DNS Stressed From Financial Maneuverings
jcatcw writes "The Domain Name System is showing signs of being out of control. Automated software systems are being used to re-register large batches of expired domain names. In addition, speculators are using a loophole in the registration process that lets domains be tested for their potential profitability as pay-per-click advertising sites during a free five-day "tasting" period."
Can someone explain to me why this is even news? Seems to me the domain name system has been out of control for years, this is nothing new.
This actually just happened to my organization two weeks ago. A .com version of one of the .org names we hold was expiring, and we did the backorder thing with Godaddy to try to acquire it since there's really no other way to even have a remote chance at an expiring name.
We got a notice that the name was re registered within a few seconds of its release, and Godaddy had not acquired it on our behalf. The backorder thing also came with monitoring service that notifies us of any changes to the domain's whois.
Three days later, I received a notification that the domain's whois had changed again. I figured the new owners were setting it up for their use, but instead it was changed to my info. We suddenly had the name in our account.
ACs are modded -6. I don't read you, I don't mod you, I don't see you. Don't like it? Don't be a coward.
woot
Here is a slick, free typosquatting search tool that lets you find and explore the kind of problematic domains mentioned in the article. Try playing with the various search options - it's addictive. For instance, there are 141 registered domains that contain the word "slashdot", and 199 more that are a one-character misspelling of "slashdot". That's within just 4 TLDs.
The firm also offers a novel service that allows companies to recover lost traffic without necessarily filing lots of lawsuits.
Full disclosure - I am CitizenHawk's president. That being said, I can say we are intimately involved in tracking DNS updates daily - and I agree. Tasting is a serious problem that threatens to push the DNS system beyond its limits.
...the tubes are all clogged, should they try Dran-O?
This article seems not to understand that the DNS system and the Registar system are completely separate entities.. The mass registrations are done through the various registrars for .com, .net, .info, etc., with current estimates that there are are about 5 million domains being "tasted" at any given time. This number is fairly constant so it's not producing spikes or a significant increase in DNS usage at any one time.
"showing signs of being out of control"
I'll say. A domain I owned expired recently and was bought up before I could repurchase. There is nothing special about this particular domain name and I can't imagine anyone wanting it except to use it for resale profit on pure speculation only.
Nice system. Gets me loads of spam and doesn't offer shit otherwise.
And I completely disagree with it.
If you want to test the domain, then LEASE the domain name. None of this automated click-count crap for free while other people who would USE the domain name wait to see if it will ever be available.
We can sue the company that runs the DNS for allowing copyright infringement! Maybe we can make them shut down!
Best Slashdot Co
In popular parlance, DNS is the Domain Name SERVICE, which is fine. The Domain Name SYSTEM is breaking down due to communication problems between or within registrars. Nothing to do with the root servers.
I want to delete my account but Slashdot doesn't allow it.
What if they applied the same rules to domains as RIPE uses to give out IP adresses. Basicly the first batch is given out no questions asked. After that you can still get extra ones as long as you can prove you use them for a legitimate reason.
Sure it might sound restrictive, but with bots drop catching domains with brute forcing techniques it could weed out the worst of abuse.
perpetually dwelling in the -1 pits
The method for squashing "name tasting" (the expoitation of the five-day grace period) is well known: impose a small fee for each returned domain. The Public Interest Registry (maintainer of .org) recently became the first registry to impose such a fee of 5 cents per name. VeriSign has not followed suit. Some argue that this is because enough "tasted" domains are registered that the sales benefit from the practice outweighs the stress on the infrastructure. ICANN is requesting a position paper from a coalition of registrars on the topic.
RichM
Data Center Knowledge
The problem is with the ICANN - they're mainly collecting money and doing nothing really good for the long term (they approve TLDs that are just "yet another .com"s - see any significant innovations/improvements?). A single Jon Postel could replace the entire ICANN and the world would probably be better for it.
The bigger problem is everyone currently lining up to replace ICANN is probably worse than the ICANN.
Financial maneuvering? Add political maneuvering.
speculators are using a loophole in the registration process
Is that a complaint or something?
It's one of the many ways how smart people make some money you hippie.
Fix #1: Eliminate the free tasting period.
....
If you register fo0.com on May 1 and on May 2 you realize you goof and you meant to register foo.com, fine. But your registration still expires next May 1. In addition, you only get 1 or 2 "free goofs" after which you pay a paperwork fee, maybe a few pennies or less, to cover the actual costs of changing things around.
The people who run DNS should neither gain nor lose if I register 1 name for 1 year vs. I register 100 names for short consecutive periods that add up to 1 year. Currently they lose big time.
Fix #2: Meaningful domain-lapse rules
In general, if a domain is revoked or lapses, nobody except you should be able to claim it without your permission for a certain period of time. I'd suggest a minimum of 30 days.
I theory this is the way it was supposed to work but in practice
Obviously there will be special cases, such as names transferred by court order.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
(posting anon because I used mod points)
Who does the testing period benefit besides spammers and squatters? Does someone who legitimately want to use a domain name "test" it for five days... and then what? Of course someone who wants to the domain is going to keep it. But if you don't want it, why did you register it, unless of course you were testing it for how many people accidentally typed your domain name, and then we come back to the spammers and squatters. I'd be interested in knowing a legitimate purpose for this five day testing period.
dot org...
Work smarter, not harder.
ipv4 addresses are a truly finite number - there are less than 2^32 of them available and far fewer in the RIPE address-space.
Domain-names are technically finite but practically infinite. I can always find some long, unused, random set of letters to use as a domain-name. It may not match my company name or any of the products or services I sell, but it will function.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Suppose I run davidwristhegreatest.com. Suppose a few links exist on the web and I get a handful of hits a day from people clicking on those links.
Now I get tired of being vain so I let the domain expire.
Someone tastes the domain and their ads get viewed by 3-4 people a day.
That's a few thousand people a year.
Pretty soon that adds up to real money.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Jason H. Fisher, an attorney at Los Angeles law firm Buchalter Nemer Fields & Younger, said the biggest obstacles to fixing the Domain Name System are its international nature and the reluctance of the Internet Corporation for Assigned Names and Numbers to take action. Fisher said ICANN "would rather do nothing than make waves."
If ICANN doesn't take action, who will? Who can?
Fizz
If /. doesn't know who you are it can't undo your modding.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Fix #3: Curb artificial scarcity
Approve other generic TLD extensions such as "dot web"
ICANN is like a wet noodle in the wind. I personally think they exist solely to hold wine and cheese parties in exotic locales.
If people haven't done so already, join the lawsuit against registerfly and icann at registerfly-lawsuit.com
What we might do differently if we were to start designing our "DNS" all over again.
Personally, I would be motivated to de-centralize and eliminate (as much as possible) the rampant squatting and profiteering.
On the political side: I would also make it impossible (or very difficult) for businesses like buydomains.com to exist. These people are the cockroaches of the Internet and serve no purpose other than to exploit. There would also be clear, stiff, harsh (and enforceable) penalties. The political design would discourage these activities.
I don't have the link handy, but I recall reading about one of the other TLD managers implementing a maximum return ratio before they stop refunding the fee. Something like 10% or so.
- MayKiting.html
FWIW, the Godaddy.com CEO has blogged about this topic a few times, the numbers are staggering.
http://www.bobparsons.com/index.php?/archives/118
What DNS needs is a nice massage and a warm bath with candles and salts.
Just don't allow it. There's no possible positive in even allowing cyberquating. If someone wants to register a website that looks like a cybersquat, attach a clause saying they have x amount of days to put up an actual website, assuming there is a port 80 attached to that domain. Or can the registrars not stay away from the easy money themselves?
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
Well it's another sign that Verisign are unfit to run the DNS.
1. Find a feasible method for resurrecting the dead.
2. Resurrect Jon Postel.
3. Profit!!!!
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
It's worse than that. And it's all ICANN's fault.
ICANN has become a trade association for domain registrars. Which isn't surprising; they're the ones that pay it money.
A big problem is that registrars are allowed to speculate in domain names. ICANN has the power to prohibit this (see section 4.2 of the Registrar Agreement) but has not done so. To speculate in domain names, it helps to be a registrar, which isn't that expensive. ICANN's pricing starts at $4000/year. As a result, there are now about 800 "registrars", most of which are fronts for domain speculators. Most of them don't register domains for others at all.
As a result, ICANN's constituency is now composed primarily of typosquatting slimeballs. That's why we're in this mess.
It shouldn't be that hard to setup something simpler than the current mess. For example, mycompany.com might point to DNS squatters in the ICANN domain, but to an actual "mycompany" in the "new" domain. The new domain would feature low registration fees to those willing to put up a real website. Perhaps something like torrents could be used to spread the DNS updates to eliminate control by evil entities.
Since normal DNS servers would get ICANN entries, non-evil people can point to port 53 to use non-evil DNS servers (primary/secondary, perhaps using an evil ICANN-based DNS server as a tertiary fallback).
Search engines could choose to return an IP-based page hit for a non-ICANN "mycompany.com" search.
We could eliminate the ability of evil entities being able to "take down" a site using DNS measures (i.e Thailand, GWB, China, etc.).
Is it possible to get flat-text lists of the domain names registered? There have been times when I've wanted to grep for domains in the big 3 TLD name space. Does any entity on the net provide simple, *free*, public archives of the various TLDs?
Method of processing duck feet
I think one way to fix this is to devalue the main gTLDs. Right now there are very few gTLDs that anyone can register for any purpose. I think we need A LOT more gTLDs and train the public further that everything isn't '.com'. This will devalue the existing .com domains that people are squatting. Example gTLDs that I think should have open registration: .global .earth .tech .www .files
.godaddy, .verisign, .linux, .microsoft, .???.
.com collection a lot less valuable. This isn't real-estate. It is virtual. When you run out of land on the Internet you just make more land! Well, that will be easier with IPv6, but you get the point. I think the reason why these tactics are occurring is due to the perceived limitation of the .com space. So what, who cares, just make more gTLDs.
So on and so forth. And if you act now, for only $100,000 you can register a custom non-reserved gTLD for your own purpose (subject to approval, id check, no squatters, etc.):
This will make that $40,000
The DNS madness needs to end. ICANN needs to either right itself or be done away with.
Google and absurd domain policies are providing a catalyst for leeching maggots to thrive which hurts everyone. Its no secret everyone has been well aware of the situation for years. Its time for it to end.
I, for one, DO NOT welcome our not so new domain squatting overlords.
Profit motive makes the world a better place in every way... Right... If you believe that I've got a swamp to sell you.
-"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o
Actually, there's an even more simple way to totally eliminate domain squatting and domain speculation.
It's just politically unacceptable to the people who have a religious belief in free market capitalism, and who can never admit that it's what's causing the problems with DNS.
It's this: Make domain name registrations non-transferable.
Think about it. You don't get rampant speculation in phone numbers. You don't find it impossible to get a new phone number because none are available. You don't have to pay $5k to a speculator to get a phone number in your desired area code. Why? Because you can't sell your phone number to someone else on eBay, and you can't keep phone numbers you aren't using for a trivial cost. If you *could* do those things, numbers like mine (which by chance ends in "00") would fetch serious money.
If Joe Slimeball couldn't sell the cooldomain.com he wasn't using and had no plans to use, he wouldn't spend $30 a year to keep it.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
> ICANN has become a trade association for domain registrars. Which isn't surprising; they're the ones that pay it money.
They're not going to forbid that when that's how they make money.
Personally, I hope that someone eventually invents a replacement for DNS and we can tell them to go screw themselves.
Who determines if something is an "actual website"? Being of a (mildly) technical bent, I would say that any document, even a zero byte index.html, that is coughed up by some variety of server software if presented with an HTTP request - that is an actual website. But we all know that this would not be the interpretation placed on "actual website" if this wording actually became part of the rules.
As far as so called "domain tasting" goes, I prefer Bob Parsons' term "domain kiting" with all the same negative connotations associated with terms like "cheque kiting" (Bob Parsons is the founder/CEO of GoDaddy.com). To make it worse, domain kiting used to be available only to those with a large financial base to work with - generally in the hundreds of thousands of dollars. But now, a few registrars (DynaDot comes to mind) have lowered the bar for entry so that people with as little as $500 can now engage in domain kiting. It is no wonder that it is so frustrating for new businesses to get online with a decent domain - we are seeing many many more domains such as "davestorontogardencentre.com" because better domains such as "davesgardens.com", "davesnursery.com" etc. are almost all owned by speculators.
That's never stopped the [MP|RI]AA!
Best Slashdot Co
A few years ago I lost mcgrew.info out of a combination bad luck and my own stupidity. It cost well over a hundred bucks to get it back, normally it's $30 every two years including hosting.
-you know who
I sold my domain name for $10,000 a couple of months ago. No regrets at all. But what I can't figure out, looking at what the guy who bought it used it for, why it was worth that much to him. All it is now, is a page with links, mostly to things I used to host on my site for my own purposes. Just seems weird.
-fb Everything not expressly forbidden is now mandatory.
The $6 fee isn't particularly cost-based; it was a scam from the beginning, but it's supposed to cover their costs for handling transactions, maintaining reliable database storage, etc.
The "Add Grace" period lets you return domain names for free, for instance if you've made a typo in the domain name or somebody notifies you that your name collides with their trademark. It's not totally stupid, because it means there's *some* incentive to return incorrect names instead of keeping them for the full year or forever. On the other hand, in practice it's been a miserable failure from the time "domain name investors" discovered they could do "market research" by brute-force domain tasting, rather than predicting what names are actually worth paying money for before buying them. Mostly, it made sense back when domain names cost $35 from Verisign.
IMHO, the right Registry price for returning domain names during the "Add Grace" period should be about 50% - it's enough to cut down on the high-volume typosquatters, but still provide some incentive to return names. More importantly, the price of buying a domain name should include a CAPTCHA to cut down on this kind of namespace pollution.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
It's scum messing up the domain name space's usefulness, and it ought to be stopped.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
One of my domains (not an important one for business, thank goodness) expired. It was registered through GoDaddy and I decided to allow it to expire and re-register it somewhere else. After the grace period had elapsed, where you can re-activate it for an absurd fee, I tried to register it anew with another registrar. Too late! A speculator had obviously noticed it was a domain that had expired and snatched it up. I was pretty angry. Since then the domain has been active and is a traffic catcher for whoever owns it now. Like I said, it was not an important money-making domain so I really don't care that much, but I can see how this could be really bad for business. They've got you over a barrel at that point. I'm sure I could buy it back for an outrageous price if I really wanted (or needed) it. Screw that.
Typos - Domains used to cost $35 from Verisign or its predecessors. Making a mistake was really annoying. At $6, who cares?
Trademark Conflicts - you can't always tell that somebody else in the world (or even the US) isn't using a name that's pretty similar to the one you're trying to register. You could offer to sell it to them, but that's treading on abusive domain name squatting and can lead to high legal costs. Even so, it's still going to cost you more than $6 to deal with the issue; maybe giving it back should still cost you $1.
Unexpected Typo Conflicts - Maybe you weren't typosquatting, but there's some site or search term that generates lots of traffic that's *not* what you're interested in, and you're getting lots of traffic that's really for some word in Italian or Polish. Again, at $6, you might just not care, but if you've got an incentive to return the name to the namespace for people who legitimately want it, that'd be a good thing. If you *can't* return it, youll probably point it at some domain-parker site where you get advertising revenue and maybe point the visitors to the site they were really looking for.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Presumably the process works like this:
1) Register to trial a domain
2) Wait a few days and count the hits
3) If it didn't get the required number of hits then drop it, otherwise pony up to keep the domain.
If there is some way that I can get a feed of each of the 35 million new names each month, then i can have a script simply wget a couple of pages off each site from each of a few IP addresses.
That way they'll think they've hit paydirt, pay to keep the domain and suddenly realise that it doesn't get any hits.
I would imagine that automated counter-measures could really screw with their cost benifit analysis.
Right now there is the .com/.net/.org problem, where a squatter owns .org and you own .com, or you have to pay 3x as much to get all 3 domains.
.tv are already multiplying this problem.
"Well-known" country tlds like
As you add more "respectable" or "well-known" tlds, this problem only grows.
On the flip side, a bunch of companies can share the smith.* and jones.* namespaces.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I guess I have a hard time getting worked up about this issue of people registering typo-close domain names.
Look, if you want to take a guess at a domain name and type it into your address bar in your browser, feel free. Maybe you'll get lucky and hit the real site, maybe you won't. I admit it, sometimes I don't bother with Google and I take a guess and just type in a domain.
But if you REALLY want to be sure you're hitting the REAL web site of interest, just Google it! 99% of the time the site you really were after is going to be right there at the top of the list.
If you guess-type in domain names, don't be surprised when you get a random web site.
A work that expires before its copyright never enters the public domain and thus enjoys eternal copyright protection.
I agree that legal definitions are hard.
... seems like a start at least ...
However legitimate use of a domain for serving a webpage could include:
* validates as a (x)html page
* each page differs from others on any domains owned by the applicant by at least 20% of code content (#1)
* does not advertise clearly illegal products or services (in the jurisdiction of the registry)
* has valid and verifiable domain contact details in the registry entry (#2)
* has a abuse@ address which is answered on request (#3)
#1 - is probably quite easily abused (eg very long filenames for images!) but will require the squatters at least to do extra work
#2 - ring 'em up ask to speak to the registered contact
#3 - having an abuse@ address is required I think, legitimate users could reasonably be expected to answer emails on the request of the registrar as this shows that the account is being monitored
Someone should also make the point that these "squatted domains" are being used for other nasties out on the Web, such as spamming, virus propagation, etc. Misspelled names, and bumbling, fumbling Internet users (such as myself, aka. "10 thumbs") can be a recipe for disaster.
This is a fine line between protecting the rights of a legitimate site owner, and someone with ill intent (harboring a criminals). These actions anywhere else in the world are considered EXTORTION.
Nobody at the patent office could have foreseen this media form. Anarchists are gonna roast me for saying this, but you DON'T have the right to register Coca-Cola.com if it comes available. If you put anything up there besides a sanctioned Coca-Cola website, you are in violation of copyright infringement, and you have every right to have your ass sued off.
Cybersquatter are scum and need to be delt with heck recently I suffered this issue when a cybersquatter took the domain name seconds after it came up for grabs. I suggest we educate people about the issue
.com registering is, make sure your family knows, tell anyone who can listen about the problems this is causing spread awareness! Lets put cybersquaters in the same world view as murders and people who talk in theatre.
I have a family friedn whom I shall call "Bob", Bob likes to think hes tech savy (he is not) he has alot of money as well, one day at a family BBQ Bob made an appearence and told us about this great investment opportunity, for £1500 hes bought 50 web domains with adverts on, they adverts are pretty much garenteed to make his £1500 back (sickenly enough they have and slightly more.) While he told this story and how this service was sold to him I initially blanked it out thinking it was a pyramid scheme it wasn't until my Dad (who taught me how to spot the damm things) was nodding in agreement with several other relatives I realised it really wasn't. I've since ranted (and informed) alot to family and Bob about this issue even anouther lapsed web domain that I used to own (which has again been bought by cybersquaters, amusingly enough I didn't want the thing anymore and the person tried holding the domain for ransom.
So instead of just monaing about how ineffectual
Good thing that DNS is at least run as a free market, or we'd really be in trouble!
All this expiring of a domain and then selling it to another is BS.
Just ask those who bought trademarked domains and were greeted by a fat certified mail envelope from a law office.
Registrars should have no business reselling domains that have expired. That is not their trademark to sell, not their brand to sell, not even their idea or creativity in the name.
They should charge for resolution.
Maybe charge for extra services like a web site or email.
But for no reason should they think they can "own" a domain and sell it to the highest bidder. The courts have already established that one.
The person who originally came up with it owns the domain. If they want to let it sit - then so be it. If they want to re-awaken it - then so be it. If they want to sell it - then so be it.
It is BS one has to come up with one's own intellectual property only to have another entity decide to steal it and sell it to another.