Another TLD coup for nic.at’s RcodeZero DNS

nic.at’s RcodeZero DNS service has just started supplying Anycast technology to the Polish domain extension .pl. This means that nic.at infrastructure provides supplementary hosting and security to the seventh biggest ccTLD in the EU with over 2.5 million domains. According DNSperf statistics, RcodeZero DNS is one of the fastest anycast providers worldwide.

CEO Richard Wein is delighted with the new RcodeZero DNS customer NASK, the Polish national research institute responsible for the Top Level Domain .pl.

“After .nl and .eu, we have succeeded in convincing another major country code TLD with a couple of million domains to use our services. In an industry where you know each other very well, this is a big compliment for me: The relevant players trust the technical competence of nic.at. This shows that even a small country can provide services to the big ones so long as you focus on quality, reliability and flexibility.”

It is the clear goal of nic.at to gain more RcodeZero DNS customers within the TLD community – also on other continents.

The technical implementation for .pl is proof of nic.at’s ability to meet individual customer requirements. The .pl TLD consists of 159 subzones. Therefore – in contrast to other customers with fewer zones – every process and check has to be performed 159 times before distributing the zone to the servers all over the globe.

The constant expansion and upgrading of the RcodeZero infrastructure is also recognised in the worldwide Ranking of DNSperf where the DNS performance of the top Anycast providers is measured. RcodeZero DNS actually ranks sixth – not far away from well-known names like Cloudflare and Wordpress.

This nic.at news release was sourced from: https://www.nic.at/en/news/nic-at/another-tld-coup-for-nicats-rcodezero-dns

Afnic Updates .FR Registry Lock

Afnic have announced changes to the Registry Lock for .fr that are intended to speed up adoption of the service.

There are four major changes announced:

  • a 24/7 service even easier to use, and an authentication process which speeds up interactions between contacts
  • the use of dual authentication, which strengthens the security process even further
  • batch locking and unlocking: all or some domain names associated with the owner can be locked and unlocked during the same application
  • registration of authorised contacts for locking and unlocking operations in a “directory”. This list of advisors and trusted contacts is checked upstream by AFNIC’s customer representatives.

Afnic launched their Registry Lock for .fr in 2015. A Registry Lock provides peace of mind for businesses, in particular that their domain name is made much more difficult to hijack, if not nigh on impossible providing their details are kept up to date.

With the Registry Lock operational, any changes to the ownership of the domain name cannot be made without authorisation from the registrant, which must be verified by Afnic with the coordination of the registrar.

Only a handful of .fr registrants have chosen to take advantage of the Registry Lock domain names. Currently only 350 domains are locked in this way out of 3.4 million, but this number is up from 216 as of December 2018.

A fee is charged by the registrant’s registrar, but this is quite small for business and very small if a domain name is hijacked and used for nefarious purposes and can lead to a loss of business and trust among customers.

Neustar And .US To Hold Virtual Town Hall On 24 October

Neustar and the usTLD Stakeholder Council will hold a virtual .US Public Stakeholder Town Hall Meeting on Thursday October 24, 2019 at 11:00 EDT. The Town Hall will provide an opportunity for the community to hear from the .US team on the 2019 developments and for community discussions on how to build and grow the .US domain to meet the demands of the future.

In addition to an “open floor,” where stakeholder thoughts, suggestions and questions can be addressed, there is a plan to focus on two key topics:

  • Marketing and .US: The Voice of .US
  • 2019 Policy Year in Review and What’s ahead: Our Policy Recommendations, Locality Space updates, Statistics and overview

The meeting will take place virtually, and details will be circulated to all registered participants in advance of the meeting. For anyone interested in the .US domain space or internet growth and trends, Neustar and .US are encouraging participation.

To register for the free virtual Town Hall, click here.

Almost Half of 20 Most Abused TLDs Are ccTLDs As Newly Detected Botnet C&Cs Reach All Time High: Spamhaus

Spamhaus released their quarterly Botnet Threat Update for the third quarter of 2019 and almost half of the TLDs in their top 20 “most abused top-level domains” were within ccTLD name spaces: .ru (Russia), .pw (Palau), .eu (European Union), .ga (Gabon), .tk (Tokelau), .su (the former Soviet Union), .ml (Mali), .cf (Central African Republic) and .me (Montenegro). There were also a handful of new gTLDs: .top, .xyz, .icu, .name, .live, .site and .club. But the TLD with by far the most abused domains, and also by far the largest, was .com, with 4,058 abusive domain names and around 145 million domains in total while .net was second with 534 fraudulent domains.

During the third quarter the number of fraudulent domain names registered within Russia’s ccTLD .ru almost halved from 731 domains in Q2 to 392 domains in Q3. And 2 more gTLDs joined .com in Q3 in the top 3: .net and .info.

Of the registrars with the most abused domain names on their books, Namecheap easily came out top with 1,034 while the Chinese West263.com was second with 375. By country, there were 5 Chinese registrars on the top 20 list, 3 from the United States and 2 each from Russia and Germany.

The highlight, or rather lowlight, of the report from Spamhaus’ point of view was the number of newly detected botnet command & control servers (C&Cs) reached an all-time high in July this year with more than 1,500 botnet C&Cs detected by Spamhaus Malware Labs. This is far in excess of the monthly average, set in the first half of this year, of 1,000 botnet C&Cs.

One of the most notorious botnets called “Emotet”, however, did appear to go on vacation. This botnet went silent for several months, but returned in September with a large scale spam campaign. Emotet, also known as “Heodo”, was a former e-banking Trojan that targeted e-banking customers around the world. In 2018, Emotet ceased it’s e-banking fraud activities and started to offer infected computers on a “Pay-Per-Install” model to other cybercriminals. As of 2019, Emotet is one of the most dangerous botnets and indirectly responsible for a large amount of ransomware campaigns like Ryuk.

The most notable change between Q2 and Q3 Spamhaus observed was TrickBot. They identified a 550% increase in the number of botnet C&Cs that were associated with this malware family. There were additional smaller changes in the malware landscape, with some families dropping out of the charts and others appearing.

Spamhaus observed they continued to see Cloudflare, a US-based content delivery network (CDN) provider, being one of the preferred options by cybercriminals to host botnet C&C servers. This trend has been evident since 2018. Disappointingly, Spamhaus say they’ve still seen no apparent attempts from Cloudflare to battle the ongoing abuse of their network for botnet hosting and other hostile infrastructure. However, as of Q3, Cloudflare got beaten by the Chinese cloud provider Alibaba, by a narrow margin of 4.

There was also a surge in the number of Botnet C&Cs hosted in Russia with a proliferation of botnet C&Cs hosted across various hosting providers in Russia, notably ispserver.com, reg.ru, simplecloud.ru, marosnet.ru and spacenet.ru. After a short period of respite, there is once again a trend among cybercriminals moving their infrastructure to Russian Internet service providers.

The Spamhaus Botnet Threat Update: Q3-2019 can be downloaded in full from: https://www.spamhaus.org/news/article/789/spamhaus-botnet-threat-update-q3-2019

Google Launches .NEW Sunrise This Week

On the same day that Google is making their big announcement of new and updated products, their Google Registry, aka Charleston Road Registry, is launching the Sunrise period for their .new gTLD, which is promising something… new! Google is billing their new gTLD as one that “must be used for action generation or online creation flows.”

Already underway is a “qualified launch period” that commenced on 6 September and runs until 14 January 2020. This period will see up to 53 .new domains registered to promote the gTLD. And ending this week has been a “sunrise notice” period where trademark owners are notified of the .new Sunrise Dates and policies.

Which brings us to the Sunrise period, which commences on 15 October, the same day as Google’s annual showcase in New York City that is expected to see the launch of the Pixel 4 and other hardware products. The Sunrise period for trademark holders to get their domain names will run until 14 January.

Leading up to General Availability in July 2020 there will also be a “Limited Registration Period”, from 14 January to 14 July. This is a period during where prospective registrants can apply to operate .new names, that will be allocated by Google Registry in batches provided that they demonstrate compliance with the .new registration policy and other specified criteria.

This will be the seventh of Google new gTLDs that will be publicly available out of a total of 46 that have been delegated, many of which will be for Google to use in house. The largest is .app, currently with 425,000 registrations followed by .dev with 164,000 – the only 2 with more than 100,000 registrations.

So what’s new about .new? Google explains in their policies posted on the ICANN new generic top-level domains page that “all .new domain names must be used for action generation or online creation flows. Navigation to a .new domain must bring a user directly into the action generation or online creation flow. Navigation or redirection to a homepage or landing page that requires the user to take additional steps or clicks to initiate action or creation will not be deemed to comply with this policy. An exception is provided for services that require a user to be logged in, navigation to a .new domain may bring a logged-out user to a sign up or sign in page. After completing sign in and any other required authentication, the user must be brought directly into the action generation or online creation flow. A user that is already signed in must be brought immediately into the action flow. Subscription services that require an account to access content or undertake activities may register .new domain names, provided that, upon request, Google Registry or its designee is granted access free-of-charge to verify compliance with this policy.”

Google goes on to explain “any .new domain must be compliant no more than 100 days from the date of registration; and a link to the .new Domain Registration Policy and other resources provided by Google Registry indicating that users can find the full Action Domains Requirements and more information about enforcement by following the link.”

Google Registry note in their policies document they “believe the benefit of the programme will be to promote the success of not only the .new registry but ICANN’s new gTLD program as well. By publicising quality .new websites to consumers at an early stage and indicating the type of specialised content they will find there, Google Registry will be able to guide interested registrants to the opportunities afforded by .new SLDs.  In addition, by launching and promoting select domain names before and during Sunrise, Google Registry will raise awareness of the Sunrise program and allow trademark holders who may have otherwise not been able to avail themselves of the opportunity to protect their brands during the .new Sunrise to do so. Google Registry will also be able to generally demonstrate the value of the new gTLD programme, which enhances consumer choice by expanding the SLD namespace, providing registrants with flexibility, opportunities for differentiation, and enhanced utility of domain names.”

As with all of Google’s new gTLDs, .new is a secure namespace that requires HTTPS to be used on all .new domains in order for the domains to work in web browsers.

Radix Adds .UNO Taking Its Tally To 10 New gTLDs

Radix, the largest of the new gTLD registries by domains under management with over 5.1 million domain names, has added .uno to its portfolio taking its tally to 10 new gTLDs.

“Uno” is probably most recognised around the world as a card game or the Spanish and Italian for the number one. But in the world of new generic top-level domains it was the sole new gTLD delegated to Dot Latin LLC and the operator had proposed it as an alternative to .com aimed at the Hispanic and Italian communities. It was delegated in November 2013 and currently has 16,400 registrations, with three-quarters (12,300) of its registrations through the one registrar, Domainia.

The ownership transfer was completed in September 2019 and Radix now has exclusive rights to operate .uno globally. The domain extension will be available across Radix’s 200+ registrar partners from early 2020. It will be the smallest of the now 10 new gTLDs operated by Radix.

.UNO is the second 3-letter domain in Radix’s portfolio, the first one being .FUN which was launched by Radix in the first half of 2017. Going by the trends, Radix say 3-letter new top-level domains have seen natural acceptance globally with a consistent uptake. To give some perspective, four of the top-ten new domain extensions (by zone size) are 3-letter domains; accounting for up to 8.5M+ registrations in total.

“We are excited to add .UNO to our portfolio which boasts of some of the most successful new extensions,” said Sandeep Ramchandani, CEO, Radix. “As with our other TLDs, the idea is to invest in various marketing avenues to take .UNO to the market with our strong registrar network; specifically in geographies such as Latin America and Asia where there is an affinity to the string.”

Existing users on .UNO include giga.uno, a business content management solution provider; platform.uno, an open-source platform for building apps; seed.uno, a UN organisation; amongst many others.

Radix began its journey as a new domains registry in 2012 with 7 new domain extensions and one repurposed ccTLD .PW; and since then has acquired .TECH (2014), .FUN (2017) and now .UNO (2019). “We are always on the lookout to acquire nTLDs that align with the top-notch quality of our other TLDs.”, added Sandeep Ramchandani.

Currently, Radix is the only new domain portfolio registry that has two of its domain extensions, .ONLINE and .SITE, with over 1 million registrations each.

Nominet Increasing .UK Registry By 4%

Hosting for 1 buck!

The registry fee for .uk domain names is increasing 15p, or 4%, to £3.90 from 13 January 2020, Nominet announced Tuesday.

The increase comes after an annual review of pricing and reflects some of the increased costs of running the registry since prices last changed in 2016. Having absorbed the majority of the costs, Nominet say they decided a 4% rise in the wholesale price was appropriate.

Announcing the increase, the .uk country code top-level domain (ccTLD) registry say they’re committed to investing in meeting their obligations as part of critical national infrastructure, developing the resilience and reliability of their systems, delivering world-class customer service, and increasing the promotion and visibility of .uk domains. Nominet believes these investments are important and benefit all stakeholders.

Nominet say they set the wholesale prices for .uk domains, accessible to their members at a discounted rate, which one assumes means members pay a reduced registry fee.

.BOND To Commence Sunrise on 17 October

The .bond new gTLD, originally applied for by the Australian Bond University, but now owned by the operators of .icu, ShortDot SA, is gearing up for a launch with Sunrise commencing on 17 October.

.bond will be launching in its Sunrise phase, for trademark holders, on 17 October. Sunrise will last 33 days ending on 18 November. Following will be an Early Access Program that adds an access fee to the cost of registration that will gradually decrease over the first seven days, giving users the ability to register more desirable names before others. Prices for the EAP appear not to have been publicly released, but .bond registrars will receive a detailed email with pricing for the EAP as well as normal wholesale registration rates. There will be a small list of Registry Reserved names. General Availability will then commence for .bond on 19 November.

“Our goal is to let end users be creative, free, and unique online with what is to the left of the dot by making the extension short and easy to recognise. We think .bond will resonate with those in the financial services arena, but we are excited to find out exactly who the early adopters will be,” said Lars Jensen, founder and CEO, ShortDot.

“We recommend that trademark owners who want to register their matching .bond domain reach out to their preferred registrar or take a look at our list of accredited registrars to secure their brand as soon as possible,” he added.

ShortDot uses CentralNic as our backend service provider and when .bond officially launches on 17 October all registrations, renewals and EPP lookups will be done via the CentralNic EPP servers.

CIRA Jests With “Don’t Be A Traitor” Campaign, Challenging Canadians To Choose A .CA Domain

CIRA is sending in the law enforcement, the “Eh Team”, threatening Canadians who choose a .com or other top-level domain instead of their very own .ca in a humorous attempt to encourage more .ca domain name registrations.

It’s the Canadian ccTLD registry’s first ever broadcast campaign, called “Don’t Be A Traitor”, and is hoping a little fun will help educate Canadians as to the value of .ca domain names for Canadian businesses.

“Even today, it is estimated that more than 50 per cent of Canadian businesses still don’t have a website,” said Byron Holland, president and CEO of CIRA. “These businesses are missing out on economic advantages that the web offers, and if they don’t have a .CA domain, they are missing out on potential customers as well. Our goal with this campaign is to break through the noise with some over-the-top humour, and demonstrate the value of a .CA domain for Canadian businesses.”

CIRA’s .CA Domain Squad is dogged in their efforts to help Canadian business make the right choice to attract more customers to their businesses with a .CA domain name. Their methods are at times extreme, but it’s only because they care.

CIRA explains the .CA Domain Squad is comprised of:

  • The Sergeant: He’s not just a “by the book” type, he wrote the book.
  • The Rookie: What he lacks in experience he makes up for in knee-high socks.
  • The Loose Cannon: Rumour has it she once bought a poorly made juicer from a .com website. She has never been the same since.
  • The Vet: He retires in two days. Hopefully we can wrap this up by then.
CIRA’s Don’t Be A Traitor advertisement

“.CA domain names help Canadian businesses attract more customers, enhance their brand, and they help support Canada’s internet,” said David Fowler, vice president, marketing and communications at CIRA. “Our goal with this campaign is to promote the value of .CA to support Canadian businesses. Using anything else is almost criminal.”

The commercial will air over broadcast television in the Greater Toronto Area from 23 September until 17 November. It will also be featured on streaming services and in cinemas in the Greater Toronto Area.

An integrated social media, search and content campaign featuring the .CA Domain Squad will accompany the commercial.

Former auDA CEO Allegedly Falsified Academic Record and Misled Investigators

auDA logo

It’s been revealed that former auDA CEO Cameron Boardman “faced allegations of falsifying his academic record and misleading those investigating his qualifications before his sudden departure” according to a report in today’s Australian newspaper.

The newspaper has seen documents containing several allegations against Boardman, who was also a former right wing Victorian Liberal Party politician (in Australia the Liberal Party is the right wing/conservative party).

The report in The Australian [subscription required] says a letter seen by the newspaper to Boardman from former Chair Chris Leptos alleges Boardman “falsified his academic record by including a master of laws degree (LLM) from La Trobe University. Leptos abruptly resigned his position of auDA Chair after walking out of a board meeting in late July, possibly after these allegations were raised.

Rumours have been circulating questioning whether Boardman had the academic qualifications he claimed for around 18 months with Domain Pulse reporting on them in April 2018. Domain Pulse understands the auDA Board was informed in 2017 of questions relating to the CEO’s qualifications, but that the Board refused to investigate. According to Domain Pulse sources, a Board majority out voted the concerns of some of the directors.

“You have said that you were able to and did apply to graduate in absentia. You have, however, not produced that application or anything to confirm that you did graduate,” Leptos’ letter continues.

“Why did you hold yourself out to have the qualification when you had no confirmation from La Trobe University that you had that qualification? At what point did you regard yourself as holding an LLM from La Trobe?”

The letter goes on to allege that ‘Boardman misled investigators, who were looking into the veracity of claims he held a master of laws degree.’

“When the issue of your qualifications was being discussed … You pointed to the frames indicating that the front frame contained your MBA from Monash University (and indicated) the second framed document was your LLM,” Leptos wrote.

“You have previously indicated that you do not have the ‘paper’ LLM degree.”

The Australian says they understand “Boardman resigned soon after learning of the allegations.”

Since Boardman’s “resignation”, The Australian reports he has been paid “a full 12 months’ salary and [auDA] paid for him to attend [the APTLD] conference in Malaysia” in early September, a full month after his departure.