domain hijacking - what do you do to prepared?


The question that comes to mind is - what do you do to be prepared?

Well, for a start you can put a comment into the ICANN comments on
the new xfr policy. I did earler today. Next, you can, as some today
did, decide that cache trumps authority under some conditions, and
ensure that cache is controlling when some conditions exist.

There are so many structural things wrong with the mechanisms this is
about like asking how to write cat in perl.

I suppose that other than setting registrar lock in place, there is
another thing one can do.

In terms of mechanism, this just undoes the latest change in xfr
policy in the ICANN gTLD market. Instead of opt-in-after-nack-delay
you go back to opt-out-after-nack-delay. It is a rational choice,
but since it is, you (plural) know that your interests were not the
controling ones when the policy change was debated.

There are edge-case registrants who are benefited by opt-in, but if
most of you (plural) opt-out, then the change in policy that affects
registrants, must either be an error, or benefit some parties other
than the registrants, edge-cases excluded.

Mail comments to In fact I think I'll
forward this entire set of threads to


Whether it's checking the expiration date for your domain, establishing
contact with your up-in-line authority - registrar, tld, etc. depending
on who you are.

Yes ... but ...

OK. There are things anyone managing registry/registrar/reseller accounts
can do, from getting all the renewal dates synchronized and tied to a
date you never forget (warning, spousal birthdays not advised), and if
nothing else comes up for several values of "tomorrow" I might write up.

But ...

Like the guy who was looking for a free solution to all the :43 formats
in all the gin joints in all the world, why do you want to buy retail?
You don't expect routers to autoconfig and suck up bogon filters and
cough out correct aggregations for you just by the application of some
electrons, so why expect to get all the nuances of the ICANN zoo, and
to stay current of registry/registrar/reseller best and worst practice?