Latest news of the domain name industry

Recent Posts

ICANN name servers come under attack

Kevin Murphy, April 30, 2021, Domain Tech

ICANN’s primary name servers came under a distributed denial of service attack, the Org said earlier this week.

The incident appears to have gone largely unnoticed outside of ICANN and seems to have been successfully mitigated before causing any significant damage.

ICANN said on its web site:

ICANN was subjected to a Distributed Denial of Service (DDoS) attack targeting NS.ICANN.ORG. This event did not result in harm to the organization. It was mitigated by redirecting traffic flows through a DDoS scrubbing service.

ns.icann.org is the address of ICANN’s name servers, which handle queries to ICANN-owned domains such as icann.org and iana.org.

The servers are also authoritative for Ugandan ccTLD .ug for some reason, and until a few years ago also handled the .int special-purpose TLD and sponsored gTLD .museum.

ICANN did not disclosed the exact date of the attack, nor speculate about whether it was targeted and why it might have happened.

3 Comments Tagged: , , , ,

NamesCon will be virtual again this year, and more expensive

Kevin Murphy, April 29, 2021, Domain Services

The popular NamesCon conference has scrapped its plan to return to in-person events this year, and will instead host another virtual con in September.

Organizers said today that NamesCon Online 2020 will take place from September 22 to 24, in a return to its in-house online networking platform.

It’s shuffled its pricing scheme since the last event, too.

At the low end, gone are the free passes for new attendees. Instead, the first 150 newbies to sign up will get their pass for $19.

Regular pricing is $99, reduced to $79 for those who register before July 4.

There’s also a new, more expensive tier for members of the sell-side of the industry. Employees of registries, registrars and marketplaces will have to pay $299 for their tickets.

NamesCon is also continuing its partnership with DNAcademy. A domaining course and conference ticket bundle will set you back $499 again.

NamesCon had planned to return to in-person meetings by the middle of 2021 with NamesCon Europe, back when phrases like “variant of concern” and “third wave” were largely hypothetical, but that event was recently cancelled.

Comment Tagged: ,

Net4 nightmare almost over as court rules ICANN can shut down chaotic registrar

Kevin Murphy, April 29, 2021, Domain Registrars

ICANN is finally moving to shut down Net 4 India’s gTLD domains business, after months of upheaval and thousands of customer complaints.

An Indian insolvency court this week lifted its ban on ICANN terminating Net4’s registrar contract, after ICANN appealed to it with a wealth of evidence showing how critical services such as hospitals and train services were being harmed by registrants being unable to transfer their domains away.

ICANN has now invoked its De-Accredited Registrar Transition Procedure, which will see Net4’s tens of thousands of gTLD domains transferred to a different, more stable registrar, according to head of compliance Jamie Hedlund.

The Org had terminated Net4’s contract in February after hearing from thousands of customers whose names had ceased to work, expired, or were locked-in to Net4 due to its broken transfers function.

But the Delhi court handling the registrar’s insolvency asked ICANN in March to delay the termination at the behest of the resolution professional attempting to extract as much value as possible from Net4 in service of its creditors.

That order was lifted orally after a hearing on Tuesday, according to ICANN.

Under the DARTP, either the dying registrar picks a successor or ICANN picks one, either from a rotation of pre-approved registrars or by rolling out a full registrar application process.

Given the timing crisis, and Net4’s irresponsible behavior to date, it appears most likely that ICANN will hand-pick a gaining registrar from the pre-qualified pool.

Hedlund blogged that ICANN expects to name Net4’s successor within two weeks, after which the gaining registrar will reach out to registrants to inform them how to proceed.

Registrants will not be charged for the bulk transfer.

Net4 had over 70,000 gTLD domains under management at the end of 2020, but this number has likely decreased in the intervening time.

ccTLDs such as India’s .in will not be covered by the bulk transfer. It will be up to local registry NIXI to minimize disruption for Net4’s .in registrants.

Comment Tagged: , , , , , ,

IWF finds 3,401 “commercial” child porn domains

Kevin Murphy, April 28, 2021, Domain Registries

The Internet Watch Foundation last year found child sexual abuse material on 3,401 domains that it says appeared to be commercial sites dedicated to distributing the illegal content.

The UK-based anti-CSAM group said in its annual report, published last week, that it found 5,590 domains containing such material in 2020, and 61% were “dedicated commercial sites… created solely for the purpose of profiting financially from the distribution of child sexual abuse material online.”

That’s a 13% increase in domains over 2019, the report says. It compares to 1,991 domains in 2015.

IWF took action on 153,369 URLs containing CSAM last year, the report says.

For example, the TLD with the most CSAM abuse is of course .com, with 90,879 offending URLs in 2020, 59% of the total. That compares to 69,353 or 52% in 2019.

But because those 90,000 URLs may include, for example, pages on image-hosting sites that use .com domains, the number of unique .com domains being abused will be substantially lower.

Same goes for the other TLDs on the top 10 list — .net, .ru, .nz, .fr, .org, .al, .to, .xyz and .pw.

.co, .cc and .me were on the 2019 list but not the 2019 list, being replaced by .al, .org and .pw.

The most disturbing part of the report, which is stated twice, is the alarming claim that some TLDs exist purely to commercially distribute CSAM:

We’ve also seen a number of new TLDs being created solely for the purpose of profiting financially from the distribution of child sexual abuse material online.

We first saw these new gTLDs being used by websites displaying child sexual abuse imagery in 2015. Many of these websites were dedicated to illegal imagery and the new gTLD had apparently been registered specifically for this purpose.

I can only assume that IWF is getting confused between a top-level domain and a second-level domain.

The alternative would be that the organization believes one or more TLD registries are purposefully catering primarily to commercial child pornographers, and for some reason it’s declining to do anything about it.

I’ve put in a request for clarification but not yet received a response.

IWF is funded by corporate donations from primarily technology companies. Pretty much every big domain registry is a donor. Verisign is a top-tier, £80,000+ donor. The others are all around the £5,000 to £10,000 mark.

UPDATE May 26: IWF has been in touch to clarify that it was in fact referring to SLDs, rather than TLDs, in its claims about dedicated commercial CSAM sites quoted above. It has corrected its report accordingly.

Comment Tagged: , ,

Price caps on .org could return, panel rules

Kevin Murphy, April 27, 2021, Domain Policy

ICANN could be forced to reimpose price caps on .org, .biz and .info domains, an Independent Review Process panel has ruled.

The panel handling the IRP case filed by Namecheap against ICANN in February 2020 has decided to allow the registrar to continue to pursue its claims that ICANN broke its own bylaws by removing price controls from the three gTLD contracts.

Conversely, in a win for ICANN, the panel also threw out Namecheap’s demand that the IRP scrutinize ICANN’s conduct during the attempted takeover of .org’s Public Interest Registry by Ethos Capital in 2019.

The split ruling (pdf) on ICANN’s motion to dismiss Namecheap’s case came March 10 and was revealed in documents recently published by ICANN. The case will now proceed on the pricing issue alone.

The three-person panel decided that the fact that ICANN ultimately decided to block Ethos’ acquisition of PIR meant that Namecheap lacked sufficient standing to pursue that element of its case.

Namecheap had argued that ICANN’s opaque processing of PIR’s change of control request created uncertainty that harmed its business, because ICANN may approve such a request in future.

But the panel said it would not prejudge such an eventuality, saying that if another change of control is approved by ICANN in future, Namecheap is welcome to file another IRP complaint at that time.

“Harm or injury flowing from possible future violations by the ICANN Board regarding change of control requests that are not presently pending and that may never occur does not confer standing,” the panel wrote.

On the pricing issue, the panel disagreed with ICANN’s argument that Namecheap has not yet been harmed by a lack of .org price caps because PIR has not yet raised its .org prices.

It said that increased prices in future are a “natural and expected consequence” of the lack of price controls, and that to force Namecheap to wait for such increases to occur before filing an IRP would leave it open to falling foul of the 12-month statute of limitations following ICANN decision-making baked into the IRP rules.

As such, it’s letting those claims go ahead. The panel wrote:

This matter will proceed to consideration of Namecheap’s request for a declaration that ICANN must annul the decision that removed price caps in the .org, .info and .biz registry agreements. The Panel will also consider Namecheap’s request for a declaration that ICANN must ensure that price caps from legacy gTLDs can only be removed following policy development process that takes due account of the interests of the Internet user and with the involvement of different stakeholders. The Panel will consider Namecheap’s request for a declaration that “registry fees… remain as low as feasible consistet with the maintenance of good quality service” within the context of removal of price caps (not in the context of regulating changes of control).

In other words, if Namecheap prevails, future price caps for pre-2012 gTLDs could be decided by the ICANN community, with an assumption that they should remain as low as possible.

That would be bad news for PIR, as well as .info registry Donuts and .biz registry GoDaddy.

But it’s important to note that the IRP panel has not ruled that ICANN has done anything wrong, nor that Namecheap is likely to win its case — the March 10 ruling purely assesses Namecheap’s standing to pursue the IRP.

The panel has also significantly extended the proposed timeline for the case being resolved. There now won’t be a final decision until 2022 at the earliest.

The panel last week delayed its final hearing in the case from August this year to January next year, according to a document published this week.

Other deadlines in the case have also been pushed backed weeks or months.

1 Comment Tagged: , , , , , , , , , , ,

DNS genius and ICANN key-holder Dan Kaminsky dies at 42

Kevin Murphy, April 27, 2021, Domain Tech

Security researcher Dan Kaminsky, best known for uncovering the so-called “Kaminsky Bug” DNS vulnerability, has reportedly died at the age of 42.

It has been widely reported that Kaminsky’s niece confirmed his death from serious complications from his longstanding diabetes.

On Twitter, she rebutted emerging conspiracy theories that his death was linked to the coronavirus vaccine, which he had received April 12, saying her uncle would “laugh” at such views.

During his career as a white-hat hacker, Kaminsky worked for companies including Cisco, Avaya, and IOActive.

He occasionally spoke at ICANN meetings on security issues, and was since 2010 one of IANA’s seven Recovery Key Share Holders, individuals trusted to hold part of a cryptographic key that would be used to reboot root zone DNSSEC in the case of a massive disaster.

But he was best known for his 2008 discovery of a fundamental flaw in the DNS protocol that allowed cache poisoning, and therefore serious man-in-the middle attacks, across millions of name servers worldwide. He worked with DNS software vendors in private to help them with their patches before the problem was publicly disclosed.

His discoveries led in part to the ongoing push for DNSSEC deployment across the internet.

The vulnerability received widespread attention, even in the mainstream media, and quickly came to bear his name.

For me, my standout memory of Kaminsky is one of his series of annual “Black Ops” talks, at the Defcon 12 conference in Las Vegas in 2004, during which he demonstrated to a rapt audience of hackers how it was possible to stream live radio by caching small chunks of audio data in the TXT fields of DNS records and using DNS queries to quickly retrieve and play them in sequence.

As well as being a bit of a DNS genius, he knew how to work a stage: the crowd went mental and I grabbed him for an interview soon after his talk was over.

His death at such a young age is a big loss for the security community.

Comment Tagged: , , , , ,

.gov TLD quietly changes hands

Kevin Murphy, April 26, 2021, Domain Registries

The .gov TLD used exclusively by governmental entities in the US has quietly changed managers.

On Friday, the IANA records for .gov changed from the General Services Administration to the Cybersecurity and Infrastructure Security Agency.

It was not unexpected. CISA announced the move in March.

But it’s less clear how the change request was handled. The ICANN board of directors certainly didn’t have a formal vote on the matter. IANA has not released a redelegation report as it would with a ccTLD.

CISA intends to make .gov domains more widely available to agencies at the federal, state, city and tribal level, and reduce the price to free or almost free.

Verisign currently manages the technical aspects of the domain, for $400 per domain per year.

1 Comment Tagged: , , , , , ,

ICANN asks registries to freeze Net 4 India’s expired domains

Kevin Murphy, April 26, 2021, Domain Registrars

ICANN has asked all domain registries to exempt from deletion expired names registered via collapsed Indian registrar Net 4 India.

The company has been in receipt of an ICANN termination notice since the end of February, but it’s in insolvency proceedings and ICANN says the insolvency court is preventing it from carrying out the execution.

Net4’s customers have been plagued with problems such as the inability to renew or transfer their domains for well over half a year, and ICANN has issued three public breach notices since December.

ICANN says it has received more than 8,000 complaints related to the registrar — which does not even seem to have a functioning web site any more — since things got real bad last September.

Today, ICANN’s head of compliance Jamie Hedlund blogged:

While we await a final order from the insolvency court, ICANN has requested that all registries not delete expired domain names registered through Net 4 India that registrants have not been able to renew or transfer.

While this may not solve every technical issue experienced by Net4 customers, it should at least prevent them permanently losing their domains, assuming a high level of registry compliance with ICANN’s request.

Registrants won’t be fully safe until ICANN is able to carry out the termination and move Net4’s domains to a stable third-party registrar.

While ICANN disputes whether the Indian insolvency court has jurisdiction over it, it is nevertheless currently complying with its instruction to delay termination until further notice.

Hedlund wrote:

ICANN org is taking actions permitted by its agreements, policies, and law to protect registrants and to facilitate the bulk transfer of the Net 4 India registrations to a functioning registrar that can service its customers. ICANN also is being respectful of the [National Company Law Tribunal’s] processes with this case, which have not yet concluded.

He wrote that the next scheduled hearing of the NCLT is tomorrow, April 27. It appears to have been called due to Hedlund recently impressing upon the court the importance of the crisis.

Comment Tagged: , , , ,

UNR cuts $5.2 million from price of new gTLD portfolio

Kevin Murphy, April 26, 2021, Domain Registries

UNR has reduced the opening bids on almost all of the gTLDs it plans to auction off later in the week, to the tune of a whopping $5.2 million.

According to the minimum opening bids listed on the auction web site today, the job lot of 23 TLD contracts could go for as little as $11.65 million, if there’s no competitive bidding whatsoever.

That’s compared to the $16.87 million total when the TLDs were first announced for auction back in January.

It’s a no-reserve auction of UNR’s entire portfolio of gTLDs that runs from Wednesday to Friday this week.

Some gTLDs, such as .hiv and .juegos, have no minimum bids.

The only TLD to receive a price increase since January is .llp, which had a $0 listing back then but is now listed at $200,000. There’s been no change in .llp’s fortunes since then — it’s still unlaunched.

The music-themed .country, which had no list price in January, now has a $300,000 tag.

The biggest discount comes on .link, once listed with a $3 million opener, now reduced to $2 million.

Nine of the gTLDs are now priced at below the original ICANN application fee of $186,000.

Here’s a table comparing the January minimum bid to today’s pricing.

[table “66” not found /]

UNR, which sold off its registrar and secondary market businesses to GoDaddy and its stakes in three car-themed gTLDs to XYZ.com last year, plans to remodel itself as a back-end operator post-auction.

UPDATE: According to UNR, the January prices were preliminary and published accidentally, and no changes have been made since late January or early February.

2 Comments Tagged: , , ,

Formerly massive drop-catcher faces ICANN probe

Kevin Murphy, April 26, 2021, Domain Registrars

Pheenix, which used to operate a network of hundreds of accredited registrars, now faces potentially losing its last remaining accreditation, due to an ICANN probe.

ICANN told the US-based company in a breach notice last week that it faces additional action unless it fixes a bunch of problems related to domain transfers and Whois before May 14.

According to ICANN, for over a year Pheenix has been declining to provide data showing it is in compliance with the Expired Registration Recovery Policy and the Transfer Policy, related to dozens of domains.

Pheenix was told about at least one such disputed domain as far back as February last year, but ICANN says it’s been unresponsive to its outreach.

It’s also failed to implement an RDAP server, which ICANN has been nagging it about since October 2019. RDAP, the Registration Data Access Protocol, is the successor protocol to Whois.

A quick spot-check reveals that the disputed names are traffic domains once belonging to legitimate organizations, usually with inbound Wikipedia links, that were captured after the organization in question folded and its domains expired. Most were repurposed with low-quality content and advertising.

That fits in with Pheenix’s registrar business model. It was until a few years ago a huge drop-catching player, with over 500 shell accreditations it used to gain speedy access to dropping domains.

But it dumped almost 450 of these in November 2017, and another 50 the following April.

Since then, Pheenix’s primary IANA number (the coveted “888”) has been associated with fewer and fewer domains.

It had 6,930 domains under management at the end of 2020, down from a November 2017 peak of 71,592.

It hasn’t recorded any new domain adds in any gTLDs since April 2020.

According ICANN’s chronology of events, it’s sent dozens of emails, faxes and voicemails over the last year, related to multiple domain names, and it’s only received a single email in response. And that was in May 2020.

2 Comments Tagged: , , , ,