Attentive DI readers will recall my journalistic meltdown last week, when I tried to figure out how the Chinese new gTLD .网址 managed to hit #2 in the new gTLD zone file size league table, apparently shifting a quarter of a million names in a week.
Well, after conversations with well-placed sources here at NamesCon in Las Vegas this week, I’ve figured it out.
.网址 is the Chinese for “.url”.
Its rapid growth — hitting 352,000 names today — can be attributed primarily to two factors.
First, these weren’t regular sales. The registry, Knet, which acquired original applicant Hu Yi last year, operates a keyword-based navigation system in China that predates Chinese-script gTLDs.
The company has simply grandfathered its keyword customers into .网址, I’m told.
The keyword system allows Latin-script domains too, which explains the large number of western brands that appear in the .网址 zone.
The second reason for the huge bump is the fact that many of the domains are essentially duplicates.
Chinese script has “traditional” and “simplified” characters, and in many cases domains in .网址 are simply the traditional equivalents of the simplified versions.
I understand that these duplicates may account for something like 30% of the zone file.
I’ve been unable to figure out definitively why the .网址 Whois database appeared to be so borked.
As I noted last week, every domain in the .网址 space had a Knet email address listed in its registrant, admin and technical contact fields.
It seems that Knet was substituting the original email addresses with its own when Whois queries were made over port 43, rather than via its own web site.
Its own Whois site (which doesn’t work for me) returned the genuine email addresses, but third-party Whois services such as DomainTools and ICANN returned the bogus data.
Whether Knet did this by accident or design, I don’t know, but it would have almost certainly have been a violation of its contractual commitments under its ICANN Registry Agreement.
However, as of today, third-party Whois tools are now returning the genuine Whois records, so whatever the reason was, it appears to be no longer an issue.
The Chinese-script gTLD .网址 powered to the number two spot in the new gTLD rankings by zone file size this week, but it’s doing some things very strangely.
.网址 is Chinese for “.site”, “.url” or “.webaddress”.
The registry is Hu Yi Global, ostensibly a Hong Kong-based registrar but, judging by IANA’s records, actually part of its Beijing-based back-end Knet.
I’m going to come out and admit it: even after a few hours research I still don’t know a heck of a lot about these guys. The language barrier has got me, and the data is just weird.
These are the things I can tell you:
- .网址 has 352,727 domains in its zone file today, up by about a quarter of a million names since the start of the week.
- The names all seem to be using knet.cn name servers
- I don’t think any of them resolve on the web. I tried loads and couldn’t find so much as a parking page. Google is only aware of about eight resolving .网址 pages.
- They all seem to have been registered via the same Chinese registrar, which goes by the name of ZDNS (also providing DNS for the TLD itself).
- They all seem to be registered with “firstname.lastname@example.org” in the email address field for the registrant, admin and technical contacts in Whois, even when the registrants are different.
- That’s even true for dozens of famous trademarks I checked — whether it’s the Bank of China or Alexander McQueen, they’re all using email@example.com as their email address.
- I’ve been unable to find a Whois record with a completed Registrant Organization field.
- Nobody seems to be selling these things. ZDNS (officially Internet Domain Name System Beijing Engineering Research Center) is apparently the only registrar to sell any so far and its web site doesn’t say a damn thing about .网址. The registry’s official nic.网址 site doesn’t even have any information about how to buy one either.
- ZDNS hasn’t sold a single domain in any other gTLD.
- News reports in China, linked to from the registry’s web site, boast about how .网址 is the biggest IDN TLD out there.
So what’s going on here? Are we looking at a Chinese .xyz? A bunch of registry-reserved names? A seriously borked Whois?
Don’t expect any answers from DI today on this one. I’ve been staring at Chinese characters for hours and my brain is addled.
I give up. You tell me.
Problems validating the addresses of .uk domain registrants, which caused one registrar to dump the TLD entirely, are broader than I reported yesterday.
Cronon, which does business as Strato, announced last week that it has stopped selling .uk domain names because in more than a third of cases Nominet, the registry, is unable to validate the Whois data.
In many cases the domain is subsequently suspended, causing customer support headaches.
It now transpires that the problems are not limited to .uk second-level names, are not limited to UK registrants, and are not caused primarily by mailing address validation failures.
Michael Shohat, head of registrar services at Cronon, got in touch last night to clarify that most of its affected customers are in fact from its native Germany or from the Netherlands.
All of the affected names are .co.uk names, not .uk SLDs, he added.
And the validation is failing in the large majority of cases not due to Nominet’s inability to validate a mailing address, but rather its inability to validate the identity of the registrant.
“This is where the verification is failing. The database they are using can’t find many of our registrants’ company names,” Shohat said.
“So 30% of our registrations were being put on hold, almost all of them from [Germany] and [the Netherlands], and 90% of them because of the company name. We checked lots of them and in every single case the name of the company was correct, and the address as well,” he said.
Michele Neylon of the ICANN Registrar Stakeholders Group said that Cronon is not the only registrar to have been affected by these issues. Blacknight Solutions, the registrar Neylon runs, has been complaining about the problem since May.
According to Neylon, the Nominet policy causing the issue is its data quality policy, which covers all .uk and .co.uk (etc) names.
The policy itself is pretty vague — Nominet basically says it will work with each individual registrar to determine a baseline of what can be considered a “minimum proportion of valid data”, given the geographic makeup of the registrar’s customer base.
Domains that fail to meet these criteria have a “Data Quality Lock” imposed — essentially a suspension of the domain’s ability to resolve.
Earlier this year, Nominet did backtrack on plans to implement an automatic cancellation of the names after 30 days of non-compliance, following feedback from its registrars.
“It’s disappointing that Cronon have taken this step; we hope they will consider working with us to find a way to move forward,” a Nominet spokesperson added.
She said that the registry has over recent years moved to “more proactive enforcement” of Whois accuracy. She pointed out that Nominet takes on the “lion’s share of the work”, reducing the burden on registrars.
“However, our solution does not include non-UK data sets to cross-reference with, so it is possible that some false positives occur,” she said. “Registrars with a large non-UK registrant bases, who are not accredited channel partners, would be affected more than others.”
An Accredited Channel Partner is the top tier of the three Nominet offers to registrars. It has additional data validation requirements but additional benefits.
While .co.uk domains are not limited to UK-based registrants, all .uk SLD registrants do need to have a UK mailing address in their Whois for legal service.
The company’s inability to validate many non-UK business identities seems to mean .co.uk could also slowly become a UK-only space by the back door.
German registrar Cronon, which retails domains under the Strato brand, has stopped carrying .uk domains due to what it says are onerous Whois validation rules.
In a blog post, company spokesperson Christina Witt said that over one third of all .uk sales the registrar has been making are failing Nominet’s registry-end validation checks, which she said are “buggy”.
With the introduction of direct second-level registration under .uk, Nominet introduced a new requirement that all new domains must have a UK address in the Whois for legal service, even if the registrant is based overseas.
According to its web site, Nominet checks registrant addresses against the Royal Mail Postcode Address file, which contains over 29 million UK addresses, and does a confidence-based match.
If attempts to match the supplied address with a UK address in this file prove fruitless, and after outreach to the registrant, Nominet suspends the domain 30 days after registration and eventually deletes it.
It’s this policy of terminating domains that has caused Strato to despair and stop accepting new .uk registrations.
“Databases of street directories or company registers are often inaccurate and out of date,” Witt wrote (translated from the original German). “The result: addresses that are not wrong, in fact, are be found to be invalid.”
Nominet is throwing back over a third of all .uk names registered via Strato, according to the blog post, creating a customer support nightmare.
Its affected registrants are also confused about the verification emails they receive from Nominet, a foreign company of which they have often never heard, Witt wrote.
I don’t know how many .uk names the registrar has under management, but it’s reasonably large in the gTLD space, with roughly 650,000 domains under management at the last count.
If Strato’s claim that Nominet is rejecting a third of valid addresses (and how Strato could know they’re valid is open to question), that’s quite a scary statistic.
Nominet seems to be using an address database, from the Royal Mail, which is about as close to definitive as it gets. And it’s only verifying addresses from a single country.
I shudder to imagine what the false negative rate would be like for a gTLD registrar compelled to validate addresses across 200-odd countries and territories.
The latest version of the ICANN Registrar Accreditation Agreement requires registrars to partially validate addresses, such as checking whether the street and postal code exist in the given city, but there’s no requirement for domains to be suspended if these checks fail.
[UPDATE: Thanks to Michele Neylon of the Registrars Stakeholder Group for the reminder that this RAA requirement hasn’t actually come into force yet, and won’t until the RrSG and ICANN come to terms on its technical and commercial feasibility.]
Where the 2013 RAA does require suspension is when the registrant fails to verify their email address (or, less commonly, phone number), which as we’ve seen over the last year leads to hundreds of thousands of names being yanked for no good reason.
If Strato’s story about .uk is correct and its experience shared by other registrars, I expect that will become and important data point the next time law enforcement or other interests push for even stricter Whois rules in the ICANN world.
DreamHost, a web hosting provider which says it hosts over 1.3 million web sites, has been hit with a lengthy ICANN compliance notice, largely concerning alleged Whois failures.
The breach notice raises questions about the company’s popular free Whois privacy service.
Chiefly, DreamHost has failed to demonstrate that it properly investigates Whois inaccuracy complaints, as required by the Registrar Accreditation Agreement, according to ICANN.
The notice contains numerous other complaints about alleged failures to publish information about renewal fees, its directors and abuse contacts on its web site.
The domain highlighted by ICANN in relation to the Whois failure is senect.com
ICANN sent three compliance notices to DreamHost concerning a Whois inaccuracy report for the domain name
and requested DreamHost demonstrate that it took reasonable steps to investigate the Whois inaccuracy claims. DreamHost’s failure to provide documentation demonstrating the reasonable steps it took to investigate and correct the alleged Whois inaccuracy is a breach of Section 3.7.8 of the RAA.
Weirdly, senect.com has been under private registration at DreamHost since the start of 2012.
ICANN seems to be asking the registrar to investigate itself in this case.
DreamHost offers private registration to its customers for free. It populates the Whois with proxy contact information and the registrant name “A Happy DreamHost Customer”.
DomainTools associates “A Happy DreamHost Customer” with over 710,000 domain names.
As an accredited registrar, DreamHost had over 822,000 gTLD domain names at the last count. According to its web site, it has over 400,000 customers.
The breach notice also demands the company immediately start including the real contact information for its privacy/proxy customers in its data escrow deposits.
ICANN has given the company until November 21 to resolve a laundry list of alleged RAA breaches, or risk losing its accreditation.