Recent Posts
- Salesforce to apply for a dot-brand
- Team Internet looking to break up
- Noss to leave Tucows corner office
- Rubens Kühl has died
- Sinha angry with Chapman’s firing as ICANN vice chair
- Glitch redux: ICANN screws up new gTLD security again
- CentralNic claims second-largest TLD migration ever
- DNS issue at Amazon takes out major apps and sites
- .io sales almost double over three years
- Amazon delays book and fashion gTLDs
- Lindqvist shuffles the exec deck
- GoDaddy launches “ultra-premium” domain marketplace
- .mobi to get a new rival in .mobile
- Bye-bye .boomer! Blockchain players abandon new gTLD plans
- Decades-old US registrar gets a spanking
- love.you sold in apparent five-figure deal
- Bogus harassment complaints could get you an ICANN ban
- ICANN slaps open-mic ban on conflicted lawyers
- Final GTFO warning for 19 failed new gTLD bids
- Nominet opens $500,000 fund for open source projects
- Com Laude buys larger rival Markmonitor
- Epik took down Charlie Kirk doxing site
- Number of subsidized gTLD bidders far lower than thought
- Another registrar goes AWOL
- gTLD loses its second-largest registrar after breach
- Com Laude buys Fairwinds
- Unstoppable wants to be a registry back-end
- Sixteen new gTLD bids could face the firing squad
- Registry to release one-letter domains tomorrow
- New ICANN funding rules will cost smaller ccTLDs more
- .ai rival lines up gTLD bid
- Team Internet lays off 200
- Sixteen more orgs vie for cheap gTLDs, but…
- So who’s registering sunrise domains these days?
- Cloud gTLD gets launch dates
- Governments say new gTLD program “credibility” at stake
- NIXI planning doomed new gTLD bids
- AI experts replace Chapman on ICANN board
- RDRS may not be dead
- Single-letter .com lawsuit thrown out of court
- Golding challenges McCarthy for Nominet board seat
- Three applicants qualify for cheapo gTLDs
- Blockchain crisis looming for new gTLD next round
- Two more dot-brands leave Verisign for GoDaddy
- ICANN looking at new bulk reg rules
- Reseller loss hits Tucows’ DUM but not revenue
- GoDaddy counts cost of losing .co deal
- Wine producers worried about new gTLDs
- Goodyear tires of its dot-brand
- Team Internet loses Radix to Tucows
- ICANN’s “review of reviews” kicks off
- Huge registrars flee from RDRS
- Namecheap loses attempt to bring back .org price caps
- Registrar shamed for alleged crypto abuse neglect
- Poblete’s ICANN board seat safe
- .com off to strong start in Q3
- .my is growing like crazy
- ICANN settles $77 million sexual harassment suit
- Chinese domain spikiness ends in first half
- Registrars agree to higher ICANN fees
- ICANN to review reviews after review review request fails
- Got junk? June’s biggest gTLD growers do
- ICANN ditches Oman due to Middle-East conflicts
- ICANN’s mighty overlord flexes on transparency
- ICANN faces first pushback over DEI U-turn
- Loads of firms flunk out of next-round gTLD back-end program
- presidenttrump.xxx among thousands of dead .xxx domains suddenly springing to life
- One of the dumbest gTLDs just switched back-ends
- GoDaddy loses .co to Team Internet
- Governments erect bulk-reg barrier to new gTLD next round
- Little interest in cheapo gTLD program
- US government opposes most new gTLDs
- GoDaddy loses last Amazon business to Identity Digital
- Third Amazon gTLD launch dates revealed
- .TOP promises to play nice on DNS abuse
- Court denies ICANN’s #MeToo “cover up” attempt
- Launch dates for two more Amazon gTLDs revealed
- An end to “Club Med for geeks” ICANN?
- Some people paid premiums for .hot domain hacks
- .io questions in sharp focus as UK signs Chagos treaty
- Big .gdn registrar at risk
- ICANN “reaffirms its commitment to diversity and inclusion”
- ICANN kills off diversity and inclusion
- Kaufmann picked for ICANN board
- Conflicted? STFU under new ICANN rules
- .hot is for hookers? Amazon’s first premium regs revealed
- Gname adds another 200 registrars
- New Pope’s .com domain was registered the day Francis died
- Two deadbeat registrars get their ICANN marching orders
- DotMusic has sold a lot of names, but not many are turned on
- .med is a deeply weird gTLD, but it wants to be more normal
- ICANN cuts off money to UASG
- Web.com getting dumped
- .es and .pt riding out massive power outage
- .com is back as Verisign discounts bear fruit
- Dot-brand actually being used to get deleted
- Verisign gave Trump $100,000
- Private Whois requests hit new low after Tucows quits RDRS
- Zoom says GoDaddy took it down for hours
- The Soviet Union might be safe after all
- Google says its ccTLDs “are no longer necessary”
- Facebook thinks ICANN is a bit rubbish
- ICANN spending $365,000 a year on coffee and booze
- Regulator going after suicide site that even Epik banned
- .ai sees $600,000 auction sales in a month
- Pru trims its dot-brand portfolio
- UK’s Nigel Hickson has died
- .blog registry ordered to change name to Knock Knock RDAP There
- WordPress buys Canadian, swaps CentralNic for CIRA
- Latest ICANN salary porn ruins my terrible pun
- .co deal worth $77 million up for grabs
- I get a wrongful kicking as .su registry denies turn-off plan
- Sales and profits dip at Team Internet
- Four deadbeat registrars get terminated
- “No timeline” to retire Soviet Union from the DNS
- ICANN to kill off 60-day domain transfer lock
- Lancaster bags up its dot-brand
- Google readying its next batch of gTLD launches?
- NomCom confirms Americans rejected from ICANN board
- Nova announces $45 million of new gTLD applications
- Registry makes .ai an option for Koreans
- it.com now bigger than Guatemala
- ICANN turns to AI and crowdsourcing for new gTLD program
- Amazon lawyer DiBiase elected to ICANN board
- Is .io safe now? Identity Digital now running Mauritian ccTLD
What to make of this strange trend in new domain regs?
Are people getting the shortest domain possible when they register in a new gTLD?
Every month uber-registry Donuts publishes data about its portfolio, such as which gTLDs are most popular, in which region, what its most popular premium names are, and what keywords are most commonly registered at the second-level.
For the past few months, I’ve noticed what may be considered an unusual trend — many of the most popular SLD keywords are already gTLDs in their own right, suggesting registrants may not be getting their optimal domain.
The top 10 second-level keywords in February were: today, meta, letter, first, digital, verse, online, club, life, and home.
Put a dot in front of them, and five are also gTLDs — .today, .digital, .online, .club, and .life — some of which Donuts actually manages. One of them, .home, has multiple outstanding applications but has been essentially banned by ICANN due to high levels of name collision.
It’s even more noticeable in January’s numbers, with seven gTLD matches — online, life, digital, free, green, shop, world — in the top 10 SLD keywords.
In December there are six — today, group, online, digital, world and life. In November, four — online, digital, life, group. In October, six — digital, online, life, tech, shop, group.
It shouldn’t be hugely surprising that there’s a crossover between gTLD strings and popular SLD strings — one of the ways Donuts and others picked their gTLDs was by scouring the .com zone file for the most-common SLD endings.
The idea was that if Peter owned, or was thinking of registering, peterspickledpeppersonline.com, he might reasonably want to upgrade to the shorter peterspickledpeppers.online.
Donuts consistently says that the domains it sells are 20% shorter than domains registered in .com over the comparable period.
But its data suggests that this they’re not always getting their optimal domain. People are registering in new gTLDs, but they’re often not using the gTLD that would make their overall domain shorter.
I wonder why this is.
Cost could certainly be a factor. There’s not a massive amount of difference between a .online and a .live, and both are typically more expensive than .com, but it might be an issue for registrants on tight budgets.
It seems more likely that a lack of awareness among registrants may be the main issue — they don’t know the full breadth of options available to them (hell, even I don’t, and this is my job).
Registrars’ name spinners aren’t always helpful raising this awareness.
I typed the string “peterspickledpeppersonline” into the storefronts of seven popular registrars, all of which carry new gTLDs, and found that two of them didn’t offer peterspickledpeppers.online among their suggestions at all.
On some, the domain was way down the list, after far less-relevant suggestions, even though it is shorter and carries a higher price.
EURid appoints new CEO
EURid has named its new CEO, or general manager, as Peter Janssen.
Janssen is currently technical manager at the registry, where he’s been since .eu went live over 15 years ago.
He’ll replace longstanding boss Marc Van Wesemael, who’s retiring.
Janssen previously worked for DNS Belgium, also as technical manager.
Mutually assured destruction? Now Afilias faces .web disqualification probe
Afilias’ ongoing quest to have Verisign’s winning bid for the .web gTLD thrown out may have backfired, with ICANN now launching a probe into whether Afilias’ own bid should be disqualified.
Afilias and Verisign could now BOTH be kicked out of the .web fight, delivering the coveted gTLD into the hands of the third-placed bidder for a knock-down price.
There’s even the possibility that Verisign’s winning $135 million bid could be more than cut in half, taking tens of millions out of ICANN’s coffers.
ICANN’s board of directors on Thursday said it will investigate not only whether Verisign broke new gTLD program rules by using a Nu Dot Co as proxy to bid, but also whether Afilias broke the rules when an executive texted NDC during a pre-auction comms blackout period.
It’s the first time board has resolved to take a look at the allegations against Afilias, which so far have only come up in letters and arbitration filings from Verisign and NDC.
The .web auction in 2016 resulted in a winning bid of $135 million from NDC. It quickly emerged that its bid was bankrolled by Verisign, which had not directly applied for .web.
Afilias’ applicant subsidiary (now called Altanovo Domains, but we’re sticking with “Afilias” for this story) has been trying to use Verisign’s sleight-of-hand to get the auction overturned for years, on the basis that ICANN should have forced NDC to show its cards before the auction took place.
An Independent Review Process panel last year ruled that ICANN broke its own bylaws by failing to rule on Afilias’ allegations when they were first made, and told ICANN to put .web on hold while it finally formally decides whether Verisign broke the rules or not.
What the IRP panel did NOT do was ask ICANN to rule on Verisign’s counter-allegations about Afilias violating the auction blackout period. ICANN’s decided to do that all by itself, which must piss off Afilias no end.
The board resolved last week, with my emphasis:
Resolved (2022.03.10.06), the Board hereby: (a) asks the [Board Accountability Mechanisms Committee] to review, consider and evaluate the allegations relating to the Domain Acquisition Agreement (DAA) between NDC and Verisign and the allegations relating to Afilias’ conduct during the Auction Blackout Period; (b) asks the BAMC to provide the Board with its findings and recommendations as to whether the alleged actions of NDC and/or Afilias warrant disqualification or other consequences, if any, related to any relevant .WEB application; and (c) directs ICANN org to continue refraining from contracting for or delegation of the .WEB gTLD until ICANN has made its determination regarding the .WEB application(s).
I see four possible outcomes here.
- Nobody gets disqualified. Verisign wins .web and ICANN gets to keep its $135 million. Afilias will probably file another IRP or lawsuit.
- Verisign gets disqualified. Afilias gets .web and ICANN probably gets paid no more than $79.1 million, which was its maximum bid before the auction became a two-horse race. Verisign will probably file an IRP or lawsuit.
- Afilias gets disqualified. Verisign wins .web and then it has to be figured out how much it pays. I believe the high bid before the third-place bidder pulled out was around $54 million, so it could be in that ball-park. Afilias will probably file another IRP or lawsuit.
- Both Afilias and Verisign get disqualified. The third-placed bidder — and I don’t thinks its identity has ever been made public — wins .web and pays whatever their high bid was, possibly around $54 million. Everyone sues everyone else and all the lawyers get to buy themselves a new summer home.
The other remaining applicants are Donuts, Google, Radix and Schlund. Web.com has withdrawn its application.
The people who will decide whether to disqualify anyone are the six members of the Board Accountability Mechanisms Committee who are not recusing themselves due to conflicts of interest (Edmon Chung has a relationship with Afilias).
Given that the board has already ruled that it has a fiduciary duty to dip into the new gTLD auction proceeds pretty much whenever it pleases, can’t we also assume that it has a fiduciary duty to make sure that auction proceeds pool is as large as possible?
Closed generic gTLDs likely to be allowed, as governments clash with ICANN
So-called “closed generics” seem to be on a path to being permitted in the next new gTLD application round.
The issue reconfirmed itself at ICANN 73 last week as a major point of disagreement between governments and ICANN, and a major barrier to the next round of new gTLDs going ahead.
But a way forward was proposed that seems likely to to permit closed generics in some form in the next round, resolving an argument that has lasted the better part of a decade.
It seems ICANN now expects that closed generics WILL be permitted, but restricted in some yet-to-be-decided way.
A closed generic is a gTLD representing a dictionary word that is not also a brand, operated by a registry that declines to sell domains to anyone other than itself and its close affiliates.
Imagine McDonald’s operating .burgers, but no other fast food chain, cow-masher, or burger afficionado is allowed to register a .burgers domain.
ICANN’s 2012 application round implicitly allowed applications for such gTLDs — at least, it did not disallow them — which prompted outrage from the governments.
The GAC’s Beijing communique (pdf), from April 2013, urged ICANN to retroactively ban these applications unless they “serve a public interest goal”.
The GAC identified 186 applications from the 2012 round that appeared to be for closed generics.
ICANN, taking the GAC’s lead, gave these applicants a choice to either convert their application to an open generic, withdraw for a refund, or maintain their closed generic status and defer their applications to the next round.
Most opted to switch to an open model. Some of those hacked their way around the problem by making registrations prohibitively restrictive or expensive, or simply sitting on their unlaunched gTLDs indefinitely.
The GNSO policy for the next round is inconclusive on whether closed generics should be permitted. The working group contained two or three competing camps, and nobody conceded enough ground for a consensus recommendation to be made.
It’s one of those wedge issues that highlights the limitations of the multistakeholder model.
The working group couldn’t even fall back on the status quo since they couldn’t agree, in light of ICANN’s specific request for a clear policy, what the status quo even was.
Policy-makers are often also those who stand to financially benefit from selling shovels to new gTLD applicants in the next round. The fewer restrictions, the wider the pool of potential clients and the more attractive the sales pitch.
The working group ended up recommending (big pdf) further policy work by disinterested economics and competition law experts, which hasn’t happened, and the GNSO Council asked the ICANN board for guidance, which it refused to provide.
The GAC has continued to press ICANN on the issue, reinforcing its Beijing advice, for the last year or so. It seems to see the disagreement on closed generics as a problem that highlights the ambiguity of its role within the multistakeholder process.
So ICANN, refusing to create policy in a top-down fashion, is forcing the GAC and the GNSO to the table in bilateral talks in an attempt to create community consensus, but the way the Org is framing the issue may prove instructive.
A framework for these discussions (pdf) prepared by ICANN last week suggests that, when it comes to closed generics, an outright-ban policy and an open-door policy would both be ruled out from the outset.
The paper says:
It is evident from the PDP deliberations and the community’s discussions and feedback that either of the two “edge outcomes” are unlikely to achieve consensus; i.e.:
- 1. allowing closed generics without restrictions or limitations OR
- 2. prohibiting closed generics under any circumstance.
As such, the goal could be to focus the dialogue on how to achieve a balanced outcome that does not represent either of these two scenarios. The space to be explored in this dialogue is identifying circumstances where closed generics could be allowed (e.g., when they serve the public interest, as noted by the GAC Advice). This will likely require discussions as to the types of possible safeguards that could apply to closed generics, identifiable public interest goals for that gTLD and how that goal is to be served, with potential consequences if this turns out not to be the case.
It sounds quite prescriptive, but does it amount to top-down policy making? Insert shrugging emoji here. It seems there’s still scope for the GAC and GNSO to set their own ground rules, even if that does mean relitigating entrenched positions.
The GAC, in its ICANN 73 communique (pdf) said yesterday that it welcomes these talks, and the GNSO Council has already started to put together a small team of councillors (so far also former PDP WG members) to review ICANN’s proposal.
ICANN expects the GNSO-GAC group to begin its work, under an ICANN-supplied facilitator, on one or more Zoom calls before ICANN 74 in June.
101domain throttles its business in Russia
101domain has become the latest registrar to say it is limiting its business in Russia in response to the invasion of Ukraine.
The company, owned by Altanovo Domains, said today it is suspending all new accounts, orders and inbound domain transfers for customers located in Russia.
It will also no longer sell or accept transfers for domains in Russian-linked TLDs .ru (including third-level names), .рф (.xn--p1ai), .МОСКВА (.xn--80adxhks), .рус (.xn--p1acf), .дети (.xn--d1acj3b), .su, and .tatar.
“We will continue to process renewals of existing services for the time being, however this may change at any time and without notice,” the company said.
101domain follows fellow registrars Namecheap, IONOS, and GoDaddy in announcing what effectively amount to commercial sanctions against Russia.
Industry bodies CENTR and ICANN, along with ccTLD registry Nominet, have also committed to concrete actions to sanction Russia and/or support Ukraine.
ICANN bigwigs support sanctions on Russian domains
Current and former ICANN directors are among 36 high-profile tech policy veterans to support the creation of a new domain block-list that could be deployed in humanitarian crises such as the current war in Ukraine.
An open letter (pdf), published last night, calls to effectively create a list of sanctioned domain names and IP addresses that could be blocked in much the same way as current lists help network operators block spam and malware.
The letter says:
We call upon our colleagues to participate in a multistakeholder deliberation… to decide whether the IP addresses and domain names of the Russian military and its propaganda organs should be sanctioned, and to lay the groundwork for timely decisions of similar gravity and urgency in the future.
Signatories include current ICANN director Ihab Osman, former chair Steve Crocker, founding CEO Mike Roberts, former CSO Jeff Moss and former director Alejandro Pisanty.
Other signatories include three members of the European Parliament, various academics and security researchers, the bosses of networking coordination groups, and the CEOs of several ccTLD registries.
Dmitry Kohmanyuk, founder of Ukrainian ccTLD registry Hostmaster, also signed the letter.
The letter deconstructs Ukraine’s recent requests for internet sanctions against Russian, including its request for ICANN to turn off Russia’s .ru domain, and concludes “the revocation, whether temporary or permanent, of a ccTLD is not an effective sanction because it disproportionately harms civilians”.
Such a sanction would be trivially circumvented and would lead to the proliferation of alt-roots, harming international interoperability, they say.
Having ruled out sledgehammers, the letter goes on to suggest a nutcracker approach, whereby the domain names and IP addresses of sanctioned entities are blocked by consensus of network operators like they’re no more than filthy spammers. The letter reads:
Blocklisting of domain names allows full precision and specificity, which is the problem that precludes action by ICANN. The system is opt-in, voluntary, consensual, and bottom-up, all values the Internet governance community holds dear. Yet, at the same time, it has achieved broad adoption.
We conclude that the well-established methods of blocklisting provide the best mechanism for sanctioning both IP routes and traffic and domain names, and that this mechanism, if implemented normally by subscribing entities, has no significant costs or risks.
The billion-dollar question is of course: Who would decide what goes on the list?
The letter, which says it’s designed to be a conversation-starter, is a bit vague on the policy-making aspect of the proposal.
It calls for the formation of “a new, minimal, multistakeholder mechanism” that would publish a block-list data feed after “due process and consensus”, adding:
This process should use clearly documented procedures to assess violations of international norms in an open, multistakeholder, and consensus-driven process, taking into account the principles of non-overreach and effectiveness in making its determinations. This system mirrors existing systems used by network operators to block spam, malware, and DDoS attacks, so it requires no new technology and minimal work to implement.
While such a system might well help protect gullible (to pick a nationality at random) Americans from the Kremlin’s misinformation campaigns, it’s not immediately clear to me how such a system would help shield blameless everyday Russians from their own government’s propaganda.
If rt.com, for example, were on the block-list, and Russia wanted RT available to its citizens, presumably Russian ISPs would just be told, at the barrel of a metaphorical gun, to stop using the block-list.
It will be interesting to see where this conversation leads.
Soviet Union “no longer considered eligible for a ccTLD”, ICANN chair confirms
The former Soviet Union’s .su domain could soon embark along the years-long path to getting kicked off the internet, ICANN’s chair has indicated.
The .su ccTLD, which survived the death of the USSR thirty years ago “is no longer considered eligible for a ccTLD”, Martin Botterman said in response to a question by yours truly at the ICANN 73 Public Forum yesterday.
It seems ICANN will no longer turn a blind eye to .su’s continued existence, and that the policy enabling ccTLDs to be “retired” could be invoked in this case, after it is finalized.
The question I asked, per the transcript, was:
While it is generally accepted that ICANN is not in the business of deciding what is or is not a country, do you agree that the Soviet Union does not meet the objective criteria for ccTLD eligibility? And would you support dot SU entering the ccTLD retirement process as and when that process is approved?
I went into a lot of the background of .su in a post a couple weeks ago, and I’m not going to rehash it all here.
I wasn’t expecting much of a response from ICANN yesterday. Arguments over contested ccTLDs, which usually involve governments, are one of the things ICANN is almost always pretty secretive about.
So I was pleasantly surprised that Botterman, while he may have dodged a direct answer to the second part of the question, answered the first part with pretty much no equivocation. He said, per the recording:
It is correct that the Soviet Union is no longer assigned in the ISO 3166-1 standard and therefore is no longer considered eligible for a ccTLD.
ICANN Org has actually held discussions with the managers of the .su domain in the past to arrange an orderly retirement of the domain, and the ccNSO asked ICANN Org starting in 2010 and reiterated in 2017 to pause its efforts to retire the domain so that the Policy Development Process could be conducted. And that is a request we have honored.
So we’re glad to report that the ccNSO recently concluded that Policy Development Process and sent its policy recommendations to the ICANN board.
We will soon evaluate the ccNSO policy recommendations, and we will do so in line with the bylaws process.
It looked and sounded very much like he was reading these words from his screen, rather than riffing off-the-cuff, suggesting the answer had been prepared in advance.
I wasn’t able to attend the forum live, and I’d submitted the question via email to the ICANN session moderator a few hours in advance, giving plenty of time for Botterman or somebody else at ICANN to prepare a response.
The ccNSO policy referred to (pdf), which has yet to be approved by the ICANN board, creates a process for the removal of a ccTLD from the DNS root in scenarios such as the associated country ceasing to exist.
It’s creatively ambiguous — deliberately so, in my view — when it comes to .su’s unique circumstances, presenting at least two hurdles to its retirement.
First, the Soviet Union stopped being an officially recognized country in the early 1990s, long before this policy, and even ICANN itself, existed.
Second, the .su manager, ROSNIIROS, is not a member of the ccNSO and its debatable whether ICANN policies even apply to it.
In both of these policy stress tests, the ccNSO deferred to ICANN, arguably giving it substantial leeway on whether and how to apply the policy to .su.
I think it would be a damn shame if the Org didn’t at least try.
While it’s widely accepted that ICANN made the correct call by declining to remove Russia’s .ru from the root, allowing .su to continue to exist when it is acknowledged to no longer be eligible for ccTLD status, and the policy tools exist to remove it, could increasingly look like an embarrassing endorsement in light of Russian hostilities in former Soviet states.
Nominet cuts off Russian registrars
Russian registrars will no longer be able to sell .uk domains, due to the war in Ukraine, Nominet announced today.
“We are not accepting registrations from registrars in Russia — we are suspending the relevant tags,” the registry said.
A “tag” is the unique identifier Nominet issues to its registrars to enable them to access the .uk registry.
I believe it’s the first example of a national domain registry taking action against Russian companies in response to the invasion of Ukraine.
While Nominet is independent, it’s pretty tight with the UK government, which with international partners has implemented some quite tough economic sanctions against Russia.
Nominet said that the “very small” number of existing domains with Russian addresses “will continue to operate as normal”.
Other measures the company announced include a £200,000 donation to the war relief effort, a reduction of its roughly £100,000 of investments in Russian companies to about £1,000, and the monitoring of new .uk registrations for possible Ukraine-related scams.
Other domain companies to announce what effectively amount to sanctions against Russia include Namecheap, Sedo, IONOS, GoDaddy and CENTR.
ICANN has also offered money to Ukraine and concessions to Ukrainian registrants, though the latter may also apply to Russians.
Now Sedo pulls the plug on Russians
Secondary market player Sedo has become the latest domain name company to stop dealing with Russians and Russian domains.
The company sent an email to its customers today saying that it has “suspended trading and parking” for .ru domains and domains in Belarus’ .by ccTLD.
It said it can no longer serve customers in Russia or Belarus and has “temporarily deactivated” their accounts.
It’s not clear whether the move is motivated by Sedo taking a principled stance against the war in Ukraine, or necessitated by the company’s inability to process cross-border payments due to international sanctions.
“Sedo disapproves of any kind of hate and violence, as well as anything that radically contradicts our corporate values,” the company said. “Therefore, for the sake of the civilians involved, we hope for an early resolution of this conflict.”
Sedo is part of the United-Internet group. Its sister company, IONOS, announced it was working on kicking out Russian customers last week.
DNSSEC claims another victim as entire TLD disappears
A country’s top-level domain disappeared from the internet for many people yesterday, apparently due to a DNSSEC key rollover gone wrong.
All domains in Fiji’s ccTLD, .fj, stopped resolving for anyone behind a strict DNSSEC resolver in the early hours of the morning UTC, afternoon local time, and stayed down for over 12 hours.
Some domains may still be affected due to caching, according to the registry and others.
The University of the South Pacific, which runs the domain, said that it had to contact ICANN’s IANA people to get the problem fixed, which took a while because it had to wait for IANA’s US-based support desk to wake up.
IANA head Kim Davies said that in fact its support runs 24/7 and in this case IANA took Fiji’s call at 2.47am local time.
Analyses on mailing lists and by Cloudflare immediately pointed to a misconfiguration in the country’s DNSSEC.
It seems Fiji rolled one of its keys for the first time and messed it up, meaning its zone was signed with a non-existent key.
Resolvers that implement DNSSEC strictly view such misconfigurations as a potential attack and nix the entire affected zone.
It happens surprisingly often, though not usually at the TLD level. That said, a similar problem hit thousands of Sweden’s .se domains, despite the registry having a decade’s more DNSSEC experience than Fiji, last month.
Domain Incite had a similar problem recently when its registrar carried on publishing DNSSEC information for the domain long after I’d stopped paying for it.
UPDATE: This post was updated with comment from IANA.
Recent Comments