telling quote
" think that there was no end-user demand whatsoever for more extensions."
#damnright
Verisign, operator of the .com and .gov registries as well as two of the internet's 13 root servers, has warned that the "unprecedented" introduction of hundreds of new dot-word domains may make the internet unstable. In a quarterly filing to the US Securities and Exchange Commission this week, the tech biz included extensive …
Further, the implementation of (effectively) random words as root zones has no doubt caused extra costs to unrelated companies. I'll bet good money that there are hundreds or thousands of cases of internal domains being "duplicated" than just my own network at home. When I built it, 15? 18? years ago, .earth was a perfectly reasonable choice as it wasn't public. Now I can't even tell (programmatically) if I'm inside or outside the network if I look up nameservers for what was my internal space - it's no longer NXDOMAIN outside the walls.
And each one will require either some internal migration work (to something real that is "owned" or at the least to something that can never BE owned - good luck guessing today what ICANN will not decide to make available as a root domain over the coming decades). Or, "sorry no you can't browse that site at work because our internal network clashes with the Internet".
I'm not saying the individual costs are huge but when there are thousands of small impacts it adds up.
I've recently had to explain exactly why we're not going to be able to renew a publicly trusted certificate:
- it (was|is) an internal hostname, and as of november the CAs will no longer be issuing for those
But more importantly:
Some nob jockey at ICAAN has sold off the relevant gtld, so not only is that hostname now potentially a publicly resolvable domain, because the gtld is reserved for certain business types, we can't even buy up the domains we need (which would have allowed us to get certs).
In the short term, it's switching to snake oil certs, in the long term it's migrating off the two gtlds that are affected
There is another way around it, just create an "internal" subdomain in the domain you officially own. You may want to make sure that you do not leak it to the outside world, which requires some funky NS server setup (but you probably needed something similar anyway, for your "private" root domain). At least it's guaranteed not to clash with someone else's domain.
> just create an "internal" subdomain in the domain you officially own.
Doesn't everyone do that? Had that argument must be 15 years or more ago... Although ISTR some MS consultant claiming it was better to make internals domains something.local, which never struck me as a great idea.
Unstable? I nailed my router to the wall. It's pretty stable thank you.
Of course if ICANN had stopped being such a c*nt years ago and introduced it themselves, at the same price as dot Com's this wouldn't be an issue nowadays but oh no, dot Com's are the only true way to internet holiness etc. etc.
So basically, foot meet explosively driven lead slug from tube.
Interesting. Malwarebytes tells me that is a malicious website and has blocked it. Google, DuckDuckGo and others show it as viable but VeriSign and Internic show it as being a non-domain. I hope you guys didn't pay good money for that domain.
Ah.... the confusion and terror of this is running rampant already.
I never knew it existed. If I hadn't seen it in the story (and to be honest, I didn't pay any attention to it until I read your comment) I would have assumed that it was a fake spam or malware site squatting on The Register's name. However, it just redirects back to the regular The Register site.
But that of course is the whole business model of the "dot word" domain name industry. It doesn't expand the name space to any significant degree, because it's the bit to the left of the dot that matters. It just means that every well known web site now has to buy up umpteen different versions of their brand name in order to protect it.
It's an extortion racket. "Nice brand name you've got there. Be a pity if anything were to happen to it."
Why hasn't anyone taken ICANN to court and gotten a restraining order against them with respect to their brand names instead of just paying blackmail? Maybe with the explosion of domain names, victims will think it worth while going that route.
Bring on the entire dictionary as gTLDs because then nobody can hijack the monopoly of .com/.net/.org domains and try to extort people who are dead set on a particular domain name (like their surname).
These monopolists have been running extortion scams for forever (like temporarily buying the domain name when anyone searches for it and it doesn't exist & jacking up the price astronomically).
Zero sympathy for those people who have trouble dealing with choice... and personal email servers. Boo hoo hoo to you too.
"These monopolists have been running extortion scams for forever (like temporarily buying the domain name when anyone searches for it and it doesn't exist & jacking up the price astronomically)."
Yep, had that too, and the buggers had somehow acquired the domain name that used to belong to the national registrar in my country. Even the website had the same look and it was only when I couldn't find my existing account that I twigged.
until recently it was not possible to buy [yourbusinessname].uk, it had to be [yourbusinessname].co.uk
The "naked" .uk became available *at a higher price than .co.uk* (why? Nominet the UK registrar has a very large staff who commend very good salaries and appear to deliver little other than demostrations of their incompetence, clearly this was aimed at doubling their income). I've not seen a single site making active use of the naked variant. Some like Tesco and HSBC have bought the variant (tesco.uk, hsbc.uk) but those examples don't even point to their live websites.
The reason for naked .uk's failure is instructive to potential buyers of the new gTLDs:
.com and in UK .co.uk are the expected and trusted TLDs, anything else is at least "second best" and risks being regarded as "dodgy". Rightly so given the history of domain name sales. I've spoken to businesses who've been sold variants like [yourbusinessname].uk.co having been reassured that its just as good as [yourbusinessname].co.uk, no mention of the very probable confusion between the two, no mention that the .co suffix represents Colombia and one guy was even told that .co.uk was being phased out and the replacement was .uk.co
Even the existing TLDs are mis-sold, I know people with .net names who are in no way involved in networks (and in any case the major network companies prefer .com - e.g. cisco.net redirects to cisco.com)
Another issue is URL validation algorithms (commonly RegEx). There are plenty kicking around. The TLD element of that regex often "expects" a 2 or 3 letter TLD ( regex code fragment like: .[a-z]{2,3} ). Those validators, embedded in much larger programs, will treat the longer gTLDs as invalid. How many of the few who realise the code needs updating are in a position to spend the time finding the relevant pieces of code and getting it amended? (And as much longer TLDs are now possible the validation will be weaker) .
There is a problem with domain name availability with occasional reports of premium names being sold for over USD1M and domain name squatters sitting on piles of unused names bought speculatively in the hope of a profitable resale.
My solution is to scrap the annual fee and replace it with a substantial refundable deposit, maybe USD1000 per name. The costs of running the system would come from interest on that deposit and it would be refunded should the "owner" relinquish the name.
Nominet charges members the same price for .uk domains as .co.uk (£3.50 + VAT for 1 year). If you choose to use a registrar that overcharges for some domains, that's your lookout.
See: http://registrars.nominet.org.uk/namespace/uk/registration-and-domain-management/new-registrars/fees/fee-schedule
Of course the whole .uk debacle has been an outrageous money-grab anyway, it's all pretty indefensible.
This is an obvious attempt by Verisign to use its position to cast doubt on the competitive potential of new gTLDs. These not-com options have been available to the public for more than a year and a half with absolutely no realized concerns about security and stability, and with registrations growing to more than 8.6 million names to date. Verisign may find itself competitively threatened, but it's a shameful move to try to introduce such a red herring at this stage of the game to try to protect its historic monopoly.
make dns glueless
and get rid of certificate authorities by using dns
where stuck with those two for some time but come on if we cared about users this would have been done a while ago its a bit like people just typing in the name of the company very few people actually type the full domain they just "google/bing/duck and go"
john
We could do away with the DNS entirely: we ship the OS or browser knowing the IP address of Google™ a popular search engine and then the user searches googles as normal -- with google The Search Engine™ returning an IP address. Most users would never notice. Technical users would DuckDuckGo the IP address as normal.
Seriosuly, this would be one less set of thieves to pay. IPv6 would allow virtual hosting to be implemented via IP-addresses instead of hashes. And international domain names wouldn't be a problem.
Note the icon. Although I've half convinced myself.
The point is that this is a regular filing to the Securities and Exchange Commission, as part of which the company has to discuss any material risks to its business. These boilerplate filings are written by corporate lawyers, and their purpose is to ensure that no matter what happens "we warned you of that risk, so you (investor) can't sue us."
This does not mean that anyone technically competent at Verisign actually expects a problem, just that the lawyers get paid for imagining possible problems.