Recent Posts
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
- ICANN picks Istanbul for 2024 meeting
- ICANN’s private Whois data request service goes live
- .au regs slide on 2LD anniversary
- ICANN accused of power grab over $271 million auction fund
- A registrar is getting blamed for an Israeli war propaganda site
- Two more dot-brands bite the dust
- Google sells five-figure AI domain and six-figure .ing hack
- .blackfriday is still a bit rubbish
- Internet Naming Co acquires five more gTLDs
- Domain universe grows despite .com drag
Freenom shuts down 12.6 million domains — report
Dying free-domains registry Freenom has shut down at least 12.6 million domains across three of its TLDs, according to research from Netcraft.
Netcraft’s latest web server survey shows that the domains — across .tk, .cf and .gq — no longer resolve, according to the company.
That’s 98.7% of the resolving domains Freenom had a month earlier, Netcraft said.
Freenom, also known as OpenTLD, said in February that it was to exit the domains business entirely as part of its settlement with Facebook owner Meta, which had sued it for alleged cybersquatting.
It had already lost its ICANN registrar accreditation and its government contracts to run its portfolio of ccTLDs.
The company’s business model was to offer most domains for free and then monetize them when the registrations expired or were suspended for abuse. It attracted a lot of abusive registrants.
Interestingly, Netcraft notes that the deletions meant that Cloudflare saw a 22% drop in its total hosted domains (with Cloudflare acting as host, not registrar) over the month.
Verisign loses prestige .gov contract to Cloudflare
Cloudflare is to take over registry services for the US government’s .gov domain, ending Verisign’s 12-year run.
It seems .gov manager CISA, the Cybersecurity and Infrastructure Security Agency, opened the contract up for bidding last August and awarded it to Cloudflare in mid-December.
The deal is worth $7.2 million, Cloudflare said in a press release on Friday, which is more than twice as much as Verisign charged when it took over the .gov back-end in 2011.
But it seems the deal includes Cloudflare providing authoritative DNS for .gov domains, something Verisign does not currently provide the TLD, in addition to managing the zone file, registry, Whois, etc.
It’s not clear who’s running the exclusive .gov registrar, but CISA appears to be building a new one.
.gov domains are only available to US federal, state, tribal and local government organizations, and there was a $400-a-year fee until April 2021, when CISA made them free to register.
There are about 8,600 .gov domains today. Not a lot, but the deal comes with bragging rights.
CISA took over .gov from the General Services Administration in March 2021 and dropped the fees a month later.
It’s not clear whether Verisign had bid for a renewed contract or simply walked away, as it did when it conceded .tv to GoDaddy last year. I’ve asked the company for comment.
The loss of .gov is obviously a drop in the ocean compared to .com, which continues to make Verisign one of world’s most-profitable companies.
While it’s an ICANN-accredited registrar, I believe this is Cloudflare’s first foray into registry services. Might we see the company as an emergent threat to the established players in the next new gTLD round? It’s certainly looking that way.
Kiwi Farms domain lands at Epik
The primary domain for the controversial web forum Kiwi Farms, kicked out by Cloudfare at the weekend, has been transferred to Epik.
Whois records show the domain kiwifarms.net landed at Epik in the last hour or so. It’s still using Cloudflare’s name servers at the time of writing, so it’s still resolving to a “blocked” message from its old registrar.
Cloudflare blocked the name, reluctantly, on Saturday, citing “an imminent and emergency threat to human life”, believed to refer to a transgender activist and Twitch streamer targeted for death threats by Kiwi Farms users.
The site, whose users reportedly bully, doxx and swat trans people, has been linked to three suicides since it was launched in 2013.
The question for Epik and its new CEO now is whether they let the domain stay under its roof, or whether the same concerns cited by Cloudflare make it too toxic to touch.
UPDATE 1724 UTC: Not long after this post was published, the domain started using Epik’s name servers.
Cloudflare blocks anti-trans site for “emergency threat to human life”
Internet infrastructure provider Cloudflare has “blocked” a site it provides domain services to after identifying “an imminent and emergency threat to human life”.
The company said on Saturday that it has reluctantly stopped providing services to Kiwi Farms, a web forum whose users reportedly bully and carry out doxxing and swatting attacks on transgender people and activists.
Visitors to kiwifarms.net are now presented with a message from Cloudflare stating: “Due to an imminent and emergency threat to human life, the content of this site is blocked from being accessed through Cloudflare’s infrastructure.”
A linked blog post explaining the decision said:
This is an extraordinary decision for us to make and, given Cloudflare’s role as an Internet infrastructure provider, a dangerous one that we are not comfortable with. However, the rhetoric on the Kiwifarms site and specific, targeted threats have escalated over the last 48 hours to the point that we believe there is an unprecedented emergency and immediate threat to human life unlike we have previously seen from Kiwifarms or any other customer before.
The move is likely linked to a campaign by a trans Twitch streamer, who reportedly has been campaigning for Cloudflare to drop the site after multiple threats to her life, including a recent swatting (where armed police are tricked into showing up at your door).
Last week, the company had tried to explain its continued support for the domain by stating that one two previous occasions it has blocked sites, authoritarian governments have used that precedent to try to get human rights sites pulled.
At this stage, it appears that Cloudflare is using its status as the site’s DNS provider to implement the block. It’s still the domain’s registrar, and so far the Whois record does not reflect an attempt to move it elsewhere.
The domain was registered with DreamHost until last year, but was asked to leave following the suicide of a software developer, one of three suicides reportedly linked to Kiwi Farms users’ behavior.
Could Epik be its next destination? The company is a strong proponent of free speech, but even it has a line when it comes to violence. This could be Epik’s new CEO‘s first big test.
Cloudflare goes all-in with at-cost domains
Content delivery specialist Cloudflare has come out as a fully-fledged domain name registrar, promising to sell names in hundreds of TLDs with no markup on the registry wholesale price.
Since the company launched Cloudflare Registrar three years ago, it’s only been possible for customers to transfer in their domains from other registrars; no new regs were possible.
That’s now changed, with the company today announcing customers can buy their domains direct without having to faff about with transfers.
“It’s important to note that our registrar pricing is ‘at-cost.’ That means we charge our customers exactly what we pay the registry, plus any applicable ICANN transaction fees,” the company blogged.
A new .com costs $8.57, for example.
It appears that you need to be a Cloudflare CDN customer to use the registrar service, but it offers a free plan among its suite of offerings.
It’s not the only registrar to offer names at cost, but it’s certainly the one with the best brand recognition.
Cloudflare currently offers over 250 TLDs, and plans to launch 40 more next month. It just added .uk, and plans to add more ccTLDs, as well as premium-priced domains, in future.
The company had about 325,000 domains under management at the last count in May, having transferred a net of 118,000 names during the previous 12 months.
Make no mistake, Cloudflare will be losing money on this venture, despite what it said in September 2018, when it made out running a registrar was cost-free.
After more racist shootings, take one guess which registrar 8chan just switched to
Controversial web forum 8chan has moved its domain name to a new registrar after it was linked to at least one of the two mass shootings that occurred in the US over the weekend.
According to Whois records, it’s just jumped to racist-friendly Epik, having been registered at Tucows since 2003.
The switch appears to have happened in the last few hours. At time of writing, you’re going to get different results depending which Whois server you ping.
Some servers continue to report Tucows as the registrar of record, perhaps using cached data, but Epik’s result looks like this:
8chan is an image/discussion board that describes itself as “the Darkest Reaches of the Internet”. It’s reportedly heavily used by racists, extremists and those with an interest in child pornography.
It was widely linked by the media to the shooting in the border town of El Paso, Texas on Saturday, which claimed the lives of 20 people and left 26 more injured.
The suspect in the case reportedly posted to 8chan a 2,300-word racist “manifesto”, in which he ranted against Latino immigration, just 20 minutes before launching the attack.
This morning, Cloudflare announced that it would no longer provide denial-of-service attack protection for the web site, saying:
The rationale is simple: they have proven themselves to be lawless and that lawlessness has caused multiple tragic deaths. Even if 8chan may not have violated the letter of the law in refusing to moderate their hate-filled community, they have created an environment that revels in violating its spirit.
Google removed the site from its index a few years ago, due to allegations about child abuse material.
At this point, it’s not clear whether Tucows also ejected 8chan, or whether its owners decided to jump ship, perhaps sensing which way the wind is blowing.
Its new home, Epik, calls itself the “Swiss bank” of domain registrars, and has actively courted sites that enable far-right political views.
The registrar openly sought the business of Gab.com, the Twitter clone used largely by those who have been banned by Twitter, after GoDaddy suspended the site’s domain last November.
In March this year, Epik CEO Rob Monster came under fire for publicly doubting the veracity of the video of the mosque shootings in Christchurch, New Zealand, which killed 50 people.
8chan was also frequented by the perpetrator of that attack, among others.
Epik is described as “cornering the market on websites where hate speech is thriving”, according to the Southern Poverty Law Center, an anti-racist group.
Monster has said that he does not support the views of extremists, but merely wants to provide a platform where registrants can exercise their rights to free speech.
Cloudflare “bug” reveals hundreds of secret domain prices
The secret wholesale prices for hundreds of TLDs have been leaked, due to an alleged “bug” at a registrar.
The registry fees for some 259 TLDs, including those managed by Donuts, Verisign and Afilias, are currently publicly available online, after a programmer used what they called a “bug” in Cloudflare’s API to scrape together price lists without actually buying anything.
Cloudflare famously busted into the domain registrar market last September by announcing that it would sell domains at cost, thumbing its nose at other registrars by suggesting that all they’re doing is “pinging an API”.
But because most TLD registries have confidentiality clauses in their Registry-Registrar Agreements, accredited registrars are not actually allowed to reveal the wholesale prices.
That’s kind of a problem if you’re a registrar that has announced that you will never charge a markup, ever.
Cloudflare has tried to get around this by not listing its prices publicly.
Currently, it does not sell new registrations, instead only accepting inbound transfers from other registrars. Registry transaction reports reveal that it has had tens of thousands of names transferred in, but has not created a significant number of new domains.
(As an aside, it’s difficult to see how it could ever sell a new reg without first revealing its price and therefore breaking its NDAs.).
It appears that the only way to manually ascertain the wholesale prices of all of the TLDs it supports would be to buy one of each at a different registrar, then transfer them to Cloudflare, thereby revealing the “at cost” price.
This would cost over $9,500, at Cloudflare’s prices, and it’s difficult to see what the ROI would be.
However, one enterprising individual discovered via the Cloudflare API that the registrar was not actually checking whether they owned a domain before revealing its price.
They were therefore able to compile a list of Cloudflare’s prices and therefore the wholesale prices registries charge.
The list, and the script used to compile it, are both currently available on code repository Github.
The bulk of the list comprises Donuts’ vast portfolio, but most TLDs belonging to Afilias (including the ccTLD .io), XYZ.com and Radix are also on there.
It’s not possible for me to verify that all of the prices are correct, but the ones that are comparable to already public information (such as .com and .net) match, and the rest are all in the ballpark of what I’ve always assumed or have been privately told they were.
The data was last refreshed in April, so without updates its shelf life is likely limited. Donuts, for example, is introducing price increases across most of its portfolio this year.
Google adds censorship workaround to Android devices
Google is using experimental DNS to help people in censorious regimes access blocked web sites.
Alphabet sister company Jigsaw this week released an Android app called Intra, which enables users to tunnel their DNS queries over HTTPS to compatible servers, avoiding common types of on-the-wire manipulation.
The company reportedly says it has been testing the app with Venezuelan dissidents recently.
The feature will also be built in to the next version of Android — known as Android 9 or Android Pie — where it will be called Private DNS.
The app is designed for people who for one reason or another are unable to update their device’s OS.
Intra and Private DNS use “DNS over HTTPS”, an emerging protocol Google and others have been working on for a while.
As it’s non-standard, end users will have to configure their devices or Intra apps to use a DoH-compatible DNS server. The public DNS services operated by Google (8.8.8.8) and Cloudflare (1.1.1.1) are both currently compatible.
The release comes even as Google faces controversy for allegedly kowtowing to the Chinese government’s demands for censored search and news results.
You may notice that the new app is being marketed via a .org web site, rather than Google’s own .app gTLD, but intra.app takes visitors directly to the Intra page on the Google Play store.
Cloudflare selling all domains at cost: “All we’re doing is pinging an API”
Content delivery network provider Cloudflare has promised to sell domains in all TLDs at the wholesale cost, with no markup, forever.
The company made the commitment yesterday as it announced its intention to get into the registrar business.
Founder Matthew Price used the announcement to launch a blistering attack on the current registrar market, which he said is charging “crazy” prices and endlessly upselling their customers with unwanted, worthless products. He blogged:
why should registrars charge any markup over what the TLDs charge? That seemed as nutty to us as certificate authorities charging to run a bit of math. When we see a broken market on the Internet we like to do something about it.
…
we promise to never charge you anything more than the wholesale price each TLD charges. That’s true the first year and it’s true every subsequent year. If you register your domain with Cloudflare Registrar you’ll always pay the wholesale price with no markup.
For instance, Verisign, which administers the .com TLD, currently charges $7.85 per year to register a .com domain. ICANN imposes a $0.18 per year fee on top of that for every domain registered. Today, if you transfer your .com domain to Cloudflare, that’s what we’ll charge you per year: $8.03/year. No markup. All we’re doing is pinging an API, there’s no incremental cost to us, so why should you have to pay more than wholesale?
There are catches, of course.
For starters, the service is not available yet.
Price wrote that Cloudflare will roll it out gradually — for inbound transfers only — to its “most loyal” customers over an unspecified period. Even customers on its cheapest plans will get access to the queue, he wrote.
Eventually, he said, it will be available “more broadly”.
It will be interesting to see if the no-markup pricing could become available to non-customers too, and whether it sticks to its business model when its support lines start ringing and it becomes apparent the business is actually big ole cash vampire.
Cloudflare has been ICANN-accredited for several years, but it’s only been offering registrations to high-value enterprise customers so far.
My records show that it has not much more than 800 domains under management, all in .com, .net, .org and .info.
The announcement was made, perhaps not coincidentally, a couple days after CRM software provider Zoho made headlines when its 40 million customers were taken offline because its former registrar suspended zoho.com over a trivial level of abuse. In response to the screw-up, Zoho transferred the domain to Cloudflare.
Recent Comments