Interesting new dns failures

Hash: SHA1

Anyone been following the Registerfly fiasco? Since 2000, the ICANN
registrar agreement has required registrars to escrow their registrant
data according to ICANN's specs. It's been seven years, ICANN is just
now sending out an RFP to set up escrow providers, only because
they've been shamed into it when people discovered that there were no
backups of Registerfly's registrant data.

Yes, it is a pretty sad commentary on ICANN's ability to
follow through on policy.

Even if ICANN should try to do this, registrars will push back like
crazy since most of them have a minimum price mininum service business
model. In retrospect, it was a huge mistake to drop the price and let
Verisign and their friends mass merchandise domains as a fashion
accessory, but it's much too late to put that genie back in the

Well, that's a pretty sober commentary unto itself.

I ask you: What would you suggest? It's quite hard to craft
technical solutions to policy failures.

- - ferg

I ask you: What would you suggest? It's quite hard to craft
technical solutions to policy failures.

Since the registrar business has degenerated into a race to the
bottom, I don't see anything better than setting a floor that is the
minimal allowable bottom. Since ICANN has neither the inclination nor
the competence to do that, and they have no control over ccTLDs
anyway, that means (egad!) regulation.

Yeah, I know the Internet is all over the world, but as a participant
in the London Action Plan, an informal talking shop of the bits of
governments that deal with online crime, spam, etc., I can report that
pretty much all of the countries that matter realize there's a
problem, and a lot of them have passed or will pass laws whether we
like it or not. So it behooves us to engage them and help them pass
better rather than worse laws.

John Levine,, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be,, ex-Mayor
"More Wiener schnitzel, please", said Tom, revealingly.

Agreed, but adding a preview process doesn't cost much and would help establish stability. There are millions of domains churning every day. Just keeping track of which domains are new is costly. Once it becomes common place for providers to withhold DNS information of new domains, does it really make sense to permit domain records to change frequently and within milliseconds after some holding period? While provisions should be established for granting exceptions, requiring a 12 hour zone preview before going "live" should lead to significant reductions in the amount of criminal activity depending upon this insane agility that thwarts tracking and takedowns.

Allow security entities time to correlate upcoming domain changes, and this swamp will drain rapidly.