homepage Welcome to WebmasterWorld Guest from 23.20.77.156
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / Domain Names
Forum Library, Charter, Moderators: buckworks & webwork

Domain Names Forum

    
Domain Defense: Protecting Your Domain Registration and Operability
Tips Thread
jtara




msg:3284856
 5:41 pm on Mar 17, 2007 (gmt 0)


System: The following messages were extracted from the latest thread about the RegisterFly debacle. The tips and discussion contained herein merit their own thread, as the issues related to loss of control or loss of access to a registrar's UI may arise again.

First, for those worrying about their domains: in the ICANN announcement, they said that they will bulk-transfer all RegisterFly domains to another accredited registrar after March 31, unless RegisterFly authorizes them to do so earlier.

What I don't know is if they have the ability to actually do that without RegisterFly's cooperation, and whether authorizing information (i.e. passwords) will be included. Without authorizing information, establishing ownership and control of the domains is going to be one huge mess.

This is a good time to point-out what YOU can do to protect YOUR domains. I've lobbied here for webmasters to take a few simple steps to help insure continuity in the case of the failure of a registrar. It's usually been met with "that's not going to happen". Now the worst-case scenario has occured, and a major registrar has failed. There are a few things you can do:

1. Do NOT get hosted services from your registrar, or (conversely) register your domain with your web host. This is putting all your eggs in one basket. What if you have a billing or TOS dispute regarding your website? You may not be able to move your web hosting to a different host, and, worse, your domain name may now be in jeopardy. What if the company fails? You may now have nothing - no web site, no domain name. At BEST, you might get things straightened-out after an extended down-time.

2. Do NOT use DNS services from your registrar or from your web host. Use a third-party DNS provider. By using a third-party DNS provider, you retain the ability to make DNS changes should your registrar fail, and a nimbler recovery should your host fail.

If the registrar fails, your domain name is still registered - at the TLD registry, which is distinct from the registrar. (Lord help us if a registry ever fails...) However, you may not be able to make changes at the registrar, which means you may not be able to change DNS records (if you use their DNS services) or you may not be able to change NS records (if you use DNS services through a third-party or through your web host). Indeed, this seems to be the case for many users in the present situation.

Since you may have to live with your NS records as-is, without being able to change them, for some indeterminate period, you want them pointing to a reliable provider, and preferably one that is NOT your web host. (Same issues regarding disputes - don't put all your eggs in one basket.)

3. Make your that you can be contacted through your listed WHOIS email address. Test it! In the case of a failure, the registrar, ICANN, or the registry will probably need to contact you. Make sure that they can.

4. Privacy is nice. Establishing your ownership and control over your domain is more important. Consider whether using a privacy service is really as prudent as your think it is. Most webmaster that use a privacy service use a privacy service provided by their registrar. Now, what happens if the registrar fails? Oops.

If you feel you need privacy, it can be done without using a privacy service. U.S. Post Office Boxes are cheap (dunno about other countries). I am referring to a real U.S. Postal Service box, not the private companies, which are MUCH more expensive. A phone number that goes to voice mail can be obtained for very little or free. (Hint: look at VOIP services that have "dial-in" numbers - nobody says you actually have to USE the VOIP service...). Ditto inbound FAX services. If you have a company name, use the company name rather than a personal name. If you have serveral domains registered, this is a cheaper approach than most privacy services.

Do NOT use fake information! Make certain that in the case of a registrar failure, you can establish legally that you are the owner of the domain, using only the public WHOIS information.

[edited by: Webwork at 2:26 pm (utc) on Mar. 20, 2007]
[edit reason] Tidying up. [/edit]

 

jake66




msg:3284967
 8:33 pm on Mar 17, 2007 (gmt 0)

jtara, just about everything you mentioned i am guilty of!

though to present, i've only had downtime issues with my registar/host.

although i do not want my site to disappear at any time, i am most concerned about losing my .com, rather than anything else. (i keep backups the website & database, etc. on disks away from the host)

all of my whois information is proper and correct. do i need to worry about the registar holding me hostage for my domain, like registerfly customers seemed to have fallen victim to?

gpmgroup




msg:3285479
 2:24 pm on Mar 18, 2007 (gmt 0)

Excellent advice from jtara

I would add

Don't leave it while the last minute to renew - Always be paid up for at least a year in advance, multiples of years for names that are important.

That removes deletion cycle worries if it all does go wrong because sorting out the mess as this shows, is likely to be weeks or months.


Wow. I always wondered what would happen if a registrar ever tanked, simply because of bad business, if nothing else.

ICANN and the GNSO should take note of what has happened because if the same thing happens to one of their "proposed in the name of competition new registries" the fallout could effect 10 times as many people down the line.

PowerUp




msg:3285527
 4:04 pm on Mar 18, 2007 (gmt 0)

2. Do NOT use DNS services from your registrar or from your web host. Use a third-party DNS provider. By using a third-party DNS provider, you retain the ability to make DNS changes should your registrar fail, and a nimbler recovery should your host fail.

If the registrar fails, your domain name is still registered - at the TLD registry, which is distinct from the registrar. (Lord help us if a registry ever fails...) However, you may not be able to make changes at the registrar, which means you may not be able to change DNS records (if you use their DNS services) or you may not be able to change NS records (if you use DNS services through a third-party or through your web host). Indeed, this seems to be the case for many users in the present situation.

Since you may have to live with your NS records as-is, without being able to change them, for some indeterminate period, you want them pointing to a reliable provider, and preferably one that is NOT your web host. (Same issues regarding disputes - don't put all your eggs in one basket.)

Can someone explain this to me? I don't quite understand. What's a DNS service / DNS service provider?

wildbest




msg:3285557
 4:57 pm on Mar 18, 2007 (gmt 0)

Can someone explain this to me? I don't quite understand. What's a DNS service / DNS service provider?

Theory is one thing and practice very often is something quite different.

Having one registrar/domain registration provider, another web host provider and a third-party DNS provider is a bad choice. Too often such a situation would result in support request loops...

If your domain is not resolving for some reason you send support request to your registrar. But what about if they say that everything seems okay at their end and you should check with your hosting provider?! Your hosting provider would claim the same and that you should check with your DNS provider. Your DNS provider would send you back to your registrar or hosting provider... :)

jtara




msg:3286003
 7:29 am on Mar 19, 2007 (gmt 0)

There's some additional information available on an ICANN blog:

[omblog.icann.org...]

Good news: ICANN has taken steps to prevent RegisterFly domains from being dropped by registries while the mess is being sorted-out.

Bad news: It appears my suspicions about ICANN's ability (or inability) to bulk-transfer RegisterFly's domains without their cooperation were on the mark. ICANN is now taking legal action in federal court to attempt to get copies of RegisterFly's databases containing customer data. First, ICANN has to prevail in court. Then, they have to actually get their hands on the data. Given the volatility of the situation, that certainly is not a given.

The only good that can come from this is that ICANN will now be forced to develop procedures that will insure that the NEXT time a major registrar fails, the transition will be handled smoothly and without loss of domains, and will develop procedures insuring that ICANN has access to copies of customer data as part of routine operations, without requiring action and cooperation on the part of the registrar.

An alternative future is that it slowly dawns on all what a bad idea the multiple-registrar system is as currently designed. If ICANN has to collect all customer data as a part of routine operation, in order to safeguard against registrar failue, doesn't ICANN then become, in effect, a single central registry? So, do we then go back to where we started many years ago?
-----

In answer to PowerUp's question and wildbest's concerns regarding third-party DNS:

A DNS server is a name look-up service. You give the DNS server a domain name, it gives you an IP address. DNS servers have a core role in the Internet - that of allowing sites to be looked-up by name.

Part of your registration data is the address(es) of your DNS server(s). (You are required to have at least two DNS servers.) This is most often referred to as your "nameservers".

You are free to provide DNS service in any way you want to. You can provide your own DNS servers. You can use DNS servers provided by your web host. You can use DNS servers provided by your registrar. You can use DNS servers provided by a third-party service provider. It's up to you.

DNS servers are NOT a part of core registration services. A registrar is NOT required to provide DNS servers. Most do, as a convenience to their customers. Some don't. As well, many web hosting companies provide DNS service as a convenient freebie. So, many webmasters have two FREE choices. So, am I insane suggesting that you PAY somebody else to provide a service that two companies are already offering you for free?

Really, I think we'd all be better off if none did. It's confusing, and many webmasters are of the erroneous opinion that DNS service is part of registration service. It isn't. It's a convenient freebie. IMO, you gets what you pays for.

I disagree that using third-party DNS is likely to result in "support request loops". It's easy to disgnose where a failue to access a site lies - with the registry, the DNS provider, or the web site - and every webmaster NEEDS to have to knowledge and tools to do so.

I hope it's not a violation of the TOS here to mention that dnsreport.com provides a through, free, online instant evaluation of DNS-related problems. Give it your website address, and it will give you a detailed report indicating any problems that it found. Do it now. I'll bet it finds problems for 10-20% or more of you.

Between dnsreport.com, whois, and nslookup/dig, you should be able to diagnose any DNS-related problem.

Blacksheep




msg:3286883
 3:55 am on Mar 20, 2007 (gmt 0)

Jatara Thank-you for the DNS recommendation.

I have spent the last 30 days trying to get a domain transferred from register-old to register-NEW after three failed attempts and not knowing who to "Blame" (Old or New) I decided to try the transfer with register-3

Made the request 10:00PM SATURDAY Transfer was completed 5:00PM Monday Just 43 hours later.

I had already decided to KEEP my domains and Hosting separate, but had never thought to keep the DNS control separate also.

Thanks for taking the time to educate this newbie!

[edited by: Webwork at 6:14 am (utc) on Mar. 20, 2007]
[edit reason] WebmasterWorld TOS - Please, no "sticky me" posts [/edit]

phranque




msg:3286929
 8:04 am on Mar 20, 2007 (gmt 0)

Between dnsreport.com, whois, and nslookup/dig, you should be able to diagnose any DNS-related problem.

i often use a treasure trove full of links to free/online/instant tools (such as dnsreports.com) that was created by Gunter Ollmann, currently Director of Security Strategy for (recently acquired by) IBM Internet Security Systems:
[technicalinfo.net...]

[hint]i can't imagine why there isn't a home page link to a similar set of tools on WebmasterWorld[/hint]

tamar




msg:3287357
 4:27 pm on Mar 20, 2007 (gmt 0)

1. Do NOT get hosted services from your registrar, or (conversely) register your domain with your web host. This is putting all your eggs in one basket. What if you have a billing or TOS dispute regarding your website? You may not be able to move your web hosting to a different host, and, worse, your domain name may now be in jeopardy. What if the company fails? You may now have nothing - no web site, no domain name. At BEST, you might get things straightened-out after an extended down-time.

So true and so recent for me. I have a friend who hosted with <a hosting company> and registered his popular domain name through their service. Well, his site (a blog) was consistently being Dugg, and the host said he had to move. He had his new host all set up, but the host's staff did not have the knowledge to update the DNS properly. Turns out they used the <a domain reseller>. It really should not have been difficult, but what could have taken a day took about a week.

With that said, another problem with putting all your eggs in one basket is that their staff doesn't know how to handle exceptions.

[edited by: encyclo at 5:12 pm (utc) on Mar. 20, 2007]
[edit reason] specifics, see forum charter [/edit]

incrediBILL




msg:3287401
 5:15 pm on Mar 20, 2007 (gmt 0)

Use a third-party DNS provider

Guess I'm not seeing where you're much safer if your DNS provider is the one that drops dead.

I think the real answer is:

5. Don't use such cheap registrars and hosts that there is risk they might go belly-up!

Paying a little extra usually pays off in the long run as low-cost operations tend to have issues with support, equipment, and worse in cases like this where the rug gets pulled out from under them.

My primary domains have been with NETSOL from the beginning and I doubt I'll ever move them unless something crazy happens and I also host with a subsidiary of a very large company. Doesn't mean either of them can't go defunct, but it's probably less like to happen than with RegisterFlyByNight or HostingForCheapskates companies.

Just my $0.02.

jtara




msg:3287460
 6:05 pm on Mar 20, 2007 (gmt 0)

I'm not seeing where you're much safer if your DNS provider is the one that drops dead.

Assuming that your registrar has not ALSO dropped dead, you get another DNS service, and then change the nameserver pointers at your registrar.

With third-party DNS, you have a recovery option if any one service provider (web hosting, registrar, DNS provider) fails. And even in some cases of two failures. (Failure of the registrar and DNS provider would be the worst case.)

Use your registrar's DNS service, and you are out of luck if your registrar fails, until the mess is resolved.

Webwork




msg:3287523
 7:03 pm on Mar 20, 2007 (gmt 0)

Moderator's Note: If you are interested in discussing DNS service providers I have started a thread for that purpose. Please place all posts about DNS providers in this thread: DNS Service Providers: Who do you use? Why? [webmasterworld.com]

macdave




msg:3287568
 7:47 pm on Mar 20, 2007 (gmt 0)

Bill, glad to see I'm not the only one who's stuck with NetSol. While they've had their issues over the years, a couple bucks a year is a small price to pay to know that your registrar isn't going to close up shop overnight.

plumsauce




msg:3287611
 8:08 pm on Mar 20, 2007 (gmt 0)


Thank you for choosing to allow the outbound link to remain. Nice to have a new alternative.

WebDon




msg:3287694
 9:13 pm on Mar 20, 2007 (gmt 0)

Hmmmm...guess I still don't get it. Here's my question:
If your registrar goes belly-up and disables your domain how does having a third-party DNS service help? If the registrar disables the nameserver pointers it seems like it doesn't matter where your DNS or hosting is...you have a problem.

I can imagine an example or two where a third party DNS service could provide options to resolve a crisis, but Registrar failure isn't one of them from what I understand of it.

Can you help me get this straight in my head?

jtara




msg:3287728
 9:33 pm on Mar 20, 2007 (gmt 0)

If your registrar goes belly-up and disables your domain how does having a third-party DNS service help? If the registrar disables the nameserver pointers it seems like it doesn't matter where your DNS or hosting is...you have a problem.

It's important to understand the differences between and roles of, the registrar, registry, and root servers.

The registrar (example: GoDaddy) collects payment, information, and sends data (domain name, nameserver pointers, WHOIS information) to the registry (example: .com/Verisign, .us/Neustar). The registry is able to push updates made to nameserver pointers and SOA records to the root servers. The SOA records and nameserver pointers - in the rootservers - are what ultimately control access to your domain by users.

The registrar (without the cooperation of the registry) CANNOT disable your domain. The registrar CANNOT disable your nameserver pointers. Only the registry and rootservers can do that. In a case of registrar failure, the registry can simply refuse to honor drop requests from the registrar. (This is what has now been done with Registerfly).

And, in any case, the registrar would have little or no reason to do so. (Except for spite and to make a bad situation worse - which I don't put past the players in the current situation...)

So, in the case of registrar failure, your nameserver pointers are still there - at the registry, and in the rootservers - which is where they always live. A registrar can completely fail and go off-line, and your domain still lives, because there is nothing in the global DNS system that DEPENDS on the continued existence or operation of the registrar.

The problem you have, though, is that potentially, you have no user-interface to change the nameserver pointers. You are stuck with the nameserver pointers you previously set-up until the mess is resolved. As far as I know, there is no procedure for an individual webmaster to contact the registry and have them change their nameserver pointers.

If you use DNS services at your registrar, and the registrar fails, you may not have access to the DNS control panel. The registrar might shut-off DNS service altogether. (DNS service, when provided by the registrar, is a freebie service offered directly by them - NOT by the registry.) Now, you are stranded, because you also have no way to change the nameserver pointers and switch DNS providers.

Note that you also have similar protection by using DNS service provided by your web host. There are other issues, however, with using host-provided DNS servers - for example, they tend to be less robust and redundant than either registrar-provided or third-party DNS service.

The WORST CASE is to use the DNS service provided by your registrar. This gives you the least control in the case of failure.

WebDon




msg:3287758
 10:04 pm on Mar 20, 2007 (gmt 0)

OK...thanks. That I followed. The break in my understanding was the difference between the Registry and the Registrar. You don't have to think of those two as separate entities very often so I imagine that's a subtle, yet VERY important detail to be aware of.

wheel




msg:3287799
 10:44 pm on Mar 20, 2007 (gmt 0)

The last thing we want or need is Icann having access to that level of client information. The current system functions just fine,competition wise. The fact that one has died only means that competition is live and well.

A better, free market, solution would be for some smart registrars to put in place some sort of escrow-like system where people are assured that they can still access their domains in the event of a registrar failure. Problem solved, and we've still got our choices and competition.

sandpetra




msg:3287953
 2:21 am on Mar 21, 2007 (gmt 0)

Really useful - well put together

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Domain Names
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved