this is some serious amateur-hour stuff on the part of the registrar. another example of why not to use random ccTLD top level domains. nobody remember when the .ly registry randomly canceled things they didn't like? when .cx canceled things they found objectionable?
At least if you use .ca, .de, .us or .com/.net (or similar) you can have reasonable confidence that the root zone won't fail entirely.
If something goes catastrophically wrong and kills your business that is run by a .CA domain, CIRA knows that businesses in Canada have access to legal recourses... Do you have the same with a .ly domain?
This case appears to be the registrar's fault, not the top level domain's fault.
Unless 1and1 uses a "sub" registrar for .sm domains (which is actually quite likely) then I would say the moral of the story here is to not use shitty 1$ domain registrars who if I remember correctly have very bad support reviews.
In my opinion and based on past experience, all resellers of small-weird-country ccTLDs are equally shitty and have equally terrible customer service. Margins are very thin. At least if I buy a "new" TLD from a company that resells one of Donuts LLC's huge number of new generic TLDs, I can have some confidence that Donuts actually runs a 24 hour operation.
The ICANN vetting process and procedures to set up a new gTLD (let's use .network as an example) are much more thorough than the traditional two letter ccTLD. There are ccTLDs run by countries that edit the zonefiles by hand and don't even have a WHOIS server online.
for example using the current issue, nic.sm doesn't even run https on their webserver.
Or if I buy a .com from namecheap I can set up 2FA at my registrar, point it at my own authoritative nameservers, and trust that it won't fail.
Namecheap has and does fail, there was a time where I waited 2 weeks for them to fix a bug that got rid of my glue records and I was just getting "We're looking into it." Eventually I just transferred to Google Domains and have been flying happily since. At least in my case it was just a personal domain ...
Suspending all of a registrar's domains when they're behind on fees is also super weird, though. A more typical approach would be to just stop letting them perform new billable actions.
Suspending all of a registrar's domains when they're behind on fees is exactly the sort of thing that I expect ignorant bureaucrats at a small country ccTLD registry to do. It's probably run by some person in San Marino who has never seen the CLI of a router in their life. A number of small ccTLD are run by their host country's "ministry of communications" or local equivalent.
I struggle to see why this is problematic, to be honest. They (the registrar, not puri.sm) didn't pay their bills, so they get turned off. The story doesn't relay to what extent the registrar received reasonable and timely warnings about this, although with a bit of guesswork, it doesn't feel absurd that perhaps they simply failed to act on such warnings, like, at all.
If a SaaS doesn't pay their AWS bills, they get turned off, it's not on AWS to keep the SaaS' customers running, and if AWS doesn't pay their electricity bill - - etc.
The registrar is merely the path to edit registry records; most of the ICANN agreements and registry-registrar agreements are structured to minimize exposure of registrants to bad/failed/incompetent/evil registrars.
There are some registries which don't have registrars, and in that case "suspend the registrant's domain name until paid" would be a reasonable expectation, but it's definitely the expectation of most registrants that their registrar isn't providing availability-critical service, merely facilitating updates. (Unless the registrar is also providing DNS hosting, which is generally a bad idea IMO.)
Part of the problem is that icann policies for legacy ccTLD network engineering and backend support systems are very lax compared to the operational and technical requirements for a new gTLD.
The surprising omission from this post is that it doesn't conclude with them migrating away from 101domains. Comically bad support and not paying registry fees. I'd have pulled domains the moment it was live again.
If you think customer service is bad for an issue like they had - just wait until you try to transfer a domain away from a shitty registrar. It risks breaking things immediately again. I'm sure they're looking at it but right now they're effectively held hostage.
Is it really so difficult/risky? If you set all dns records up in advance at the new registrar before transferring and also set the desired nameservers for the domain in advance shouldn’t that work? or am I missing something?
In any case. I was very surprised that they were using such a registrar in the first place..
Really, you should not be using your registrar's nameservers, precisely because that only makes switching registrars more complicated. Run your own or use a separate DNS hosting provider.
...and have the nice experience that your registrar removes your DNS records from their nameserver the same second you click "submit" to change them to somewhere else. Been there, done that.
(It's the main reason I won't use 1&1 [yes, the German company, NOT the 101 the OP mentioned] anymore)
Yes, it should. But this outage also should not have happened, but it did. Front-line folks tend to be understandably gunshy about making changes to critical infra.
Yea. That'd be my take away. You get what you pay for with most services. Pay for the cheapest registrar? Well... you shouldn't be surprised when you get bit in the ass.
As a startup, I understand. But after you've got a round of funding or two. Move your domain to a company with a decent reputation and support.
I've been using 101domains for .ai TLD for about a year now and never had problems. Super responsive customer support too. Sure their admin panel is pretty bad UX but overall it's been a positive experience.
Parent isn't saying that they had a bad experience, they are saying that purism should switch after their bad experience, which the blog post is about.
And this is why I use gandi.net for all my domain registrations. As their tagline says, "0 bullsh*t". Such has been my experience with them for the last ~20 or so years.
0 Bullshit, except when it isn't. They constantly kept harassing me for information because "ICANN is asking us daily." After being threatened the 7th day in a row, despite providing the same exact information every single god damned day, with the same passport and state identification .. I gave up. That's when I moved to Namecheap, had the glue record problem I mentioned in another comment, moved from them to Google Domains and have been happy since.
Another trap: Once a registrar didn't send renewal reminders and this way we lost a two-letter domain to a domain grabber. What I have learnt: Set up your own reminders to renew domains.
This doesn't surprise me, I used 101domains to register a .io domain and only had issues with them. Their support wasn't useful, and when I eventually decided to move my domain away from them it got to the point where I was concerned they'd hold it hostage, because they would not give me a transfer code. Eventually I got it escalated and moved to another registrar, and because of that experience I'll never use them as a registrar again. This story just re-enforces that.
Props to the purism guys for going so far as to work with the TLD, that's impressive.
My favorite part of the story is their sysadmins! Their names are great in this context and make it sound almost like an ancient Greek epic: "Our long-suffering and amazing sysadmins Theodotos and Stelios contacted our puri.sm registrar, 101domain.com, to find out what was going on." You can't go wrong with your two best warriors Theodotos and Stelios at hand!
Switch to the .com they just registered permanently and 301 redirect their fanciful domain hack registration to never have to deal with such an issue again?
I know this is not a very constructive comment, but I had a very stressful day, being jacked up on caffeine while also being sleep-deprived.
My brain wanted to read "OutRage" instead of Outage, and I got kind of confused, ending up thinking, "that is not that outrageous! Why do people get upset so easily?"
With that error corrected (what is it called? A "reado"?), the title makes a lot more sense. ;-)
tl;dr their registrar, 101domains.com, failed to pay their registrar fees to the .sm TLD so all .sm domains registered through them got suspended
dns outages are always a nightmare because of ttls, but bringing a registrar and a nontraditional TLD into the picture meant a much more extended outage.
I can't believe that 101domains didn't notice that nobody else's .sm domains were working either. You'd think after around a day they would have noticed some correlation in complaints. Or the .sm specialist would have.
But yeah, don't use unnecessarily cheap infra for really critical stuff. I don't get the fetish around obscure TLDs with web pages straight out of 1995.
I'm gonna wager that .sm isn't too active with the registrar, and most of the sites are of a relatively low-traffic nature.
If someone from the registrar starts checking the overall health of the TLD, or any domain they weren't directly responsible for, it may have seemed that "everything was ok" even though all their customer records were suspended...
Either you remember it or you don't. If you're going to guess it ends with ".com" you may as well save yourself the hassle and search for it using a search engine.
How did it happen that the early internet development community agreed to hand over the governance and registration of a domain name to central authorities like domain name registrars?
What is preventing us from making domain name governance and registration completely decentralized?
see also: https://news.ycombinator.com/item?id=5838670
https://news.ycombinator.com/item?id=12813065
https://www.theregister.co.uk/2017/07/10/io_hijacking_in_tra...
At least if you use .ca, .de, .us or .com/.net (or similar) you can have reasonable confidence that the root zone won't fail entirely.
If something goes catastrophically wrong and kills your business that is run by a .CA domain, CIRA knows that businesses in Canada have access to legal recourses... Do you have the same with a .ly domain?