Active new gTLD domains drop below 20 million
The number of domain names recorded in new gTLD zone files has dipped below 20 million for the first time in 18 months.
The total crossed the milestone in the wrong direction January 1, according to DI’s records.
As of today, there are 19.8 million domains in zone files, down from a peak of 26 million in March 2017.
The count has gone down by about half a million names in the last 90 days, largely as a result of declines in .top, .xyz and .kiwi, which have each recorded six-figure losses.
It’s the first time that the zone files have showed the number of domains going below 20 million since the beginning of June 2016, when XYZ.com sold millions of .xyz domains for a penny each. Most of those names did not renew a year later.
Zone files do not record every domain that has been registered, just those with active name servers. Others may be registered but unused or on hold for various reasons.
CentralNic spends $3.3 million on .com portfolios
CentralNic has splashed out £2.5 million ($3.3 million) to bolster its portfolio of domain names for the secondary market.
The company said in a brief statement today that it acquired an unspecified number of domains across “a number of portfolios”. The sellers were not disclosed.
The names were all in .com.
CEO Ben Crawford said the names were acquired “at an attractive discount to current market rates”.
The deals mean London-listed CentralNic might be able to continue to prop up its recurring revenue (registry/registrar) numbers through the sale of premium names, something it still needs to do if it wants to show investors a pleasing growth curve.
That’s assuming it can sell the names at a profit, of course.
Some call this the premium domain “hamster wheel”.
XYZ junk drop sinks the industry in Q3
The total number of domains registered in the world suffered a rare period of decline in the third quarter, according to Verisign’s latest numbers.
The Q3 Domain Name Industry Brief shows September ended with 330.7 million registered names across all TLDs, a 1.2 million dip on the second quarter.
Year-on-year, there was still growth: 3.7 million domains, or 1.1%.
The shrinkage follows a flat Q2 and a slowing Q1.
The finger of blame can be primarily pointed at .xyz and .top, which lost millions of domains in the quarter due, in .xyz’s case at least, to the expiration of millions of names that had been sold for a penny or two a year earlier.
Not that you’d know this from the DNIB (pdf). For some reason Verisign doesn’t like talking about new gTLD growth rates in its reports, even when they’re going the wrong way.
Verisign’s own .com and .net grew by 1.5 million names to 145.8 million, putting ground between themselves and ccTLDs, which collectively were up by 500,000 names or 0.3% sequentially to 144.7 million.
InternetNZ loses two of its three CEOs as it simplifies
InternetNZ has announced the results of a consultation into a restructuring of the organization.
The .nz ccTLD manager is to cut one of its three operating companies and reduce the number of CEOs from three to one.
NZRS, which actually runs the registry, will be folded into InternetNZ, while policy-setting body Domain Name Commission Ltd will remain a separate company in the same group.
Jordan Carter, CEO of the company since 2013, has been picked to carry on leading InternetNZ and to chair the board of DNCL, which is losing three of its 12 seats.
The company threw open the idea of a restructuring back in June, noting that it had 20 governors, three CEOs and 10 senior executives for the 35 full time employees across the three organisations
InternetNZ leadership said in a statement that they hope the changes will help the registry become more effective as it simplifies.
China and cheapo TLDs drag down industry growth — CENTR
The growth of the worldwide domain industry continued to slow in the third quarter, according to data out today from CENTR.
There were 311.1 million registered domains across over 1,500 TLDs at the end of September, according to the report, 0.7% year-over-year growth.
The new gTLD segment, which experienced a 7.2% decline to 20.6 million names, was the biggest drag.
But that decline is largely due to just two high-volume, low-price gTLDs — .xyz and .top — which lost millions of names that had been registered for pennies apiece.
Excluding these TLDs, year-over-year growth for the whole industry would have been 2.5%, CENTR said. The report states:
Over the past 2 years, quarterly growth rates have been decreasing since peaks in early 2016. The slowdown is the result of deletes after a period of increased investment from Chinese registrants. Other explanations to the slowdown are specific TLDs, such as .xyz and .top, which have contracted significantly.
The legacy gTLDs inched up by 0.2%, largely driven by almost two million net new names in .com. In fact, only five of the 17 legacy gTLDs experienced any growth at all, CENTR said.
In the world of European ccTLDs, the average (median) growth rate has been flat, but CENTR says it sees signs of a turnaround.
CENTR is the Council of European National Top-Level Domain Registries. Its Q3 report can be downloaded here (pdf).
Over 750 domains hijacked in attack on Gandi
Gandi saw 751 domains belonging to its customers hijacked and redirected to malware delivery sites, the French registrar reported earlier this month.
The attack saw the perpetrators obtain Gandi’s password for a gateway provider, which it did not name, that acts as an intermediary to 34 ccTLD registries including .ch, .se and .es.
The registrar suspects that the password was obtained by the attacker exploiting the fact that the gateway provider does not enforce HTTPS on its login pages.
During the incident, the name servers for up up to 751 domains were altered such that they directed visitors to sites designed to compromise unpatched computers.
The redirects started at 0804 UTC July 7, and while Gandi’s geeks had reversed the changes by 1615 it was several more hours before the changes propagated throughout the DNS for all affected domains.
About the theft of its password, Gandi wrote:
These credentials were likewise not obtained by a breach of our systems and we strongly suspect they were obtained from an insecure connection to our technical partner’s web portal (the web platform in question allows access via http).
It’s not clear why a phishing attack, which would seem the more obvious way to obtain a password, was ruled out.
Gandi posted a detailed timeline here, while Swiss registry Switch also posted an incident report from its perspective here. An effected customer, which just happened to be a security researcher, posted his account here.
Gandi says it manages over 2.1 million domains across 730 TLDs.
ICANN finds no conflict of interest in .sport decision
ICANN has rejected claims that the .sport gTLD contention set was settled by an arbitrator who had undisclosed conflicts of interest with the winning applicant.
Its Board Governance Committee last week decided that Community Objection arbitrator Guido Tawil had no duty to disclose his law firm’s ties to major sports broadcasters when he effectively eliminated Famous Four Media from its fight with SportAccord.
Back in 2013, SportAccord — an applicant backed by pretty much all of the world’s major sporting organizations — won the objection when Tawil ruled that FFM’s fully commercial, open-registration bid could harms its members interests.
FFM complained with Requests for Reconsideration, Ombudsman complaints and then an Independent Review Process complaint.
It discovered, among other things, that Tawil’s law firm was helping broadcaster DirecTV negotiate with the International Olympic Committee (one of SportAccord’s backers) for Olympics broadcasting rights at the time of the Community Objection.
The IRP panel ruled in February this year that the BGC had failed to take FFM’s allegations of Tawil’s “apparent bias” into account when it processed Reconsideration requests back in 2013 and 2014.
So the BGC reopened the two Reconsideration decisions, looking at whether Tawil was required by International Bar Association guidelines to disclosed his firm’s client’s interests.
In a single decision (pdf) late last week, the BGC said that he was not required to make these disclosures.
In each of the three claims of bias, the BGC found that the connections between Tawil and the alleged conflict were too tenuous to have required disclosure under the IBA rules.
It found that the IOC and SportAccord are not “affiliates” under the IBA definition, which requires some kind of cross-ownership interests, even though the IOC is, judging by the .sport application, SportAccord’s most valued supporter.
The BGC also found that because Tawil’s firm was representing DirecTV, rather than the IOC, the relationship did not technically fall within the disclosure guidelines.
For these and other reasons, the BGC rejected FFM’s Reconsideration requests for a second time.
The decision, and the fact that FFM seems to have exhausted ICANN’s appeals mechanisms, means it is now more likely that SportAccord’s application will be allowed to continue negotiating its .sport Registry Agreement with ICANN, where it has been frozen for years.
Emoji domains get a 👎 from security panel
The use of emojis in domain names has been discouraged by ICANN’s Security and Stability Advisory Committee.
In a paper late last week, SSAC told ICANN that emojis — aka emoticons or smileys — lack standardization, are barred by the relevant domain name technical standards, and could cause user confusion.
Emoji domains, while technically possible, are not particularly prevalent on the internet right now.
They’re implicitly banned in gTLDs due to the contractual requirement to adhere to the IDNA2008 standard, which restricts internationalized domain names to actual spoken human languages, and the only ccTLD I’m aware of actively marketing the names is Samoa’s .ws.
There was a notable example of Coca Cola registering 😀.ws (xn--h28h.ws) for a billboard marketing campaign in Puerto Rico a couple of years ago, but that name has since expired and been registered by an Australian photographer.
The SSAC said that emoji use should be banned in TLDs and discouraged at the second level for several reasons.
Mainly, the problem is that while emojis are described in the Unicode standards, there’s no standardization across devices and applications as to how they are displayed.
A certain degree of creative flair is permitted, meaning a smiling face in one app may look unlike the technically same emoji in another app. On smaller screens and with smaller fonts, technically different emojis may look alike.
This could lead to confusion, which could lead to security problems, SSAC warns:
It is generally difficult for people to figure out how to specify exactly what happy face they are trying to produce, and different systems represent the same emoji with different code points. The shape and color of emoji can change while a user is viewing them, and the user has no way of knowing whether what they are seeing is what the sender intended. As a result, the user is less likely to reach the intended resource and may instead be tricked by a phishing site or other intentional misrepresentation.
SSAC added that it:
strongly discourages the registration of any domain name that includes emoji in any of its labels. The SSAC also advises registrants of domain names with emoji that such domains may not function consistently or may not be universally accessible as expected
The brief paper can be read here (pdf).
After price hike, now Tucows drops support for Uniregistry TLDs
Tucows is to drop OpenSRS support for nine Uniregistry gTLDs after the registry announced severe price increases.
The registrar told OpenSRS resellers that it will no longer support .audio, .juegos, .diet, .hiphop, .flowers, .guitars, .hosting, .property and .blackfriday from September 8, the date the increases kick in.
It’s the second major registrar, after GoDaddy, to drop support for Uniregistry TLDs in the wake of the pricing news.
“The decision to discontinue support for these select TLDs was made to protect you and your customers from unknowingly overpaying in a price range well beyond $100 per year,” OpenSRS told its resellers.
It will continue to support seven other Uniregistry gTLDs, including .click and .link, which are seeing more modest price increases and will remain at $50 and under.
While Tucows is a top 10 registrar in most affected TLDs, its domains under management across the nine appears to be under 3,000.
These domains will expire at their scheduled expiry date and OpenSRS will not allow their renewal after the September 8 cut-off. Customers will be able to renew at current prices for one to 10 years, however.
Tucows encouraged its roughly 40,000 resellers to offer to migrate their customers to other TLDs.
Uniregistry revealed its price increases in March, saying moving to a premium-pricing model was necessary to make the gTLDs profitable given the lack of volume.
Pricing for .juegos and .hosting is to go up from under $20 retail to $300. The other seven affected gTLDs will increase from the $10 to $25 range to $100 per year.
After GoDaddy pulled support for Uniregistry TLDs, the registry modified its plan to enable all existing registrations to renew at current prices.
That clearly was not enough for Tucows, which has sent a pretty clear message that it’s not prepared to be the public face of such significant price hikes.
Massive ransomware attack hits 150 countries, brought down by a domain reg
A massive outbreak of malware on Friday hit thousands of organizations in an estimated 150 countries and had a big impact on the UK National Health Service before being temporarily thwarted by a single domain name registration.
WannaCry, as the malware has been called, targets Windows boxes that have not installed a March security patch. It encrypts files on the hosts it infects and demands money for the decryption key.
The attack is Big News for several reasons.
First, it spread ransomware over the network using a remotely exploitable vulnerability that required no user error or social engineering to install itself.
Second, it hit an estimated quarter-million machines, including thousands at big organizations such as Telefonica, the NHS, Deutsche Bahn and FedEx.
Third, it posed a real risk to human life. A reported 70,000 NHS machines, including medical devices, were said to be infected. Reportedly, some non-critical patients had to be turned away from UK hospitals and operations were cancelled due to the inability of doctors to access medical records.
Fourth, WannaCry appears to have been based on code developed by the US National Security Agency and leaked last month.
All in all, it was an attack the scale of which we have not seen for many years.
But it seems to have been “accidentally” prevented from propagating further on Friday, at least temporarily, with the simple act of registering a domain name.
A young British security researcher who goes by the online handle MalwareTech said he was poring over the WannaCry code on Friday afternoon when he came across an unregistered domain name.
On the assumption that the malware author perhaps planned to use the domain as a command and control center, MalwareTech spent the ten bucks to register it.
MalwareTech discovered that after the domain was registered, the malware stopped encrypting the hard drives it infected.
He first thought it was a fail-safe or kill-switch, but he later came to the conclusion that the author had included the domain lookup as a way to thwart security researchers such as himself, who run malware code in protected sandbox environments.
MalwareTech wrote:
In certain sandbox environments traffic is intercepted by replying to all URL lookups with an IP address belonging to the sandbox rather than the real IP address the URL points to, a side effect of this is if an unregistered domain is queried it will respond as [if] it were registered
Once the domain was registered, WannaCry iterations on newly infected machines assume they were running in sandboxes and turned themselves off before causing additional damage.
MalwareTech was naturally enough proclaimed the hero of the day by many news outlets, but it appears that versions of the malware without the DNS query kill-switch already started circulating over the weekend.
Many are warning that the start of the work week today may see a new rash of infections.
The researcher’s account of the incident can be read in full here.
Recent Comments