Why Monitor Your Domain Name?
A domain name is a distinctive mark, one that lets your customers, your suppliers, all of your contacts know who they are communicating with on the Internet. Depending on the popularity of your brand, your domain name may be subjected to counterfeiting or abuse, in the form of cybersquatting. This can damage or abuse your online identity, allowing others to masquerade as you, to their advantage.
As you may already know, ICANN, the regulatory authority for domain names, authorized the principal registries (.com, .net, .org ...) to increase their pricing in 2007. Of course, the registries were not slow to take advantage of the opportunity. A 7% increase in 2007, and a further 7% in 2008, was followed by yet another 7% increase in mid 2010. Now, Verisign will once again be increasing prices, theortically for the last time, on 15 January 2012 by a further 7%. This makes for a total real increase of 31%, which, given the margins on the product is an enormous pill to swallow. Here is what we will do for you...
With its contract with ICANN allowing for 7% price increases per year Verisign has announced that it will again be executing this and raising the prices of COM domains to $7.34 from July 1 2010, and NET domains to $4.65. This has increased the COM price from its original base of $6 in just 3 years.
When we last spoke to Verisign at ICANN Sydney 2009 they suggested further price increases were unlikely. What's changed?
With the approach of the ICANN domain name liberalisation due early next year, this could either cement COMs status as a premium extension, or drive people to look for and explore other extensions. What do you think?
This is so that we do not forget that are are part of a larger union, Europe, and that all of us have an important role to play this weekend: vote!
As you know we've been working on our hosting product at Gandi for 2 years now and getting the technology right was very important for us. If we don't believe in what we're doing we can't expect you to too. Now we've fully launched our virtualised hosting offer based on Xen technology and have 5000 customers already upon us, so we hope this is some indication that we're getting it right. But why did we choose virtualisation? Because it is the future for web hosting. Why is it the future of web hosting? Because it can do anything other types of hosting can, but with greater flexibility, more resilience and often cheaper too.
Follow our recent article "Why domain name services are not all equal" we thought we'd keep you up-to-date on some other industry articles along the same lines. Techcrunch has published this great summary about top registrars using "domain warehousing" to profit from their customers expired domains. The article cites an original article by Andrew Allemann at Domain Name Wire who gathered the information. Interesting stuff.
Some of you may have seen earlier in the year that ICANN (the body in charge of regulating the domain name space) announced that it was going to liberalise the market for domain name extensions, e.g. the bit that follows the last '.' in a name, .com, .net., .co.uk, .eu, etc.
What this means is that in theory anyone can apply to become a registry in their own right, and get .theirname so that you can buy domain names from them and get yourname.theirname. ICANN have now announced that the 'evaluation' process for new extensions will be costly, $185,000. Well costly for you and me, but perhaps not for funds or speculators.
But what is point in all this? Does it matter? Should we care?
The justification for doing it is that the internet is growing, more people are coming online, it allows more choice, blah, blah, blah. Which has some truth to it. But in some ways there is already an infinite number of domain names available across each of the roughly 280 existing TLDs (from .ac -> .zw - there should be a catchy alphabet song for them!).
But what does it mean for you, the customer? Well, it does mean you can get more choice. You will be able to buy yourdomain.something. Whether this helps is a different matter. Many of these new extensions will be quite specific, which may help, e.g. myplace.restaurant, or myhouse.london, but it may just create more and more confusion that your chosen name can have so many different extensions, which one is really you?
One result of this will probably be that more and more people will want to authenticate that their domain name, whatever unusual form it takes, can be explicitly linked to them. The most common way to do this at the moment it through SSL certificates, where a third party will guarantee that the domain is owned by a particular individual/company, and that you are browsing on that site in a secure way. So this is something to think about and watch out for...
There is one group of people that will undoubtedly benefit from this liberalisation and that is the spammers, advertisers and squatters.
In the old days if you wanted to protect your brand you could buy all 280 extensions. No longer. With a potentially limitless number of extensions, there is no way that you can get yourbrand.allofthem, so even the most well protected global brands may find a few more lawsuits on the horizon. The beneficiaries of this will be the squatters and advertisers who will use establishedbrand.newtld as an advertising site, or domain auction target (buy this one back, for $xxx).
And then there will be the increased volume of ad sites, just showing endless streams of ad feeds on domain names with no real purpose except to make money for their owner. I always think about this in terms of domain names as property: if the best properties in your town (domains on your tld) were closed down and became advertising bill boards, would you stand for this as a resident? This is exactly what is happening online. Most of the best names/words are turning into bill boards, and it will only continue unless there is a regulatory change to stop or limit it.
So there you have it, the change is coming, the benefits are unclear. But one thing that is clear is that unless ICANN take more of a role in setting and enforcing codes of content for domain ownership/usage, we may find as customers we are browsing in a larger and more polluted domain space.
What do you think?
We believe in domain ethics – your domain is more than just a name, it’s your online presence, your company, profile or project. It should be protected and you should get what you want and what you expect with no tricks. But, you say, surely all domain names are the same? Why should it matter who you buy a domain from as they all come from the same place anyway, right? Well no, unfortunately that’s not true. There are many reasons why different domain providers offer better or worse deals, and it's not just price.
On July 8, 2008, the US-CERT (United States Computer Emergency Readiness Team) announced that they had discovered a new way to quickly take advantage of weaknesses in the DNS protocol. This method targets non updated 'recursive' servers, allowing the 'attacker' to fake an answer as coming from an 'authoritative' server.
Gandi, as a registrar, only owns 'authoritative' servers and was not
affected by this flaw.
However, we are also a webhost now, and our customers go through 'recursive' servers. These servers were updated by our technical team, just a few hours after the announcement.
All right, but what are recursive and authoritative names servers?
There are two types of name servers:
1. The recursive servers, when questioned, get the information from other servers.
2. The authoritative servers have the information requested by (among others) recursive servers.
Recursive servers are those usually provided by ISPs or webhosts for
To simplify : when someone enters the URL of a domain name in his web browser, if the domain is entirely managed by Gandi, a DNS request goes from his computer to his ISP's recursive server, which in turn, requests the information from Gandi's authoritative server, and get the address of this domain name.
Gandi's authoritative server answers politely to the recursive server, which temporarily stores the answer in a cache, and finally, the answer is transmitted to the browser. The temporary cache is used to speed up the answers to a ''recursive' server, and thus avoid too much repetition of the same question. This way, there are less exchanges between ''recursive" and authoritative servers, and the Internet's general behavior is improved.
This new method allows a bad person to trap a vulnerable recursive
server into believing that an answer comes from an
authoritative server. The recursive server, sure that the answer
is correct, stores it in its cache. Does this sound abstract?
Just imagine that you have the ability to pretend to an ISP's customers that you are gandi.net, gmail.com or even amazon.com, and do this for serveral hours at a time... You get the picture.
What you should bear in mind (for our more technical readers)
First of all, the flaw of the DNS protocol is not new.
It was identified quite a while ago and is inherent in its design. The
technique allowing someone to use this flaw was first published on July
21st and showed how to simply bypass the existing barriers.
Once again a new barrier that has been put in place to prevent this. This new procedure has been recommended for several years and works by using a random source port in the request.
It is important to remember that this measure does not fix the flaw but means that any attack would take longer to succeed.
The DNS protocol does not guarantee the identity of individual machines, which makes preventing such attacks more difficult. The DNSSec protocol that
might replace it, is designed to correct this flaw (among other things).
However, and for several reasons, it has not yet been put into place.
In any case, the solution is to use secure connections, such as SSL (certificates, signatures and encryption...) when you wish to be sure of the identity of a site.
But even with all these tools and technologies, it is still important to pay attention to your web browsers SSL warning messages
In anticipation of all the highly-awaited new services (GandiBlog, transparent URL forwarding, API/XML, etc...) that will be released in the upcoming weeks, the entire team at Gandi joins me in wishing you happy
Here is a little stocking stuffer (view from our balcony and a great environment in which to daydream during this time of year):
Sorry for the title, I admit to a certain laziness doubled by a worry concerning the clarity of this blog… Meaning, it’s all about the story of the purchasing of Gandi. This week, I’m going to look at the choices to find capital...
The follow-up to the return of the revenge concerning the purchase of Gandi, or "how to know if we’re ready for this type of adventure, then how to choose our associates"…
To continue the story about the purchase of Gandi… told in a simple and direct way. Hoping this will help other people who have a similar project, I’m doing this without pretension or do I have something up my sleeve (and if this is the case, you will correct me, pronto). All the people I see, personally or professionally, will ask me the question, one day or another, I might as well write it on this blog.