Recent Posts
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
- ICANN picks Istanbul for 2024 meeting
- ICANN’s private Whois data request service goes live
- .au regs slide on 2LD anniversary
- ICANN accused of power grab over $271 million auction fund
- A registrar is getting blamed for an Israeli war propaganda site
- Two more dot-brands bite the dust
- Google sells five-figure AI domain and six-figure .ing hack
- .blackfriday is still a bit rubbish
- Internet Naming Co acquires five more gTLDs
ICANN name servers come under attack
ICANN’s primary name servers came under a distributed denial of service attack, the Org said earlier this week.
The incident appears to have gone largely unnoticed outside of ICANN and seems to have been successfully mitigated before causing any significant damage.
ICANN said on its web site:
ICANN was subjected to a Distributed Denial of Service (DDoS) attack targeting NS.ICANN.ORG. This event did not result in harm to the organization. It was mitigated by redirecting traffic flows through a DDoS scrubbing service.
ns.icann.org is the address of ICANN’s name servers, which handle queries to ICANN-owned domains such as icann.org and iana.org.
The servers are also authoritative for Ugandan ccTLD .ug for some reason, and until a few years ago also handled the .int special-purpose TLD and sponsored gTLD .museum.
ICANN did not disclosed the exact date of the attack, nor speculate about whether it was targeted and why it might have happened.
Oracle buys Dyn just weeks after huge attack
Oracle has signed a deal to buy DNS services provider Dyn for an undisclosed amount probably in the nine-figure range.
The software giant said it plans to integrate Dyn’s services into its existing cloud computing platform. For the moment, existing Dyn customers are unaffected.
Dyn provides distributed DNS resolution services mainly to the enterprise market, where it has about 3,500 customers.
But it also provides redundant DNS to some TLD registries, notably Uniregistry.
Knowing how ruthlessly opportunistic Oracle can be when it comes to M&A, I have to wonder how much impact the recent denial of service attack against Dyn had on the timing of the deal being signed.
Dyn customers including Twitter and Netflix found themselves inaccessible for millions of North American internet users a couple of weeks ago.
Customers that may have been reconsidering their DNS options following the downtime may feel more reassured now that Dyn is about to become part of a much larger company.
While the acquisition price was not disclosed, it’s certainly going to be in the hundreds of millions.
Just six months ago, Dyn received $50 million in venture capital, following on from a $38 million round in 2012.
Uniregistry says it was unaffected by mother of all DDoS attacks
Almost 50 top-level domains were believed to be exposed to the massive distributed denial-of-service attack that hit Dyn on Friday, but the largest of the bunch said it managed to stay online throughout.
As has been widely reported in the mainstream and tech media over the last few days, DNS service provider Dyn got whacked by one of the biggest pieces of DDoS vandalism in the internet’s brief history.
Dyn customers including Netflix, Twitter, Spotify, PayPal and Reddit were reportedly largely inaccessible for many US-based internet users over the space of three waves of attack over about 12 hours.
The company said in a statement that the Mirai botnet was likely the attackers’ tool of choice.
It said that “10s of millions” of unique IP addresses were involved.
It has since emerged that many of the bots were actually installed on webcams secured with easily-guessable default passwords. XiongMai, a Chinese webcam manufacturer, has issued a recall.
In terms of the domain registry business, only about 50 TLDs use Dyn’s DynTLD service for DNS resolution, according to IANA records.
About half of these are tiny ccTLDs. They other half are Uniregistry’s portfolio of new gTLDs, including the like of .link, .car and .photo.
Uniregistry CEO Frank Schilling told DI that the Uniregistry TLDs did not go down as a result of the attack, pointing out that the company also uses its own in-house DNS.
“We like Dyn and think they have a great product but we did not go down because we also run our own DNS,” he said. “If we relied on them exclusively we would have gone down, but that is why we don’t do that.”
CNNIC hit by “largest ever” denial of service attack
Chinese ccTLD operator CNNIC suffered up to half a day of degraded performance and intermittent accessibility yesterday, after being hit by what it called its “largest ever” denial of service attack.
CNNIC is one of ICANN’s three Emergency Back-End Registry Operators, contracted to take over the running of any new gTLD registries that fail. It’s also the named back-end for seven new gTLD applications.
According to an announcement on its web site, as well as local reports and tips to DI, the first wave of DDoS hit it at about midnight yesterday. A second wave followed up at 4am local time and lasted up to six hours.
According to a tipster, all five of .cn’s name servers were inaccessible in China during the attack.
Local reports (translated) say that many Chinese web sites were also inaccessible to many users, but the full scale of the problem doesn’t seem to be clear yet.
China’s .cn is the fourth-largest ccTLD, with close to 10 million domains under management.
What the hell happened to Go Daddy last night?
Thousands — possibly millions — of Go Daddy customers suffered a four-hour outage last night, during a suspected distributed denial of service attack.
The company has not yet revealed the cause of the downtime, which started at 1725 UTC last night, but it bears many of the signs of DDoS against the company’s DNS servers.
During the incident, godaddy.com was inaccessible. DI hosts with Go Daddy; domainincite.com and secureserver.net, the domain Go Daddy uses to provide its email services, were both down.
The company issued the following statement:
At 10:25 am PT, GoDaddy.com and associated customer services experienced intermittent outages. Services began to be restored for the bulk of affected customers at 2:43 pm PT. At no time was any sensitive customer information, such as credit card data, passwords or names and addresses, compromised. We will provide an additional update within the next 24 hours. We want to thank our customers for their patience and support.
Several Go Daddy sites I checked remained accessible from some parts of the world initially, only to disappear later.
Others reported that they were able to load their Go Daddy webmail, but that no new emails were getting through.
This all points to a problem with Go Daddy’s DNS, rather than with its hosting infrastructure. People able to view affected sites were likely using cached copies of DNS records.
Close to 34 million domains use domaincontrol.com, Go Daddy’s primary name server, for their DNS. The company says it has over 10 million customers.
Reportedly, Go Daddy started using Verisign’s DNS for its home page during the event, which would also point to a DNS-based attack.
The outage was so widespread that the words “GoDaddy” and “DNS” quickly became trending topics on Twitter.
The web site downforeveryoneorjustme.com, which does not use Go Daddy, also went down as thousands of people rushed to check whether their web sites were affected.
Some outlets reported that Anonymous, the hacker group, had claimed credit for the attack via an anonymous (small a) Twitter account.
Companies the size of Go Daddy experience DDoS attacks on a daily basis, and they build their infrastructure with sufficient safeguards and redundancies to handle the extra traffic.
This leads me to believe that either yesterday’s attack was either especially enormous, or that somebody screwed up.
The fact that the company has not yet confirmed that external malicious forces were at work is worrying.
Either way it’s embarrassing for Go Daddy, which is applying for three new gTLDs which it plans to self-host.
Several reports have already speculated that the attack could be revenge for one or more of Go Daddy’s recent PR screw-ups.
The company has promised an update later today.
Chinese DDoS knocks 123-reg offline
Customers of major UK domain registrar 123-reg suffered a couple of hours of downtime this afternoon due to an apparently “massive” denial of service attack.
The attack targeted its DNS servers and originated in China, according to a report in The Register.
Users reported sites offline or with spotty availability, but the company managed to mitigate the effects of the attack fairly quickly. It’s now reporting mostly normal service.
123-reg, part of the Host Europe Group, has hundreds of thousands of domains under management in the gTLD space alone.
DNS Made Easy whacked with 50Gbps attack
The managed DNS service provider DNS Made Easy was knocked offline for 90 minutes on Saturday by a distributed denial of service attack estimated at 50Gbps.
This could be the largest DDoS attack ever. The largest I’ve previous heard reported was 49Gbps.
The company, which promises 100% uptime, tweeted that the attack lasted eight hours, but only saw one and a half hours of downtime.
Here are some tweets from the company, starting on Saturday afternoon:
Out of China. Over 20 Gbps…. Don’t really know how big actually. But it’s big. We know it’s over 20 Gbps
Update…. Over 50 Gbps… we think. Since core Tier1 routers are being flooded in multiple cities…..
Trying to organize emergency meeting with all Tier1 providers. We probably have over 50 senior network admins looking into this.
This is flooding the provider’s backbones. By far the largest attack we have had to fight in history.
And, post-attack:
The good: Not everyone was down, not all locations were down at once. The bad: There were temporary regional outages.
Almost back to normal in all locations. Full explanation, details, and SLA credits will be given to all users as soon as possible.
We did not see a 6.5 hour long outage. That would be ultra-long. DDOS attack was 8 hours. Less than 1.5 hours of actual downtime.
It will prove costly. The company’s service level agreement promises to credit all accounts for 500% of any downtime its customers experience.
Quite often in these cases the target of the attack is a single domain. Twitter and Facebook have both suffered performance problems in the past after attackers went after a single user for political reasons.
For a DNS provider, any single domain they host could be such a target. I’d be interested to know if that was the case in this incident.
Recent Comments