These were very important domains. Without them, this $1 billion+ company immediately lost all of its ability to generate revenue. It was quite shocking.
The problem was discovered when users started getting the registrar’s landing pages rather than the company website pages. It was fixed relatively quickly once identified but do to DNS propagation took about 48 hours for complete resolution. During the window unrecoverable revenue well into the hundreds of thousands was lost.
It seems to me that a domain renewal is always a risk, even with a highly reliable registrar. A good defense is to limit the renewals for important domains by registering them for as long as possible (10 years). Even then you have a weak spot because your credit card will be expired by then so you should back that up with a calendar reminder a few months prior to renewal to make sure everything is set.
This is an interesting take. I prefer the opposite approach: choose the shortest possible registration window (1 year), and have a very clearly defined, properly-documented renewal process that multiple people at the company understand. It's unlikely that all of those people leave the company in a 1-year window, so the knowledge gets passed on reliably.
If a renewal happens only once every 10 years, then it seems very likely that the person responsible for it has moved on, knowledge around the process is lost, and at best the documentation is very out-of-date (but more likely it's missing).
My process is to have a shared calendar for these high-risk renewals. Top company officers should be on this calendar (CEO, CTO, and some engineering VPs). The calendar contains recurring events for domain and SSL cert renewals. These calendar events are set up for about 1-month before the actual renewal, and fire reminder emails at several intervals beforehand (in case people are away or on PTO).
It is like having replacement toothpaste ready for your bathroom. It is such a nuisance to go out and buy it on the day it runs out, and more likely to have a day without if you do not keep replacements ready.
It would be hard to make the case for 2x, but 10x?
This feels like a solid way to do it.
To have a process be remembered, make it monthly or quarterly.
This is vastly more powerful than you need to simply call a shell script which generates SMTP email to your email@example.com address, but can serve the purpose:
You can use this for all sorts of things like maintenance notifications, automated emails to a facilities group on N schedule to change air conditioning filters, whatever needs to occur on a specific recurring time schedule.
The same rule applies to any email address that you use to purchase and renew domains and other critical services. If renewal emails are being sent to someone who doesn't work there anymore, something is very wrong.
Even as a small company we have a number of regular infrastructure reviews. Most of the time we just go through the review, find nothing has changed unexpectedly and no new ideas need bringing to the table, we sign off to say all looks well, and the prices takes very little time. Some of this is automated: scripts collate and report information for signoff and we humans verify the result and take actions as needed (in some cases the action needed is to update the script(s)). This may seem wasteful, but a couple of people spending a couple of hours total per month on such checks can save some nasty surprises in future.
Domain status checks is one of the things that gets reviewed.
Has the advantage that a failure might not be so disastrous either.
Also, get a registrar with an API and use a script to figure out how long a domain is valid. Alarm through your monitoring system when you hit the too close for comfort time frame.
You can scrape whois as well but that seems fragile.
I maintained that having to remember to renew a cert every September was more likely to stick with someone than 18 months or two years. It also keeps your blacklist smaller because dead ones age off faster.
I don’t recall how it ended up but we added automated reminders every 30 days starting three months before expiry.
I do try to maintain a margin of at least 3 years on important personal and business domains, though.
Less than 37 months left = immediate attention required.
Registering domains for only a year at a time will negatively impact your email reputation.
The advantage of this is that domain renewals are not broken by payment problems. Payment problems produce a failure state of "domain got renewed, the vendor is harassing us about an invoice"--which is much preferred to "domain did NOT get renewed, our site is down until we update our credit card." It also helps mitigate the "crucial employee departed" problem, since MarkMonitor won't just give up on an unpaid invoice... they will escalate if they don't get paid.
Of course as a matter of practice we always have multiple people with access to the dashboard, but if all those people got kidnapped at once, the domains would still renew.
I recognize that MarkMonitor is more expensive than Namecheap or GoDaddy or whoever, but I also bet that a lot of successful companies that are super reliant on their domains have never called for pricing. I don't work for a mega-corp; we're a nonprofit. And who knows, maybe other registrars may be willing to offer a similar payment structure.
(I'm not affiliated with MM in any way--just a happy customer.)
That said, with Gandi, you can just set it to auto-renew, which works pretty well.
While 100 years or even 10 isn't for everyone, I do still agree: register them for as long as feasible.
Funny thing about domain renewal is that it’s so inexpensive that it can fall through the cracks and not get on the calendar.
Could be useful to think of all the little deadlines that cause risk and use a single process.
The fact that you can doesn't give you a right to do so and in this case it is pretty clear that you would be acting maliciously.
I've seen such 'tricks' up close a couple of times and judges tend to take a very dim view of this kind of behavior.
Also, if payment isn’t received within 30 days you can expect to see the domain forwarded to a “for sale” page.
And given how fast the legal system moves especially across international borders, you will lose hundreds of millions in revenue before getting any kind of verdict, possibly even go bankrupt.
“It’s a nice domain you have here, be a shame if something happened to it” sounds cool in the movies, but in the real life it may be treated as extortion and land one in jail.
1. They do not need to pay you. You have zero chance of getting paid.
2. They can easily identify you as a suspect (even with foreign company or whatever) and the police can investigate further.
So you risk going to jail, with no upside.
Trust me, I know of a ex-cofounder in a previous who company who took off and disappeared with $175k from the company bank account, and despite our best efforts at getting justice or the money back, no one really gave a fuck, and there wasn’t much we could do unless we wanted to get into very expensive legal battles using money we didn’t have, against a person that was hard to get a hold of and with no guarantee of getting our money back, at least anytime soon (years). It was much more practical to just cut the losses and move on, making sure we could do everything to prevent it from happening again by someone else.
And the truth is this is how it is for a lot of things, the successful cases you hear of are really just a small percent of the crimes. Just don’t pick a fight with someone who has the money and determination to hunt you down to the bitter end. Most people eventually give up. Unless you’re killing people or running drugs, there’s a lot of criminal arbitrage you can get away with due to how slow and how apathetic the law is.
Though I sometimes do think about the price I would have to pay if there was a reckoning.
The Chickenshit Club (that is, federal prosecutors in the last ten years) means that big company management can get away with white collar crime, paying other peoples’ money to make charges go away.
Workers or little people at big companies are still subject to prosecution for white collar crime. And apparently since criminal prosecutions are time consuming DOJ has decided to deprioritize them, so if you commit white collar crime for small dollar amounts you’re also likely to get away with it.
“The Chickenshit Club
Why the Justice Department Fails to Prosecute Executives”
You're not making any sense. You started this entire thread by talking about how you'd hold this $billion+ company's domain ransom for tens of thousands of dollars per year, so your sad tale of woe about how you couldn't afford an attorney to chase down an embezzler is irrelevant.
I contacted Google as soon as I noticed and hey have been alright to deal with. Fortunately I am a Gsuite customer. I had to pay a fee to renew and another fee to restore, which was over $100. It’s been in “restoration” mode, ie offline, for days now and I am unable to even touch the DNS records until it’s back. I’ve already lost a week of uptime with zero recourse. FWIW I use a .co domain, and my site was throwing (for 24hrs or so) a splash page saying the domain was suspended.
Eagerly awaiting for it to come back but I’m totally in the dark as to timing.
I just transferred some .com domains to Google from Name.com, I hope these expiry problems are limited to non- .com TLDs...
It really was a massive headache. I have no idea how long it would have taken me to notice (site is my authoritative presence on the web, but is a static personal page — no marketing or sales) and my email is a light trickle of messages by design: bills, bank statements, close personal relationships. Fortunately my brother told me his wedding invite bounced a day after going offline so I could follow up relatively quickly.
I filed a ticket with Google and got first line support within an hour. They confirmed it was still in Googles system. Then I was assigned a Senior Specialist who called me on Monday to confirm ownership. It is now Wednesday and my DNS records are still inaccessible.
If I were you I would definitely set an independent annual reminder to check your domain status, just in case.
Your not the only person whose had issues recently with Namecheap not sending renewal emails.
If you have autorenew set, it first tries to draw against any existing positive balance you have directly with Namecheap. If/when that doesn't work, it then next tries your preferred payment method (e.g. your registered and designated preferred credit card).
I was told if I found a way to clear my couple of buck balance with Namecheap, I'd no longer get the warning email. The first attempt would be against my credit card, which would work, and I'd just get one success email (after preceding "upcoming" emails and all that).
I don't know whether this is correct. It's what I was told by support over chat, IIRC.
About a day before they're completely unavailable for renewal, I'll also get an email from CloudFlare saying the nameservers aren't pointing to CF anymore (I use CF for active and parked domains.)
That is standard behaviour for a domain-registrar, when a domain expires. When a domain expires the previous owner can re-register it during the grace period, after that for an extra fee it can be renewed in the redemption-period.
Finally just before a domain is available for re-registration by an unrelated party it will land in the pending-delete state.
Registrar: Who you registered the domain with
Registry: The company that owns the tld
I've since added a monthly calendar reminder to log in to all registrars and verify all services are still enabled and correctly configured with plenty of time left.
Still domains are so cheap and these horror stories are so common that I realize this can happen with any registrar. There isn't enough publicity over issues like this for people to leave en-mass, so financially I can see this happening. I know one small registrar company and it's like 10 people and they write everything in Perl and run everything in Docker.
Fun thing about name.com. I suggested it to my girlfriend and it turns out they don't require e-mail validation. She mis-typed her e-mail address when she registered, and now she can't get into her account. Forgot password doesn't work because it tries to e-mail an address that doesn't exist. She tried to contact them several times but I don't think the support staff understood the situation.
(Google Domains gives you free whois privacy, but they use that contact for notifications)
There are no features or perks that I know of that compelled me to choose one registrar over the other. It was just a random act.
There are lots of places where we may want redundancy to redund at us.
The registrar may see it as an opportunity to sell you another year of service but it is not their job.
Yeah, it may cost more, but this story just illustrates that you're staking your entire company on a $15/yr service, and you get what you pay for.
Even if you want to run your marketing/landing page/etc off a .io or other fancy tld, run your production stuff off a .com or country-level equivalent so your customers aren't left in the lurch if something like this happens.
- edit - punctuation
You can still mitigate the risk though. Use multiple domains in all marketing materials from different tlds and different registrars. Use regional domains. Have alternative ways to communicate with your customers. It's all very basic stuff. Merely thinking about it gets you far. Most people don't even think about it and blindly rely on centralized services: domain registrars, dns providers, cdn providers, single hosting/cloud provider, etc.
Airbnb has .com, .de, .co.uk, etc.
If they have some disaster with one, they just lose 1 country instead of the planet.
If there's a problem with .de, some users will be intelligent enough to try .com
And if you lose a ccTLD in a major country, you can focus your legal efforts in one legal jurisdiction.
Forward firstname.lastname@example.org to email@example.com and give it out in the emergency support info for support contracts Add it to your status page as needed, (which should be running on someone else's service or mycompanynamestaus.com).
Customers that really need your service, like the ones who pay, will check the status page and can update the endpoint as needed.
Make sure your sip lines don't point to mycompanyname.com.
If you publish a client side app, use 2 domain names as endpoints, mycompanyname.com and mycompanyname.io. Have the app or service check for and fail over if one doesn't work.
Make sure paging and technician notification is handled by a system that won't be affected by this. (nothing more amazing then getting 200 pages AFTER you've spent 2 days recovering a total failure of a system. You just want to go to sleep but you have to wait for the email queue to drain since you can't turn your pager off.)
Either way, use 2 domain names, and set them to expire at 6 MO intervals. Buy the domain for 2 years (or more) and renew every year so you always have 1-2 year lead time to sort out issues.
The list above would probably cost about $200/year and a few extra hours but it keeps you from getting backed into a corner. Everything else in our infrastructures has fail overs, and limited blast radius for failures.
We tend to us domain registration as a single point of failure and one one even things about it.
Also, if the call customer service and you validate it, then they are only offline for a couple hours not days. Also, you should have a status page or twitter or something out of band that you tell people about the day they sign up. You can update there.
EVERY production service with customers needs an out of band way to update. And you have to build and announce that before you need it.
It is a much harder balancing act for a startup, finding a domain register who is reputable and responsive but not "overly" expensive. Even if your entire business relies on it, $1K+/year just may not be in the cards even knowing the risks.
I haven't used it but Google Domains claims they have telephone support and are reasonably priced. Might be worth people checking out, their Gsuite support has been pretty good.
My go-to example of their customer service philosophy: A number of years ago, there was some problem in the electric grid that resulted in power outages over most of the Eastern US and Canada. In response to just their customer service being unavailable for 1 hr during the much longer outage (their production services were unaffected), they offered me a partial refund without me even knowing what had happened. I didn't take it.
Usual disclaimer: Not affiliated with them in any way other than as a satisfied customer for more than a decade.
Haven't needed to call them in the past 18 mos. or so, however, and these things can change.
I have gripes about aspects of gsuite itself, in particular how they've removed a few features that I used from the $5/user/mo tier. Had to move to $10 tier to keep email content filtering (ability to use regex to prevent accidental SSN or CC inclusion). The filtering setup is much easier to use now, but the old system worked well enough.
I've been a reseller for most of the decade and I can honestly say in all the times we've called, we have never had a single issue corrected by support. We usually end up having to find workarounds for bugs. The last time was an autosuspension our panel(s - there are two versions now) would not let us un-suspend the client. This left him without email for a week, while support would only respond during the early AM hours, and would repeatedly ask us to prove identity, even though we were registered resellers with admin panel access.
In all the years of working with different vendors, I honestly cannot think of a single one with a 0% success rate in their support.
My favorite O365 support story is where first level support dicked around so long with a missing mailbox that by the time they escalated the ticket, their backup had been overwritten. Luckily it was a user’s archive mailbox and we still had their source PSTs, so not a lot was lost.
I haven't had too much experience with their service support, but their app support seemed decent. I was having an issue with S/MIME signatures not being parsed properly on Outlook iOS. Support chat seemed competent and knew what was happening (no support for S/MIME signatures yet).
In this case technically they did run from a country-level equivalent, .io is a ccTLD.
Granted no one ever appears to use .io for it's original purpose as the ccTLD for the British Indian Ocean Territory...
ccTLD management is delegated to a company in that nation usually. Unfortunately not all of them are equally well managed - I wouldn't consider gTLDs _exactly_ comparable to ccTLDs in this regard. ccTLDs get to differ in pretty key ways from gTLDs, including deciding their own dispute resolution processes (gTLDs all use the UDRP).
The Internet isn't as free as people think it is. Things still need to be hosts and those providers could simply chose to stop hosting you.
Don't depend critically on companies risking political alignment with you, if what you do has any significant risk due to political association.
>A store cannot have blacks only and whites only bathrooms or water fountains.
It's amazing how someone can unironically defend the plight of a website that they admit produces "highly controversial hate speech" by comparing it indirectly to none other than racial segregation.
Frankly though, this is blown way out of proportion. Plenty of people will do business with them. The Daily Stormer is just the ultimate martyr. They have mastered the art of doing one thing and saying another. They absolutely incite violence and hate, but they're careful to also simultaneously distance themselves from it and play the victim when they wonder why no big company really wants to do business with them. There's a reason why 4chan never really had this issue despite similarly controversial content and the answer isn't just "politics."
No, in my opinion, the real problem is that The Daily Stormer as an entity, is an Asshole. And just like they would in real life, they're being kicked out. Nobody has really made a compelling case otherwise, everyone seems more concerned that big companies actually made a non-nuetral decision (something I wish they'd do more often in the era of fake news and large scale abuse, an era they facilitated...)
I see no slippery slope here. There's a balance to be had.
DO NOT USE web.com or register.com, they're fucking terrible.
In the last 5-10 years the issues started growing. Finally, I hit a wall and transferred everything off their service.
I now get spam emails of them trying to trick me into switching my domains back. The vitriol their helpdesk people receive is about as shitty as I get. Maybe they don't deserve it in their role, but hopefully the angry emails will get them to find a better job asap.
I bypassed NameCheap, because I knew they weren't the ones actually maintaining the records (registrars are just middle-men.) Using the DNS contact in the SOA, I got a response within 12 hours, and it was fully resolved within 24 hours (minus propagation.)
CentralNic contacted NameCheap, as did I, and they got their system fixed within the week.
CentralNic, not Nic. The roots were to nic.xyz.
Edit: If you are going to downvote, state why. Namecheap is a good service for a good price and supports Internet freedom. When even GoDaddy was supporting SOPA Namecheap took a stand against SOPA.
Screwed up the glue on the main domain in use for email, and after a week they still hadn’t resolved it. I fixed it by moving elsewhere.
Edit: the lesson I learned from this was - don’t use a bargain basement company for one of your company’s most important assets.
I opened multiple support tickets with them, and each time the issue would re-appear in 1-3 months. Went on for probably a year or so and I was just about to move to a different DNS provider when it stopped happening.
Who's a good registrar that will contact me first if they get an abuse report?
If the user is going to be able to design + style the pages any way they want, having something in the URL to indicate it's still user content is important.
> How is abuse reported? Can I be made aware of reports of abuse before the domain is suspended?
And support responded:
> Abuse reports can be submitted to our Abuse Team via email using firstname.lastname@example.org where reports are analyzed and investigated further. Warnings are not given out, however, unless the reporter also reached out to the registrant of the domain in question. If a domain has been found to be in violation of our terms of service, the necessary actions are taken.
Obviously, we see a lot of expired domains on a daily basis, mainly because customer's forget to renew despite us reminding them repeatedly during the three months before the domains expire.
1) Make sure there is more than one single contact person for invoicing. All too often, the problem is that a single employee is unavailable for some reason and that the rest of the business have no idea that the domain needs to be renewed.
2) Keep the contact details valid and up-to-date. This should be a no-brainer but a surprisingly large amount of businesses have domains registered to single employees, or with invalid contact emails.
3) Don't wait until the domains expire; renew the domains for at least one additional year. It will give you a whole year to fix stuff if you forget a reminder. EDIT: Or if the registrar screws up like in this case.
4) Automatic renewals is your friend. It's a last line of defense if all else fails.
5) Make sure you have a process for handling all of the above, even if you're a one-man business. Domain names are often critical for the business, and it's ridiculous to let the entire business rely upon a reminder sent 90 days before expiry.
As sad as it may seem, you need to take other people's incompetence into account when you're dealing with business-critical things like domain names.
It was a registrar screw up, but my main take away is: avoid .io like plague.
See also: https://hackernoon.com/stop-using-io-domain-names-for-produc...
How else am I supposed to automatically add a layer of cool to my startup
And if you're a company you already have to publish a contact for legal matters anyway.
The only situation where an imprint doesn't already exist are scammers and personal sites, and personal sites don't need an imprint (if you make money with ads, it's not personal).
Personally I have my main stuff all on .de, my short domains on .eu, and then for certain projects purpose-specific domains on .info
I was going to Virginia anyway, so I physically showed up at Verisign (I wanted to bring a baseball bat), and explained it to the lady at the front desk. She came back with an engineer who fixed it in 5 minutes.
As a side note, had to do something similar with Garmin. They kept sending me GPS units with horizontal LCD polarization, when vertical is the standard for sun glasses. Showed up and told the clerk to put on my sunglasses and turn her head sideways to her LCD monitor. "Oh yeah, I see". She fetched an engineer, and 1 week later had a GPS with correct polarization.
Sometimes it takes a physical presence; baseball bat optional.
> so I physically showed up at Verisign (I wanted to bring a baseball bat)
Did you think to write a simple postal letter to them (say a VP or the CEO) rather than get angry enough to show up with a bat? Or send Fedex? Sure you shouldn't have to do that but from a practical angle it may have paid to do that.
So you'd buy one or turn it on after uncrating it in a foreign country, and it'd literally spend ten or fifteen minutes calibrating, figuring out what the time is, what satellites are on what frequencies and which are above the horizon before it could at last discern your position. This was amazing if you genuinely didn't know where you were e.g. "Hmm, a desert". But you'd never have used one to go shopping - it took far too long.
Today your phone has a GPS with lots of radios (so it can listen to every satellite at the same time) it always knows the rough time,and it uses the Internet to get public shared data rather than wait to receive it slowly from GPS.
The UK government's view of the Chagossians at the time they gave the island to the USA for a military base was apalling:
“Unfortunately along with the birds go some few Tarzans or Man Fridays whose origins are obscure and who are hopefully being wished on to Mauritius.”
Build a business on a domain -> the name increase by XX% -> you’re screwed and must pay.
.sexy is about 60-100$ per year. If you've build a business on it, paying double the amount should not hurt.
For me the most important thing about this new gTLDs is more about reputation of the gTLD registry. What if these go out of service? I'm pretty sure that there exist a protocol for that case, but I'm also sure that domains in a less popular new gTLD space might get far less protection from ICANN than any non-sponsored gTLD.
I feel the issue is the lack of transparency and control. Who is to say some registrar won't start charging people per visit or % revenue in the future?
Stick with tried and true domains - ideally .com, but your country's ccTLD is another good choice.
.io as used in this example was a ccTLD, and this issue was directly caused by its mismanagement.
"Unlike common domain names [gTLDs] like .com or .nets. .IO's are managed by a specific organization, that manages only .IO domain names..."
.IO of course being the ccTLD for the British Indian Ocean Territory, run by these chaps: http://www.icb.co.uk/
At any rate, it's worth bearing in mind that ccTLDs are not administered the same way as a gTLD, and weird issues like this that are a pain to resolve can happen.
It tells me that the person running the business isn't very good at estimating the business risk of the technology they're using. That's when I start hoping I'm not a customer of theirs and invariably find out that I'm not. Phew.
In this particular case as soon as it's clear the domain hasn't renewed despite being billed then manually renew it using the usual user interface, pay the extra $10 and then contact support after to get one of the charges refunded now the time-sensitivity is gone.
The stress alone isn't worth being out of pocket $10 let alone only for a week or two.
I probably wouldn't stick around as a customer, not because they got screwed here but because they stood there with their hands on their head and watched the train wreck. That's the difference between amateurs and pros (and the pros learned this the hard way)
The most common reasons:
Bad contact email
Auto renew off
The more obscure:
Bought domain through a reseller who is now out of business (more common than you think)
"Branded" contact email which post expiration, no longer works.
Disgruntled "losing" webmaster who registered domain under his/her account and is now holding it hostage.
Not only do you have to worry about them making a technical mistake there is also the risk of a phishing attack.
A while back I did a bit of research about what was the most reliable registrar and the only one that i could find was Markmonitor. Most of the big sites (google.com facebook.com etc) use them. They offer lots of cool features that i had never heard of like registrar level locking and custom 'protocols' (like a phonecall from X no. of authorised people) to validate a change. Plus some others that seemed less interesting (to me) such as the brand protection.
They do of course charge a pretty penny. From memory there was a minimum cost of $30k per year which allowed you pretty much as many domains as you might want and the promise of being able to get ahold of a human if something goes wrong.
Complicated to apply to a website, but it gives some thoughts.
And yeah, you need to have a lot of faith to use .io or other new TLDs which are serviced by new companies.
First of all, 5 million DNS requests sounds like very little. It probably isn't due to caching, but it's hard for me to judge what I need/whether that's enough.
Second, what happens when someone who doesn't like me decides to make 5 million DNS requests? 5 million packets sounds like something a decent connection might be able to fire out in a few seconds. If I pick their highest plan, will a person that has a grudge and a fast link capable of IP spoofing cost me $2/second (theoretically $5M/month, although I'm sure they'd show some mercy at that point)?
Ive been recommending my friends to do the entire thing through Dreamhost including a WP install.
I personally am more technical, and have my domain name from 7 years ago on godaddy. Any suggestions on where I should use? How about my incompetent friends?
I'm curios so I went to check.
They say that the "DNS PRO" offer has 5 million queries/month. Is that a lot? Do they enforce the limit? That's 7000/requests/hour (or 115/minute or 2/second). That's not PRO in my books.
i really feel bad for those guys at uptimechecker.io
Wrote it up on Medium @ https://medium.com/thisiscala/the-duct-tape-holding-the-inte...
I had one of the 20 largest .io domains for a time, until they shut us down because they received one complaint in 3 years. It took them 2 days after we resolved the matter to put the domain back online as well.
By that time I had already migrated to .org - which is run by a considerably more professional non-profit organization.
Then they would be on the phone claiming to be losing thousands of pounds for every minute the website was offline and how it needed to be resolved right now or they would be sending in their lawyers.
If your business resolves around having a functional website, make sure you have a solid domain renewal plan in place and are hosting with a trustworthy registrar.
Did your e-mails look like spam by any chance? e.g. contain images, look like newsletters, contain tracking pixels, etc. -- most such e-mails get auto-deleted on my end.
They should have done this 90 days ago.
Create and implement a business policy to have IT come up with a procedure to check this quarterly. There's no really any excuse for a tech company to have this happen.
For personal, hobby, one-off marketing domains; sure go cheap.
But for something you earn money from? Go with highy recommended providers. Registrars with a secure administration, good track record of customer service, high reliability, etc.
Also spread the risk around. Don't have domain, DNS, and services with one provider. E.g. register domain with Gandhi, Hover etc, use DNS from Cloudflare, Route56, etc, and host with GCP, Heroku etc (for example).
And use several providers if you have multiple domains in case one implodes. That way not all of your domains disappears overnight.
And as many have mentioned already on this topic: Have well documented, well practised renewal processes, and renew for multiple years if possible.
I'd add only on refinement: if possible, use domains with different top-level (national) authorities.
Sadly, this kind of operational wisdom is rapidly being lost by the emphasis on hiring "DevOps" engineers, with most of the emphasis on the "Dev" part, since they're often just coders against cloud APIs, with much less value placed on traditional sysadmin (or what ended up being called operations engineering during and after the dot-com boom) experience.
Now, of course, that makes sense not to hire a full-time 100% sysadmin if what you (think you) need is a 5% (or less) sysadmin. Also, most startups, and probably even larger businesses, are going to be easily lulled into complacency by the uptime records of the larger vendors (or really just AWS), when following the best practices for technical reliability. "Infrastructure as code" is supposed to alleviate the human/administrative risk, and I'm actually convinced that it does to a very large degree (just at a huge cost in markup/profit for Amazon for that infrastructure).
Just use a respected and well known registrar such as Amazon Route 53 domains. This could have all been avoided. I know the blame "should" fall on domain.com, but ultimately startups are responsible for their service.
It's a incomprehensible mishmash of tld's implementing different methods of registering, renewing, restoring, domains. Some require ID verification before registrations, some have a quarantine of 1 week, other of 4 weeks, some no quarantine. Some domains need to be renewed before expiry, some can still be used 2 weeks after expiry, some domains allow transfers and trades, others don't or do under strict circumstances. Some require transfer codes, others don't. Some transfer codes are valid for 1 week, some are valid for longer.
There is no decent standarization on the technical level when it comes to managing domain registrations. There is the EPP protocol but almost none of the registries implement a standardized way of registering domains each implementing a mess of extensions to suit their bureaucratic needs.
ICANN introducing over 1.2k new gTLD's some time ago also didn't help along with the introcution of domains containing non standard latin characters and the puny-code implementation there (eg: café.com is actually listed as xn--caf-dma.com)
I'm not trying to defend domain.com who obviously failed to deliver on the basics of decent support, but things like this (issues between domain vendor and registry) happen more than most of us like to admit.
I’ve heard good things about google domains in the past and the price seemed right (never had a problem with domain.com, but they charge separately for domain privacy) and now I’m stuck in Vonnegut-like situation. They locked my account because apparently the record that was transferred in doesn’t exactly match my uploaded govt ID. I can’t/won’t change my legal name, and the account is locked so I can’t fix the record. The phone support was sympathetic but said I had to go through email, which I’m pretty sure is an AI. This has been going on for a month now, and I’m pretty sure I’m never going to get this resolved.
I haven’t seen any discussion or experiences people have with AWS route 53. Is that a valid option? Seems reasonable and has privacy included.
You can setup fail over DNS servers, just list different DNS servers, possibly from different companies, with your registrar.
Is the registrar a unavoidable single-point of failure? Your multiple name servers are listed with your one-and-only-one registrar, no matter what?
Problems like this are why registrars renew domains a month before they expire. The way to avoid these issues is to check to see if your domain renews on time. If your registrar fails to renew it, you have ample time to transfer it to another registrar.
I was wondering if it was possible to have a backup listing of your nameservers in some fashion?
Whois is public and has always been as required by ICANN. If you don't understand how things work then be fair and don't blame what you think is the obvious cause or reason. There are valid reasons for whois being public and all registrars have this in their agreement and it is widely known.
DNS and domain propagation are slow turning ships. If a problem occurs, you sometimes need days to straighten out the problems.
> I tried to set nameservers to correct values, but Control panel returned error: uptimechekcer.io is not managed here!
They misspelled their own domain in this article. It seems their problem is a lack of attention to detail.
The complaint about charging for domain registration is nonsense. Domain registrations are non-refundable. If a registrar ever registered domains for customers before payment, they’d quickly find themselves out of business. Payment is always up front across the industry.
I work at a smaller registrar and we usually close (resolve) tickets within minutes and as a policy under the hour. We depend on word of mouth and contacts for sale, so we kind of have the opposite incentive model. I may be biased but I recommend avoiding the race to the bottom registrars for business critical domains.
0. Register alternative domains in advance with a different registrar.
1. Setup mailing list for all registered users and be prepared to blast them with a new domain.
2. Make mobile apps check both the main and the alternative domains.
3. Make the mobile app notify the user of a new domain name requirement via push notification and the like.
4. Setup the phone system so that it can read the new domain before connecting support.
5. Setup support on a different domain (e.g. zen desk). If zendesk goes down users will know to call us, if the main site goes down they may remember to check zendesk.
"“Sunkenness” refers to the fact that intangible assets tend to have little or no market value, unlike, say, land or a factory.
They have value as part of their owner’s business, but not to anybody else.
This means that investment in intangible assets is risky."
In the UK, I wouldn't touch 123Reg with a stick because I know their support is terrible. I would however use Gandi or AWS as I know their support is decent.
Times are mature for the equivalent of Letsencrypt for registering domains, something like Letsregistrar.
We need to have this inefficient industry wiped away since it's really too much manual and too much in the way.
If somebody wants to found a noprofit to create a free registrar, I'm 100% in.
I had a similar experience with an Austrian registrar a few years ago. Must be a regional thing, since Austria is Germany's Canada.
United Domains rely on manual things very for a large part of domain related service processes which are "uncommon" for a private or small domain owner.
> If somebody wants to found a noprofit to create a free registrar, I'm 100% in.
For the German market I remember the good old times with InternetX before they were bought by United Internet. Had some good talks with their tech support back then.
A "free" registrar is maybe not the right solution. The key is "care" for your domain. Take your example of "letsencrypt". They exist because they automate everything. They don't "care" if your certificate causes troubles, they'd just fix their API. With domain registrars the story is different: You need a good support to prevent fraud, you need a good contact to registries if something goes wrong. Key learning here is: In 99% of the cases with domains, everything is fine. But if you find yourself in the 1% where trouble occurs, you need immediate support of competent people. Not sure if this is a case for a "community" or "free" registrar. More a business case for MarkMonitor without the Brand Protection: Simply a domain registrar who cares.
Took about a week for Lunarpages to straighten out.
(BTW, the spam calls started immediately after Lunarpages fixed the problem. It's a great thing that the EU finally twisted ICANN's arm over this issue.)
And looking at domain.com just now, they don't seem to offer .io domains, so I wonder how he even got the domain there?
Their support team is from India, and they took a week to solve the issue.
I am looking for good domain service provider to transfer all of my domains 30+
Any recommendations? We use Digitalocean as the hosting service provider
The support? The first guy that tends to you will always be the most stupidest one. You almost always had to insist to get/ be forwarded to a senior level support with actual brain.
tl;dr Stay 100 miles away from domain.com .
By the way it wasn't me that chose domain.com . I would never buy from any website that looks like this.
still, some blame falls in their shoulders, cutting it so close.
anyway: use mark monitor. don’t know if they do .io though.
> I knew our domain should be renewed about these dates, and we were already billed for this renewal.
(We also use Dynadot [good], Hexonet [good], Uniregistry [... okay].)
While Google's registrar seems ok right now, Google's support is nonexistent when things go wrong. Literally every bit of their support is outsourced to 3rd-party companies that provide no path of escalation.
Even the really bad registrars (and there are a ton) usually have some direct support (or resell off enom, which will extort your money for the privilege of bailing you out).
If you have a domain registrar with a good support, account the premium you pay as such: a premium for an insurance when things go bad.
Is this a common problem in .io?
> Who uses [any technology/infrastructure choice] on production?!
A lot of people. That's always the answer.