Latest news of the domain name industry

Recent Posts

ICANN faces critical choice as security experts warn against key rollover

Kevin Murphy, August 23, 2018, Domain Tech

Members of ICANN’s top security body have advised the organization to further delay plans to change the domain name system’s top cryptographic key.

Five dissenting members of the influential, 22-member Security and Stability Advisory Committee said they believe “the risks of rolling in accordance with the current schedule are larger than the risks of postponing”.

Their comments relate to the so-called KSK rollover, which would see ICANN for the first time ever change the key-signing key that acts as the trust anchor for all DNSSEC queries on the internet.

ICANN is fairly certain rolling the key will cause DNS resolution problems for some — possibly as much as 0.05% of the internet or a couple million people — but it currently lacks the data to be absolutely certain of the scale of the impact.

What it does know — explained fairly succinctly in this newly published guide (pdf) — is that within 48 hours of the roll, a certain small percentage of internet users will start to see DNS resolution fail.

But there’s a prevailing school of thought that believes the longer the rollover is postponed, the bigger that number of affected users will become.

The rollover is currently penciled in for October 11, but the ultimate decision on whether to go ahead rests with the ICANN board of directors.

David Conrad, the organization’s CTO, told us last week that his office has already decided to recommend that the roll should proceed as planned. At the time, he noted that SSAC was a few days late in delivering its own verdict.

Now, after some apparently divisive discussions, that verdict is in (pdf).

SSAC’s majority consensus is that it “has not identified any reason within the SSAC’s scope why the rollover should not proceed as currently planned.”

That’s in line with what Conrad, and the Root Server System Advisory Committee have said. But SSAC noted:

The assessment of risk in this particular area has some uncertainty and therefore includes a component of subjective judgement. Individuals (including some members of the SSAC) have different assessments of the overall balance of risk of the resumption of this plan.

It added that it’s up to the ICANN board (comprised largely of non-security people) to make the final call on what the acceptable level of risk is.

The minority, dissenting opinion gets into slightly more detail:

The decision to proceed with the keyroll is a complex tradeoff of technical and non-technical risks. While there is risk in proceeding with the currently planned roll, we understand that there is also risk in further delay, including loss of confidence in DNSSEC operational planning, potential for more at-risk users as more DNSSEC validation is deployed, etc.

While evaluating these risks, the consensus within the SSAC is that proceeding is preferable to delay. We personally evaluate the tradeoffs differently, and we believe that the risks of rolling in accordance with the current schedule are larger than the risks of postponing and focusing heavily on additional research and outreach, and in particular leveraging newly developed techniques that provide better signal and fidelity into potentially impacted parties.

We would like to reiterate that we understand our colleagues’ position, but evaluate the risks and associated mitigation prospects differently. We believe that the ultimate decision lies with the ICANN Board, and do not envy them with this decision.

SSAC members are no slouches when it comes to security expertise, and the dissenting members are no exception. They are:

  • Lyman Chapin, co-owner of Interisle Consulting, a regular ICANN contractor perhaps best-known to DI readers for carrying out a study into new gTLD name collisions five years ago.
  • Kimberly “kc claffy” Claffy, head of the Center for Applied Internet Data Analysis at the University of California in San Diego. CAIDA does nothing but map and measure the internet.
  • Jay Daley, a registry executive with a technical background whose career includes senior stints at .uk and .nz. He’s currently keeping the CEO’s chair warm at .org manager Public Interest Registry.
  • Warren Kumari, a senior network security engineer at Google, which is probably the largest early adopter of DNSSEC on the resolution side.
  • Danny McPherson, Verisign’s chief security officer. As well as .com, Verisign runs the two of the 13 root servers, including the master A-root. It’s running the boxes that sit at the top of the DNSSEC hierarchy.

It may be the first time SSAC has failed to reach a full-consensus opinion on a security matter. If it has ever published a dissenting opinion before, I certainly cannot recall it.

The big decision about whether to proceed or delay is expected to be made by the ICANN board during its retreat in Brussels, a three-day meeting that starts September 14.

Given that ICANN’s primary mission is “to ensure the stable and secure operation of the Internet’s unique identifier systems”, it could turn out to be one of ICANN’s biggest decisions to date.

New gTLDs rebound in Q2

Kevin Murphy, August 21, 2018, Domain Registries

New gTLD registration volumes reversed a long trend of decline in the second quarter, according to Verisign’s latest Domain Name Industry Brief.

The DNIB (pdf), published late last week, shows new gTLD domains up by 1.6 million sequentially to 21.8 million at the end of June, a 7.8% increase.

That’s the first time Verisign’s numbers have shown quarterly growth for new gTLDs since December 2016, five quarters of shrinkage ago.

Domains (millions)
Q3 201623.4
Q4 201625.6
Q1 201725.4
Q2 201724.3
Q3 201721.1
Q4 201720.6
Q1 201820.1
Q2 201821.8

The best-performing new gTLD across Q2 was .top according to my zone file records, adding about 600,000 names.

.top plays almost exclusively into the sub-$1 Chinese market and is regularly singled out as a spam-friendly zone. SpamHaus currently ranks it as almost 45% “bad”.

Overall, the domain universe saw growth of six million names, or 1.8%, finishing the quarter at 339.8 million names, according to Verisign.

Verisign’s own .com ended Q2 with 135.6 million domains, up from 133.9 million at the end of March.

That’s a sequential increase of 1.7 millions, only 100,000 more than the total net increase from the new gTLD industry.

.net is still suffering, however, flat in the period with 14.1 million names.

ccTLDs saw an increase of 3.5 million names, up 2.4%, to end June at 149.7 million, the DNIB states.

But that’s mainly as a result of free TLD .tk, which never deletes names. Stripping its growth out (Verisign and partner ZookNic evidently have access to .tk data now) total ccTLD growth would only have been 1.9 million names.

Have your say on single-character .com domains

ICANN wants your opinion on its plan to allow Verisign to auction off o.com, with a potential impact on the future release of other single-character .com domain names.

The organization has published a proposed amendment to the .com registry contract and opened it for public comment.

The changes would enable Verisign to sell o.com, while keeping all other currently unallocated single-character names on its reserved list.

The company would not be able to benefit financially from the auction beyond its standard $7.85 reg fee — all funds would be held by an independent third-party entity and distributed to undisclosed non-profit causes.

The arrangement would also see the buyer pay a premium renewal fee of 5% of the initial outlay, doubling the purchase price over the course of 25 years.

They would not be able to resell the domain without selling the registrant company itself.

It’s a pretty convoluted system being proposed, given that there may well end up only being one bidder.

Overstock.com, the online retailer, has been pressuring ICANN and Verisign to release o.com for well over a decade, and the proposed auction seems to be a way to finally shut it up.

The company has a US trademark on O.com, so any other bidder for the name would probably be buying themselves a lawsuit.

The proposed auction system does not address trademark issues — there’s no sunrise period of trademark claims period.

One party already known to be upset about lack of rights protection is First Place Internet, a search engine company that has a US trademark on the number 1.

It told ICANN (pdf) back in January that the o.com deal would “set a dangerous precedent” for future single-character name releases.

The ICANN public comment period, which comes after ICANN received the all-clear from US competition regulators, closes June 20.

As a matter of disclosure, several years ago I briefly acted as a consultant to a third party in support of the Verisign and Overstock positions, but I have no current interest in the situation one way or the other.

.com adds 5.5 million names, renewals back over 70%

Kevin Murphy, April 30, 2018, Domain Registries

Verisign reported first-quarter financial results that reflected a healthier .com namespace following the spike caused by Chinese speculation in 2016.

The company Friday reported that .com was up to 133.9 million domains at the end of March, an increase of 5.5 million over the year.

The strong showing was tempered slightly by a further decline in .net, where domains were down from 15.2 million to 14.4 million.

Over the quarter, there was a net increase of 1.9 million names across both TLDs and the renewal rate was an estimated 74.9%, a pretty damn good showing.

Actual renewals for Q4, measurable only after Verisign announced its earnings, were confirmed at 72.5%, compared to a worryingly low 67.6% in Q4 2016.

In a call with analysts, CEO James Bidzos confirmed that the turnaround was due to the surge in Chinese domainer speculation that drove numbers in 2016 finally working its way out of the system.

In Q1, the cash-printing company saw net income of $134 million, compared to $116 million a year earlier, on revenue up 3.7% at $299 million.

Bidzos told analysts that it’s “possible” that the company may get to launch .web in 2018, but said Verisign has not baked any impact from the contested gTLD into its forecasts.

Industry report show slightly stronger growth than Verisign’s

The latest domain name industry growth figures from CENTR show slightly better performance than a recent report from Verisign covering the same period.

CENTR says in its latest DomainWire Global TLD Report there were 331.1 million registered domains at the end of 2017, whereas Verisign, in its Domain Name Industry Brief last month, put that at 332.4 million domains.

But CENTR’s figures show growth of 1.2% compared to the end of 2016, a figure Verisign put at 0.9%.

The CENTR report shows growth in ccTLDs offset by a 0.4% decline in gTLD registrations. The drag factors for gTLDs were largely .net, .xyz and .top.

CENTR and Verisign use mostly the same sources for their data — published zone files for gTLDs and cooperative ccTLDs, and independent researcher Zooknic to plug the gaps — but they vary in how they calculate their growth numbers.

For example, Verisign said .com ended the year with 131.9 million names, but CENTR puts that number at 130.4 million. It looks to me like Verisign counts registered domains that do not appear in the .com zone file to get to its total.

In addition, CENTR excludes dot-brand gTLDs, gTLDs with fewer than 500 domains, and ccTLDs that do not provide reliable quarter-to-quarter data from its calculations.

The CENTR report can be downloaded here.

Domain universe grows almost 1% in 2017 despite new gTLD slump

Kevin Murphy, February 16, 2018, Domain Registries

The total number of registered domain names in all TLDs was up 0.9% in 2017, despite a third-quarter dip, according to the latest data compiled by Verisign.

The latest Domain Name Industry Brief, published yesterday, shows that there were 332.4 million domains registered at the end of the year.

That’s up by 1.7 million names (0.5%) on the third quarter and up 3.1 million names (0.9%) on 2016.

Growth is growth, but when you consider that 2015-2016 growth was 6.8%, under 1% appears feeble.

The drag factors in 2017 were of course the 2012-round new gTLDs and Verisign’s own .net, offset by increases in .com and ccTLDs.

New gTLD domains were 20.6 million at the end of the year, down by about 500,000 compared to the third quarter and five million names compared to 2016.

As a percentage of overall registrations, new gTLDs dropped from 7.8% at the end of 2016 to 6.2%.

The top 10 new gTLDs now account for under 50% of new gTLD regs for the first time.

The numbers were primarily affected by big declines in high-volume spaces such as .xyz, which caused the domain universe to actually shrink in Q3.

Verisign’s own .com fared better, as usual, with .net suffering a decline.

The year ended with 131.9 million .com names, up by five million names on the year, exactly offsetting the shrinkage in new gTLDs.

But .net ended up with 14.5 million names, a 800,000 drop on 2016.

In the ccTLD world, total regs were up 1.4 million (1%) quarterly and 3.4 million (2.4%) annually.

Excluding wild-card ccTLD .tk, which never deletes domains and for which data for 2017 was not available to Verisign, the growth was a more modest 0.7 million (0.5%) quarterly and 2.3 million (1.8%) annually.

The DNIB report for Q4 2017 can be downloaded here (pdf).

Donuts releases free TLD-neutral name-spinner

Kevin Murphy, January 24, 2018, Domain Services

Donuts has announced the release of a free name-spinner tool for registrars and resellers.

Relevant Name Search, found at rns.domains, isn’t a destination site in itself, but will be free for registrars to integrate into their storefronts.

The company said it’s been in beta testing with eNom, Dreamhost, Dynadot and Name.com, with eNom using it for over a year.

The service recalls something similar released by Verisign.

However, unlike the Verisign NameStudio tool, Donuts said RNS is “registry-neutral”, meaning it’s not designed to plug its own portfolio of TLDs over those from other registries.

I subjected the service to a quick, non-scientific test today and found the results much more semantically relevant than the Verisign tool, which only returns .com, .net and .cc results.

When I used NameStudio in November to search for “vodka”, my best offering was dogvodka.com. With RNS, I was offered the likes of vodka.bar, vodka.rocks, vodka.party, vodka.social and vodka.trade (all of which appear to carry premium pricing).

While Verisign offered me funattorney.com on a search for “attorney”, Donuts offered up attorney.lawyer, attorney.lgbt and attorney.blog.

RNS does not ignore legacy gTLDs, however. Doing a search for something a little more niche will bring up .com and .net domains, appropriately (in my view) ranked.

Search for “birmingham taxi” and you’ll get three relevant .limo domains (yeah, .limo exists, apparently) before birminghamtaxi.net.

Similarly, if you want to open up a pizza place in Cardiff, search for “cardiff pizza” and you’ll get offered cardiff.pizza, cardiffpizza.menu, cardiffpizza.restaurant, cardiffpizza.cafe and cardiffpizza.delivery before you get to cardiffpizza.com.

Many domain investors would say that the .com is unarguably the superior domain (it’s also unregistered and non-premium), but even those people would have to admit that the five more prominent suggestions have more semantic relevance.

Donuts said that RNS is configurable to take into account TLD-specific promotions, geography and marketing campaigns, and that it can be integrated with a single API call.

.web closer to reality as antitrust probe ends

Kevin Murphy, January 10, 2018, Domain Registries

Verisign has been given the all-clear by the US government to go ahead and run the new gTLD .web, despite competition concerns.

The Department of Justice told the company yesterday that the antitrust investigation it launched almost exactly a year ago is now “closed”.

Verisign’s secret proxy in the 2016 auction, the original .web applicant Nu Dot Co, now plans to try to execute its Registry Agreement with ICANN.

That contract would then be assigned to Verisign through the normal ICANN process.

The .com registry operator today filed this statement with the US Securities and Exchange Commission:

As the Company previously disclosed, on January 18, 2017, the Company received a Civil Investigative Demand from the Antitrust Division of the United States Department of Justice (“DOJ”) requesting certain material related to the Company becoming the registry operator for the .web gTLD. On January 9, 2018, the DOJ notified the Company that this investigation was closed. Verisign previously announced on August 1, 2016, that it had provided funds for Nu Dot Co’s successful bid for the .web gTLD and the Company anticipates that Nu Dot Co will now seek to execute the .web Registry Agreement with ICANN and thereafter assign it to Verisign upon consent from ICANN.

This basically means that Justice disagrees with anyone who thinks Verisign plans to operate .web in a way that just props up its .com market dominance, such as by burying it without a trace.

People clamoring to register .web domains may still have some time to wait, however.

Rival applicant Donuts, via subsidiary Ruby Glen, still has a pending lawsuit against ICANN in California.

Donuts had originally sued to prevent the .web auction going ahead in mid-2016, trying to force Nu Dot Co to reveal who was really pulling its strings.

After the auction, in which Verisign committed to pay ICANN a record-setting $125 million, Donuts sued to have the result overturned.

But in November 2016, a judge ruled that the no-suing covenant that all new gTLD applicants had to sign was valid, throwing out Donuts’ case.

Donuts is now appealing that ruling, however, filing its most-recent brief just a few weeks ago.

Whether that will stop ICANN from signing the .web contract and delegating it to Verisign is an open question. It managed to delegate .africa to ZA Central Registry despite the existence of an ongoing lawsuit by a competing applicant.

If history is any guide, we may see a rival applicant apply for a temporary restraining order against .web’s delegation before long.

XYZ junk drop sinks the industry in Q3

Kevin Murphy, December 20, 2017, Domain Registries

The total number of domains registered in the world suffered a rare period of decline in the third quarter, according to Verisign’s latest numbers.

The Q3 Domain Name Industry Brief shows September ended with 330.7 million registered names across all TLDs, a 1.2 million dip on the second quarter.

Year-on-year, there was still growth: 3.7 million domains, or 1.1%.

The shrinkage follows a flat Q2 and a slowing Q1.

The finger of blame can be primarily pointed at .xyz and .top, which lost millions of domains in the quarter due, in .xyz’s case at least, to the expiration of millions of names that had been sold for a penny or two a year earlier.

Not that you’d know this from the DNIB (pdf). For some reason Verisign doesn’t like talking about new gTLD growth rates in its reports, even when they’re going the wrong way.

Verisign’s own .com and .net grew by 1.5 million names to 145.8 million, putting ground between themselves and ccTLDs, which collectively were up by 500,000 names or 0.3% sequentially to 144.7 million.

Justice gives nod to O.com auction

Kevin Murphy, December 18, 2017, Domain Registries

The US Department of Justice does not intend to prevent Verisign from auctioning off the single-letter domain o.com.

Aaron Hoag, chief of the department’s Technology & Financial Services Section, told ICANN in a letter (pdf) that it does not intend to probe Verisign’s proposal.

The letter reads in its entirety:

Your letter dated December 7, 2017, to Makan Delrahim, Assistant Attorney General of the Antitrust Division, regarding VeriSign’s proposal to auction O.COM, has been referred to the Technology & Financial Services Section for review. After careful consideration of the matter, the Division can report that it does not intend to open an investigation into the proposed auction described in the attachment to your letter.

Verisign asked ICANN’s permission to auction o.com, with most of the the proceeds going to good causes, after over a decade of nagging from retailer Overstock.com, which desperately wants to own the currently reserved name.

It would set a precedent for the company to sell off the remaining 22 single-letter domains, not to mention the 10 digits, which are all currently reserved due to a decades-old technical policy no longer considered necessary.

Verisign would only receive its $7.85 base registry fee from the sale, despite the fact that single-letter domains could easily fetch seven or eight figures.

The company asked ICANN for permission to release the name via its Registry Services Evaluation Process last month.

ICANN said earlier this month that it had no objection on technical grounds, but referred it to US competition authorities for a review.

With the DoJ apparently not interested, the door is open for ICANN to approve the RSEP before the end of the year, meaning Verisign could carry out the auction in 2018.

The big question now is whether anyone other than Overstock will want to take part in the auction. Overstock has US trademarks on “O.com”, despite the fact that it’s never actually owned the domain.