Second DNSSEC screw-up takes down Aussie web sites
.au domains failed to resolve for many internet users for almost an hour on Monday, after the registry operator messed up a DNSSEC update.
ccTLD overseer auDA said the issue was caused by a “key re-signing process that generated an incorrect record”. Users on ISPs that strictly enforce DNSSEC would have returned not-found errors for .au domains during the outage.
.au’s technical back-end is managed by Identity Digital, which reportedly said that the outage lasted from 0005 UTC until 0052 UTC.
With over four million domains, .au is I believe the largest TLD zone to fall victim to DNSSEC-related downtime, but it’s not the first time it has happened to the domain.
In March 2022, thousands of .au domains were affected by a DNSSEC snafu that lasted a few hours.
DNSSEC is meant to make the DNS more secure by reducing the risk of man-in-the-middle attacks, but it’s appears to be easy to screw up, judging by a list of TLD outages. Just this year, Mexico, New Zealand and Venezuela have also suffered downtime.
About 6,000 .au domains remain contested
Australia’s .au ccTLD has added about 25,000 direct second-level domains since the start of the year, according to auDA.
The registry said this week that it had 740,000 2LD .au names as of March. In its annual report for 2022, published in February, it said it had 716,000 at the end of the year.
auDA also revealed some statistics on its Priority Allocation Process, including the fact that some 6,000 .au domains remain unallocated because more than one registrant has staked a claim.
The process allowed registrants of third-level domains to claim their matching 2LD, but in some cases there’s a conflict because on person owns the .com.au and another owns the .org.au or .net.au.
The 3LD owners have to renew their application for the matching 2LD every year or risk losing it to their rival applicant. The first renewal is due this September.
Over 450,000 contention sets have been resolved so far. There are 4.2 million .au domains registered overall.
One in six .au domains is a 2LD
The .au ccTLD had over 700,000 direct second-level registrations at the end of 2022, according to registry auDA.
In its annual report (pdf) published this week, auDA said it had over 716,000 2LD regs. The second level space was opened up in March last year with a six-month grandfathering period.
It had 4,160,209 domains overall at the end of December, so roughly one in six .au regs was a 2LD.
In the comparable .uk liberalization, which had a five-year grandfathering period, at its peak in 2019 roughly one in four names was a 2LD. Today, it’s more like one in 10.
Whether .au will follow the same trend remains to be seen.
Domain universe shrinks again: .com and .cn down, .au up
The number of registered domain names in the world shrank again in the third quarter, with mixed results across various TLDs, according to Verisign’s latest Domain Name Industry Brief.
There were 349.9 million names across all TLDs at the end of September, down 1.6 million sequentially but up 11.5 million compared to Q3 2021, the DNIB states.
The industry has downsized in every quarter this year, judging by Verisign’s numbers.
The company’s own .com, suffering from post-Covid blues, macroeconomic factors and (possibly) pricing issues, dragged the overall number down in Q3 by 200,000 domains, ending with 160.9 million.
But China’s .cn was hit harder, ending the period down from 20.6 million to 18 million. As I pondered in September, this may be due to how Verisign sources data.
Australia’s .au benefited from the launch of second-level availability, which boosted its number by 400,000 domains, ending with 4 million and overtaking .fr and .eu to become the seventh-largest ccTLD.
The ccTLD world overall shrunk sequentially by 1.7 million names but grew by 5.7 million on the year to end the quarter with 132.4 million.
New gTLDs ended with 27.3 million names, up 300,000 sequentially and 3.8 million year over year.
.au adds 100,000 names in days after 2LD floodgates open
The Australian ccTLD, .au, added over 100,000 domain registrations in just a couple of days after restrictions were lifted on second-level names last week.
Local registry auDA is currently reporting 4,109,218 registered names (second and third-level combined), compared to 4,003,804 at the start of the month.
My records show that about 90,000 names were added in the day after unclaimed 2LDs were released back into the available pool after a six-month grandfathering period in which only matching 3LD owners could register.
.au had 3.4 million domains under management in late March, when auDA first started selling 2LDs.
At AUD 7.83 ($5) a year wholesale, the expansion seems to have netted auDA an extra recurring $3 million at least, of which back-end operator Identity Digital will also claim a slice.
Adoption light with four weeks to .au’s 2LD deadline
Australians have just four weeks left to take advantage of auDA’s second-level domain grandfathering program, but so far uptake has been light.
Owners of third-level .au domains have until September 20 to claim their matching 2LDs before they are released into the general availability pool, the end of a six-month process.
But to date there have only been about 200,000 2LD registrations, auDA said in a press release this week, a small percentage of the almost 3.7 million overall .au registrations.
“We received more than 35,000 registrations in the first 24 hours, nearly 80,000 registrations in the first week and over 200,000 registrations to date,” CEO Rosemary Sinclair said, describing uptake as “strong”.
Second-level liberalizations in other ccTLDs have not exactly set the world on fire. Nominet’s .uk 2LDs under management currently run at less than 15% of the 3LD level.
auDA updates on 2LD .au sales
Registrations of second-level domains in .au led to strong growth in the second quarter, according to auDA.
The number of 2LDs registered between the namespace opening up March 24 and the end of June was more than 170,000 the registry said in its latest quarterly report.
There were 218,886 newly registered names in the second quarter, which ended with 3,603,924 total names under management, auDA said.
From launch and for the next few months, all 2LDs are reserved for owners of the matching 3LDs in for example .com.au, so it seems adoption is still quite slow.
In .uk, which liberalized its own zone several years ago, there were 1,370,488 registered 2LDs, compared to 9,777,315 3LDs, at the end of July, registry stats show.
African Union can’t register .africa domain
File this one under “ironic”. Also file it under “Maarten Botterman might be the worst pen-pal in history.”
It turns out that the African Union has been unable to register its domain of choice in the .africa gTLD — for which AU support was a crucial and divisive deal-breaker — because of rules insisted upon by governments.
The AU Commission’s vice chair, Kwesi Quartey, has asked ICANN to release the string “au” from the list that all contracted registries have to agree to reserve because they match the names or acronyms of intergovernmental organizations (IGOs).
The AU is an IGO, so its string is protected from being registered by anyone, including itself.
Quartey wrote, in a letter (pdf) to ICANN chair Botterman:
Unfortunately inclusion of the AU label within the IGO List had the unintended consequence of preventing any third party, including the African Union, from registering the acronym as a domain name (au.africa), yet there is an urgent need to change the African Union digital identifier on the internet from au.int to the .africa domain name.
“Urgent need”, you say? That’s ICANN’s specialty!
Botterman immediately sprang into action and sent his urgent reply (pdf), waiting just 21 short months from Quartey’s July 2020 urgent request to urgently pass the buck to the Governmental Advisory Committee.
Only the GAC can ask for a protected acronym to be removed from the list, he wrote. ICANN Org and board have their hands tied.
Also, removing “au” from the list will release it in all gTLDs, potentially allowing it to be registered by third parties in hundreds of other zones, so watch out for that, Botterman noted.
An additional wrinkle not noted in the letter, which may help or hinder the AU, is that Australia also has rights to the same string under an entirely different new gTLD program reserved list, because it matches the Aussie ccTLD.
You’ll recall that .africa was a contested gTLD in which AU support was the deciding factor.
The AU had originally offered to support a bid from DotConnectAfrica, but after the new gTLD program got underway it withdrew that support and conducted a registry tender that was won by ZA Central Registry, which now runs .africa.
DCA has been pursuing ICANN about this in arbitration and the courts ever since.
2LDs boost .au’s growth
Australian ccTLD registry auDA has been reporting registration volumes growing much faster than usual in the days since it started selling .au domains directly at the second level.
The company is currently reporting a grand total of 3,492,366 domains, which is up by almost 78,000 since March 24, when 2LDs went on sale.
Normally, .au rarely grows by more than about 500 domains per day.
Right now and for the next six months, all 2LDs have been reserved for the owners of their exact-match third-level domains, so there’s not the same kind of rush you might expect in a first-come, first-served scenario.
.au names available today
Australians are able to register domain names directly under .au for the first time today, after ccTLD registry auDA liberalized its hierarchy.
Second-level names under .au will at first only be available to existing registrants of matching third-level names in zones such as .com.au and .net.au, under a priority allocation process.
This process lasts for six months and allows domain owners to claim their matching 2LD more or less immediately, assuming there are no other registrants with matching rights.
In cases where more than one registrant applies for the name domain — such as when example.com.au and example.net.au are owned by different people — a contention process kicks in.
Registrants with reg dates before the cut-off of February 4, 2018 get priority over those with later dates.
If there are only registrants with names newer than the cut-off date, the oldest one gets priority.
If there are only registrants with names older than the cut-off date, they’ll have to come to a bilateral agreement about who gets the name. If they can’t come to a deal, the name stays reserved, and the applicants will have to renew their applications annually, until only one applicant remains.
There are no auDA-backed auctions envisaged by the process.
Any domains that are unclaimed at the end of the priority process will be released into the available pool on September 20.
It’s a much shorter grandfathering period than other liberalized ccTLDs, such as Nominet, which gave .co.uk registrants five years to claim their matching 2LD, and it will be interesting to see what impact this has on uptake.
Direct .uk domains became available in June 2014, and six months later barely a quarter million had been registered, against over 10 million third-level names.
As the five-year priority window drew to a close in 2019, there were about 2.5 million .uk 2LDs, but this spiked to 3.6 million in the final month, as registrants waited until the last minute to claim their names.
That turned out to be the peak — .uk 2LDs stand at fewer than 1.4 million today, compared to the 9.7 million third-level names. It’s still quite rare to spot a direct .uk name in the wild here.
One interesting kink in the priority process is that auDA, which has stricter rules than many other ccTLDs, will check that anyone who applies for a 2LD is in fact eligible for the 3LD they currently hold, which could dissuade applications.
.au currently has 3.4 million third-level domains under management.
Recent Comments