Chinese ccTLD operator CNNIC suffered up to half a day of degraded performance and intermittent accessibility yesterday, after being hit by what it called its “largest ever” denial of service attack.
CNNIC is one of ICANN’s three Emergency Back-End Registry Operators, contracted to take over the running of any new gTLD registries that fail. It’s also the named back-end for seven new gTLD applications.
According to an announcement on its web site, as well as local reports and tips to DI, the first wave of DDoS hit it at about midnight yesterday. A second wave followed up at 4am local time and lasted up to six hours.
According to a tipster, all five of .cn’s name servers were inaccessible in China during the attack.
Local reports (translated) say that many Chinese web sites were also inaccessible to many users, but the full scale of the problem doesn’t seem to be clear yet.
China’s .cn is the fourth-largest ccTLD, with close to 10 million domains under management.
Eight new gTLD applications flunked Initial Evaluation this week, according to ICANN’s just-released results.
One of them, the Taipei City Government’s bid for .taipei, has been flagged as “Ineligible for Further Review” — the only application to receive such a status to date — suggesting it is fully dead.
But the full IE report delivered by ICANN says .taipei is actually “Eligible for Extended Evaluation”. It’s not clear right now which of these statuses is the correct one.
Its IE report says “the required documentation of support or non-objection was either not provided or did not meet the criteria” for Taipei’s bid to pass the Geographic Names Review.
While the city government seems to be the applicant, city bids also require national government support, which could be problematic given that the People’s Republic of China regards Taiwan as a province and the United Nations does not officially recognize it as a nation.
Also failing to receive a passing score this week was one of three bidders for the hotly contested gTLD .eco.
Planet Dot Eco failed on both its financial and technical questions, one of the first two applicants to suffer this double whammy. The other was Metaregistrar, which has just found out its app for .frl has failed on both counts.
The clothing retailer Express, noted for its failed Legal Rights Objection against Donuts, also failed its technical evaluation.
Express had a Verisign back-end, while Planet Dot Eco is using ARI Registry Services. Metaregistrar did not specify a third-party back-end provider in its application.
.olayan became the third application from the Saudi conglomerate Olayan Investments to fail because it did not provide its financial statements as required by the Applicant Guidebook.
.place, an application by 1589757 Alberta Ltd (‘DotPlace’) also failed to provide financial statements, as did the dot-brands .shaw, .alcon and .rexroth.
These applications received passing scores this week:
.mail .tech .kpn .play .weatherchannel .crown .aeg .statoil .app .cloud .honeywell .cruises .vig .netaporter .juegos .aramco .lamborghini .soccer .ping .surf .lol .gallo .parts .flowers .gree .webs .netflix .science .school .inc .rio .bbt .mutual .auspost .best .men .symantec .med .doctor .deals .insure .citadel .care .barcelona .racing .feedback .amfam .design .save .nhk .productions .forum .finish .spot .hitachi .web .dish .vistaprint .art .maison .properties .nissay .book .tiffany .haus .skin .hockey .phone .allfinanz .finance .通用电气公司 .手表 .電訊盈科 .珠宝 .ارامكو .hisamitsu .intuit .orientexpress .gecompany .team .church .panasonic .onyourside .ski
With only 141 applications left in evaluation, there’s only one week officially left on the IE timetable, though I expect ICANN will spend some time mopping up the stragglers afterwards.
There are 23 applications eligible for extended evaluation.
The Commonwealth Bank of Australia, which has applied for the new gTLD .cba, has told ICANN that its own systems are to blame for most of the error traffic the string sees at the DNS root.
The company wants ICANN to downgrade its gTLD application to “low risk” from its current delay-laden “uncalculated” status, saying that it can remediate the problem itself.
Since the publication of Interisle Consulting’s name collisions report, CBA said it has discovered that its own systems “make extensive use of ‘.cba’ as a strictly internal domain.”
Leakage is the reason Interisle’s analysis of root error traffic saw so many occurrences of .cba, the bank claims:
As the cause of the name collision is primarily from CBA internal systems and associated certificate use, it is within the CBA realm of control to detect and remediate said systems and internal certificate use.
One has to wonder how CBA can be so confident based merely on an “internal investigation”, apparently without access to the same extensive and highly restricted data set Interisle used.
There are many uses of the string CBA and there can be no guarantees that CBA is the only organization spewing internal DNS queries out onto the internet.
CBA’s comment is however notable for being an example of a bank that is so unconcerned about the potential risks of name collision that it’s happy to let ICANN delegate its dot-brand without additional review.
This will surely help those who are skeptical about Interisle’s report and ICANN’s response to it.
The latest batch of Legal Rights Objection results has seen two proposed new gTLDs — .vip and .now — emerge unscathed from the objections phase of the new gTLD program.
There are six applications for .vip and one of the applicants, I-Registry, had filed LROs against its competitors.
Starbucks (HK), a cable company rather than a coffee chain, had also filed LROs against each of its five rivals for .now.
With yesterday’s decisions, all 10 objections have now been rejected.
In the case of .vip, every applicant wants to run it as a generic term, but I-Registry had obtained a European trademark on its proposed brand.
But Starbucks’ .now was to be a dot-brand reflecting a pre-existing mark unrelated to domain names. WIPO panelists found that trademark did not trump the proposed generic use by other applicants, however.
Both strings will now head to contention resolution, where an auction seems the most likely way to decide the winners.
Almost a quarter of Community Objections against new gTLDs have been terminated without a decision, according to International Chamber of Commerce documentation.
The withdrawals leave the way open for the applied-for gTLDs .insure, .realty, .realestate, .cruises, .careers and .bio to proceed unencumbered by any objections at all.
In total 23 Community Objections, of the original 104 reported by ICANN, have been dropped. Two of the original 23 Limited Public Interest Objections have also been terminated, according to the ICC.
The terminated Community Objections seem to fall into a few categories.
Objections against applications for .autoinsurance, .carinsurance, .health, .mail and .patagonia appear to have been stopped because the applications themselves were withdrawn.
The Independent Objector, Alain Pellet, has withdrawn one Limited Public Interest — .health — and three Community objections — .patagonia, .indians, .hospital.
These seem to have been yanked due to either application withdrawals, matching objections filed by third parties, or by Governmental Advisory Committee advice.
Applications facing one fewer objection — but not zero objections — include those for .insurance, .broker, .hoteis, .hoteles, .health, and .kid.
GAC advice remains a concern for many of the affected applicants, even those that no longer face the uncertainty and expense of the objection process.
Donuts seems to have fared best from the terminations. Its .careers and .cruise bids seem to be the only ones to have emerged uncontested and with no outstanding objections or GAC advice.
The terminations were revealed in an updated list of objections published by the ICC on Monday.
The updated data is now indexed and searchable on the all-new, super-duper DI PRO Application Tracker.