 domains being used to distribute this material in 2016, IWF said. That means new gTLDs accounted for about 11% of the total child abuse domains — higher than the 7.8% market share that new gTLDs command (according to Verisign’s Q4 industry brief).

But the IWF report states that 80% of the total abuse domains are concentrated in just five TLDs — .com, .net, .se, .io, and .cc. Even child abusers are not fans of new gTLDs, it seems.

Despite the fact that two of these domains are operated under ICANN contract, and the fact that .io is operated by a British company representing a British overseas territory, Carr focuses his calls for action instead on new gTLDs exclusively.

And his calls are receiving attention.

A The Times article this week cries “New internet domain is magnet for paedophiles, charities warn”, while tabloid stable sister The Sun reported on “fears predators are exploiting new website addresses to hide indecent material”.

This is how it started with Carr’s campaign to get “rape” domains banned in the UK.

Back in 2013, he wrote a blog post complaining that it was possible to register “rapeher.co.uk” — not that it had been registered, only that it could be registered — and managed to place a couple of stories in the right-leaning press calling for Nominet to do more to prevent the registration of “depraved and disgusting” domains such as the one he thought up.

This led to a government minister calling for an independent policy review, an actual review, and a subsequent policy that sees some poor bastard at Nominet having to pore over every .uk registration containing rapey strings to see if they’re potentially advocating or promoting actual rape.

Implementation of that policy has so far confirmed that Carr’s worries were, as I said in my 2013 rant, baseless.

In 2016, there were 2,407 registrations of domains containing the string “rape”, but just one of them was found to be using it in the context of sexual assault and was suspended, according to Nominet stats.

In 2015, the number of suspensions was the same. One.

The same story is playing out now — a single Don Quixote with a tenuous grasp of the systems he’s criticizing calling for ludicrous policies to prevent a problem that he freely admits does not exist and probably won’t exist in future.

Still, at least he gets to wave some headlines in front of his employers to pretend he’s actually earning his salary.

Donuts sticks with Rightside despite Google support

Kevin Murphy, February 8, 2017, Domain Registries

Donuts has renewed its back-end registry services contract with Rightside, Rightside has announced.

That’s despite indications a few months ago that it might have been preparing for a switch to Google’s new Nomulus platform.

Rightside said yesterday that the deal, which has seen Rightside handle the registry for Donuts’ portfolio of almost 200 gTLDs for the last five years, has been extended.

It’s a “multi-year” deal, but the length of the extension has not been revealed.

Donuts had suggested last October that it might be ready to move to Nomulus instead.

The company revealed then that it had been quietly working with Google for 20 months on the software, which uses Google’s cloud services and is priced based on resource usage.

Then-CEO Paul Stahura said Nomulus “provides Donuts with an alternative back-end with significant benefits.”

Now-CEO Bruce Jaffe said yesterday that “Rightside’s registry platform has the right combination of innovative features, ease-of-operation, scalability, and highly responsive customer support”.

Google could shake up the registry market with new open-source Nomulus platform

Kevin Murphy, October 19, 2016, Domain Registries

Google has muscled in to the registry service provider market with the launch of Nomulus, an open-source TLD back-end platform.

The new offering appears to be tightly integrated with Google’s various cloud services, challenging long-held registry pricing conventions.

There are already indications that at least one of the gTLD market’s biggest players could be considering a move to the service.

Donuts revealed yesterday it has been helping Google with Nomulus since early 2015, suggesting a shift away from long-time back-end partner Rightside could be on the cards.

Nomulus, which is currently in use at Google Registry’s handful of early-stage gTLDs, takes care of most of the core registry functions required by ICANN, Google said.

It’s a shared registration system based on the EPP standard, able to handle all the elements of the domain registration lifecycle.

Donuts contributed code enabling features it uses in its own 200-ish gTLDs, such as pricing tiers, the Early Access Period and Domain Protected Marks List.

Nomulus handles Whois and likely successor protocol RDAP (Registration Data Access Protocol).

For DNS resolution, it comes with a plug-in to make TLDs work on the Google Cloud DNS service. Users will also be able to write code to use alternative DNS providers.

There’s also software to handle daily data escrow to a third-party provider, another ICANN-mandated essential.

But Nomulus lacks critical features such as billing and fully ICANN-compliant reporting, according to documentation.

So will anyone actually use this? And if so, who?

It’s too early to say for sure, but Donuts certainly seems keen. In a blog post, CEO Paul Stahura wrote:

As the world’s largest operator of new TLDs, Donuts must continually explore compelling technologies and ensure our back-end operations are cost-efficient and flexible… Google has a phenomenal record of stability, an almost peerless engineering team, endless computing resources and global scale. These are additional potential benefits for us and others who may contribute to or utilize the system. We have been happy to evaluate and contribute to this open source project over the past 20 months because this platform provides Donuts with an alternative back-end with significant benefits.

In a roundabout way, Donuts is essentially saying that Nomulus could work out cheaper than its current back-end, Rightside.

The biggest change heralded by Nomulus is certainly pricing.

For as long as there has been a competitive market for back-end domain registry services, pricing has been on a per-domain basis.

While pricing and model vary by provider and customer, registry operators typically pay their RSPs a flat fee and a buck or two for each domain they have under management.

Pricing for dot-brands, where DUM typically comes in at under 100 today, is believed to be weighted much more towards the flat-fee service charge element.

But that’s not how Nomulus is to be paid for.

While the software is open source and free, it’s designed to run on Google’s cloud hosting services, where users are billed on the fly according to their usage of resources such as storage and bandwidth consumed.

For example, the Google Cloud Datastore, the company’s database service that Nomulus uses to store registration and Whois records, charges are $0.18 per gigabyte of storage per month.

For a small TLD, such as a dot-brand, one imagines that storage costs could be reduced substantially.

However, Nomulus is not exactly a fire-and-forget solution.

There is no Google registry service with customer support reps and such, at least not yet. Nomulus users are responsible for building and maintaining their registry like they would any other hosted application.

So the potentially lower service costs would have to be balanced against potentially higher staffing costs.

My hunch based on the limited available information is that for a dot-brand or a small niche TLD operating on a skeleton crew that may lack technical expertise, moving to Nomulus could be a false economy.

With this in mind, Google may have just created a whole new market for middleman RSPs — TLD management companies that can offer small TLDs a single point of contact for technical expertise and support but don’t need to build out and own their own expensive infrastructure.

The barrier to entry to the RSP market may have just dropped like a rock, in other words.

And Nomulus may work out more attractive to larger TLD operators such as Donuts, with existing teams of geeks, that can take advantage of Google’s economies of scale.

Don’t expect any huge changes overnight though. Migrating between back-ends is not an easy or cheap feat.

As well as ICANN costs, and data migration and software costs, there’s also the non-trivial matter of shepherding a horde of registrars over to the new platform.

How much impact Nomulus will have on the market remains to be seen, but it has certainly given the industry something to think about.