Recent Posts
- Taylor Swift applies for her .post domain
- .ad domains to go global soon
- Single-letter .com case back in court
- ICANN to slash costs as Verisign’s magic money tree dries up
- Community revolts over ICANN’s auction proceeds power grab
- Two seats up for grabs on Nominet board
- War takes steep toll on .ua domains
- .de worst TLD for CSAM — report
- .com still shrinking because of China
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
Firm offers .xxx trademark checks
We’ve seen domain “reservation” services and “preregistration” services, now the soon-to-launch .xxx top-level domain is getting a pre-sunrise trademark verification service.
Trademark Fact Check is a new offering from EnCirca president Tom Barrett and Mark Kudlacik, formerly of NetNames and now president of Checkmark Network.
It’s an automated tool for checking whether a trademark will qualify for the .xxx sunrise period – and the sunrise periods of other new gTLDs – according to the service’s web site.
The output, among other things, consists of a list of domain names you qualify to register in the sunrise.
It supports about 30 national jurisdictions.
Checks will cost $10 a pop, but Barrett and Kudlacik think they can save applicants money.
If a sunrise application is rejected due to a filing error, the only option is to pay again to file again, which for .xxx is likely to cost at least $200 with the cheapest registrars.
There’s a money back guarantee if Trademark Fact Check says an application will pass and it does not.
I’m not sure how much of a market there will be for this kind of thing when the new gTLDs start to launch in 2013 and sunrise trademark validation will be largely handled by the Trademark Clearinghouse.
Firefox gives greater visibility to domains
Mozilla has reportedly dropped the http:// from the address bar in the latest pre-release version of the Firefox browser, in order to make the domain more prominent.
The changes, spotted over at ConceivablyTech, would also remove the trailing slash from URLs and present everything other than the top and second level of the domain in gray text.
So instead of
http://www.example.com/
you’d see something like
www.example.com
Google Chrome already does something similar, although it presents the lower levels of the domain in the same shade text as the top two.
The blog reported that the https:// will continue to be displayed for encrypted pages.
Earlier this year, Google was reported to be working on a Chrome UI that dropped the address bar altogether, which struck me as one of the more idiotic ideas — from a choice of many — to come out of the company.
Find domain keywords with new VeriSign apps
VeriSign has released a suite of cute applications for visualizing keywords mined from newly registered domain names.
DomainView has been around for a few months as a tag cloud on the VeriSign web site, but it’s now also an embeddable web widget and a scrolling ticker plug-in for Firefox and Chrome browsers.
The service samples recently registered .com and .net domains for recurring keywords, and spits those keywords back out, along with a short list of related domains that are available to register.
The company is planning to release an iPhone app in the near future, and there’s an API for developers to use today.
I’ve installed the ticker. It’s a nice idea, but it does get a bit distracting after a few minutes. Thankfully, it can be hidden through the options menu.
You can find the new applications here.
IPv6 addresses are the new domain hacks
It’s World IPv6 Day today, and a number of companies have decided to get a little playful with their new IP addresses, using them to spell out their brands.
IPv6 uses hexadecimal notation – the 10 digits and the letters A through F – so it’s possible to use them as “vanity” addresses using something like h4x0r-speak or license plate hacks.
Here’s a few IPv6 “hacks” I’ve found in AAAA records so far today:
BBC – bbc.net.uk – 2001:4b10:bbc::1
Facebook – facebook.com – 2620:0:1c18:0:face:b00c:0:3
Cisco – cisco.com – 2001:420:80:1:c:15c0:d06:f00d (Cisco dog food)
F5 Networks – f5.com – 2001:19b8:101:2::f5f5:1d
US Department of Commerce – commerce.gov – 2610:20:0:20:5ec:d0c:d0c:d0c
A few more, such as Daily Kos’ 2001:48c8:1:c::feeb:beef, seem deliberate but don’t seem to pertain particularly to the site’s brand.
I don’t think anybody’s going to use these addresses to navigate, but I suppose they make prove useful mnemonics for address administrators within those companies.
Experts say piracy law will break the internet
Five of the world’s leading DNS experts have come together to draft a report slamming America’s proposed PROTECT IP Act, comparing it to the Great Firewall of China.
In a technical analysis of the bill’s provisions, the authors conclude that it threatens to weaken the security and stability of the internet, putting it at risk of fragmentation.
The bill (pdf), proposed by Senator Leahy, would force DNS server operators, such as ISPs, to intercept and redirect traffic destined for domains identified as hosting pirated content.
The new paper (pdf) says this behavior is easily circumvented, incompatible with DNS security, and would cause more problems than it solves.
The paper was written by: Steve Crocker, Shinkuro; David Dagon, Georgia Tech; Dan Kaminsky, DKH; Danny McPherson, Verisign and Paul Vixie of the Internet Systems Consortium.
These are some of the brightest guys in the DNS business. Three sit on ICANN’s Security and Stability Advisory Committee and Crocker is vice-chairman of ICANN’s board of directors.
One of their major concerns is that PROTECT IP’s filtering would be “fundamentally incompatible” with DNSSEC, the new security protocol that has been strongly embraced by the US government.
The authors note that any attempts to redirect domains at the DNS level would be interpreted as precisely the kind of man-in-the-middle attack that DNSSEC was designed to prevent.
They also point out that working around these filters would be easy – changing user DNS server settings to an overseas provider would be a trivial matter.
PROTECT IP’s DNS filtering will be evaded through trivial and often automated changes through easily accessible and installed software plugins. Given this strong potential for evasion, the long-term benefits of using mandated DNS filtering to combat infringement seem modest at best.
If bootleggers start using dodgy DNS servers in order to find file-sharing sites, they put themselves at risk of other types of criminal activity, the paper warns.
If piracy sites start running their own DNS boxes and end users start subscribing to them, what’s to stop them pharming users by capturing their bank or Paypal traffic, for example?
The paper also expresses concern that a US move to legitimize filtering could cause other nations to follow suit, fragmenting the mostly universal internet.
If the Internet moves towards a world in which every country is picking and choosing which domains to resolve and which to filter, the ability of American technology innovators to offer products and services around the world will decrease.
This, incidentally, is pretty much the same argument used to push for the rejection of the .xxx top-level domain (which Crocker voted for).
ICANN hires hacker Dark Tangent as security chief
Noted white-hat hacker Jeff “Dark Tangent” Moss is to join ICANN as its new chief security officer.
Moss founded the Black Hat and Def Con hacker conferences (which I highly recommend), and was once a director of firewall vendor Secure Computing.
If you’re not familiar with security lingo, “hacker” in this context means he’s one of the good guys. He’s also one of a couple dozen members of the US Department of Homeland Security’s Advisory Council.
The ICANN press release announcing the appointment (pdf) is filled with plaudits from some of the industry’s top DNS security geeks.
Paul Vixie, chairman and chief scientist of the Internet Systems Consortium is quoted as saying:
This is a great hire for ICANN. Jeff’s been in the infosec community since the dawn of time and not only knows where the weak spots are but also how they got that way, and what needs to be done and by whom. He’s the ideal person to drive ICANN’s security agenda.
He’s also been named vice-president. He starts work at the ICANN Washington DC office tomorrow.
Plug-in works around seized domains
Disgruntled coders have come up with a new Firefox plug-in to help people find piracy web sites after their domain names are seized by the authorities.
MAFIAA-Fire hooks into the browser, checking DNS queries against a list supplied by the developers, to see if the name corresponds to a seized domain.
If it does, the browser is redirected to an approved mirror. If it does not, the DNS query is handled as normal through the browser’s regular resolvers.
The plug-in was created in response to the seizure of domain names alleged to be involved in distributing bootleg movies, music and software.
The US Immigration and Customs Enforcement agency has been sending court-ordered take-down notices to US-based registry operators such as VeriSign for the last several months.
Some sites immediately relocate to top-level domains outside of US jurisdiction. MAFIAA-Fire is designed to make the process of finding these new sites easier.
As the plug-in site acknowledges, if any fraudulent data were to make its way onto its manually-authenticated list of domains, it could cause a security problem for end users.
MAFIAA stands for “Music and Film Industry Association of America”, a corruption of RIAA and MPAA. The “Fire” suffix comes from the fact that fire melts ICE.
The plug-in, which was first reported by TorrentFreak, is hosted at a .com address.
Surf any .com with a text message?
A company called DotGo has launched a service it says will enable mobile phone users to access specially built web-based services using SMS text messaging.
This is (borderline) relevant to the domain name industry because DotGo has obtained the phone numbers that spell out DOTCOM, DOTORG, DOTNET, DOTEDU and DOTGOV when typed on handsets.
Using the system, developers use the company’s custom markup language to create a text-based service, for example a news feed, which they dump into their web server’s root directory.
Consumers can then access this service by sending the name of the service’s domain, minus the extension, to the number 368266 (DOTCOM).
So for cnn.com, you’d send the message “cnn” to 368266. CNN would then reply with a list of headlines from its RSS feed, say. You’d then reply with the number of the story you want to read.
Or you could text “weather 94110” to the same number to quiz weather.com about the forecast in San Francisco.
If this sounds overly complicated, there are a few demos you can try in a normal browser that may explain it better.
The DotGo service has been around for about 18 months, but it’s only today that the company has launched its suite of tools for developers.
The service appears to be ad-supported, free to both developers and users at the basic level with subscription-based upgrades available.
It’s all very clever, but will anyone want to use it? I hear there’s a thing called an “iPhone” nowadays that does a pretty good job at bringing the web to mobile users.
The service seems to be only available in the US (though the web site is pretty vague on that count) and no, DOTMOBI isn’t an option.
Domain security arrives in .com
VeriSign announced late yesterday that it has fully implemented DNSSEC in .com, meaning pretty much anyone with a .com domain name can now implement it too.
DNSSEC is a domain-crypto protocol mashup that allows web surfers, say, to trust that when they visit wellsfargo.com they really are looking at the bank’s web site.
It uses validatable cryptographic signatures to prevent cache poisoning attacks such as the Kaminsky Bug, the potential internet-killer that caused panic briefly back in 2008.
With .com now supporting the technology, DNSSEC is now available in over half of the world’s domains, due to the size of the .com zone. But registrants have to decide to use it.
I chatted to Matt Larson, VeriSign’s VP of DNS research, and Sean Leach, VP of technology, this afternoon, and they said that .com’s signing could be the tipping point for adoption.
“I feel based on talking to people that everybody has been waiting for .com,” Larson said. “It could open the floodgates.”
What we’re looking at now is a period of gradual adoption. I expect a handful of major companies will announce they’ve signed their .coms, probably in the second half of the year.
Just like a TLD launch, DNSSEC will probably need a few anchor tenants to raise the profile of the technology. Paypal, for example, said it plans to use the technology at an ICANN workshop in San Francisco last month, but that it will take about six months to test.
“Most people have their most valuable domains in the .com space,” said Leach. “We need some of the big guys to be first movers.”
There’s also the issue of ISPs. Not many support DNSSEC today. The industry has been talking up Comcast’s aggressive deployment vision for over a year now, but few others have announced plans.
And of course application developer support is needed. Judging from comments made by Mozilla representatives in San Francisco, browser makers, for example, are not exactly champing at the bit to natively support the technology.
You can, however, currently download plugins for Firefox that validate DNSSEC claims, such as this one.
According to Leach, many enterprises are currently demanding DNSSEC support when they buy new technology products. This could light a fire under reluctant developers.
But DNSSEC deployment will still be slow going, so registries are doing what they can to make it less of a cost/hassle for users.
Accredited registrars can currently use VeriSign’s cloud-based signing service for free on a trial basis, for example. The service is designed to remove the complexity of managing keys from the equation.
I’m told “several” registrars have signed up, but the only one I’m currently aware of is Go Daddy.
VeriSign and other registries are also offering managed DNSSEC as part of their managed DNS resolution enterprise offerings.
Neither of the VeriSign VPs was prepared to speculate about how many .com domains will be signed a year from now.
I have the option to turn on DNSSEC as part of a Go Daddy hosting package. I probably will, but only in the interests of research. As a domain consumer, I have to say the benefits haven’t really been sold to me yet.
Microsoft spends $7.5 million on IP addresses
It’s official, IP addresses are now more expensive than domain names.
Nortel Networks, the bankrupt networking hardware vendor, has sold 666,624 IPv4 addresses to Microsoft for $7.5 million, according to Delaware bankruptcy court documents (pdf).
That’s $11.25 per address, more than you’d expect to pay for a .com domain name. Remember, there’s no intellectual property or traffic associated with these addresses – they’re just routing numbers.
This, I believe, is the first publicly disclosed sale of an IP address block since ICANN officially announced the depletion of IANA’s free pool of IPv4 blocks last month.
The deal came as part of Nortel’s liquidation under US bankruptcy law, which has been going on since 2009. According to a court filing:
Because of the limited supply of IPv4 addresses, there is currently an opportunity to realize value from marketing the Internet Numbers, which opportunity will diminish over time as IPv6 addresses are more widely adopted.
Nortel contacted 80 companies about the sale a year ago, talked to 14 potential purchasers, and eventually received four bids for the full block and three bids for part of the portfolio.
Microsoft’s bid was the highest.
The Regional Internet Registries, which allocate IP addresses, do not typically view IP as an asset that can be bought and sold. There are processes being developed for assignees to return unused IPv4 to the free pool, for the good of the internet community.
But this kind of “black market” – or “gray market” – for IP addresses has been anticipated for some time. IPv4 is now scarce, there are costs and risks associated with upgrading to IPv6, and the two protocols are expected to co-exist for years or decades to come.
In fact, during ICANN’s press conference announcing the emptying of the IPv4 pool last month, the only question I asked was: “What is the likelihood of an IPv4 black market emerging?”.
In reply, Raul Echeberria, chair of ICANN’s Number Resource Organization, acknowledged the possibility, but played down its importance:
There is of course the possibility of IPv4 addresses being traded outside of the system, but I am very confident it will be a very small amount of IPv4 addresses compared to those transferred within the system. But it is of course a possibility this black market will exist, I’m not sure that it will be an important one. If the internet community moves to IPv6 adoption, the value of the IPv4 addresses will decrease in the future.
I doubt we’ll hear about many of these sales in future, unless they come about due to proceedings such as Nortel’s bankruptcy sale, but I’m also confident they will happen.
The total value of the entire IPv4 address space, if the price Microsoft is willing to pay is a good guide, is approximately $48.3 billion.
Recent Comments