I recall a time when a company I had association with lost their main domains due to a failed renewal. In this case it was a long-term employee who left the company that had loads of company bills going to his card. He cancelled the card sometime after he left and the domains were not renewed. I’m not sure where the renewal failure emails were going but probably some unmonitored admin email box.
These were very important domains. Without them, this $1 billion+ company immediately lost all of its ability to generate revenue. It was quite shocking.
The problem was discovered when users started getting the registrar’s landing pages rather than the company website pages. It was fixed relatively quickly once identified but do to DNS propagation took about 48 hours for complete resolution. During the window unrecoverable revenue well into the hundreds of thousands was lost.
It seems to me that a domain renewal is always a risk, even with a highly reliable registrar. A good defense is to limit the renewals for important domains by registering them for as long as possible (10 years). Even then you have a weak spot because your credit card will be expired by then so you should back that up with a calendar reminder a few months prior to renewal to make sure everything is set.
> A good defense is to limit the renewals for important domains by registering them for as long as possible (10 years)
This is an interesting take. I prefer the opposite approach: choose the shortest possible registration window (1 year), and have a very clearly defined, properly-documented renewal process that multiple people at the company understand. It's unlikely that all of those people leave the company in a 1-year window, so the knowledge gets passed on reliably.
If a renewal happens only once every 10 years, then it seems very likely that the person responsible for it has moved on, knowledge around the process is lost, and at best the documentation is very out-of-date (but more likely it's missing).
My process is to have a shared calendar for these high-risk renewals. Top company officers should be on this calendar (CEO, CTO, and some engineering VPs). The calendar contains recurring events for domain and SSL cert renewals. These calendar events are set up for about 1-month before the actual renewal, and fire reminder emails at several intervals beforehand (in case people are away or on PTO).
Probably late to this party but at my employer we have a contract with MarkMonitor under which domains are auto-renewed and then we are invoiced for the cost.
The advantage of this is that domain renewals are not broken by payment problems. Payment problems produce a failure state of "domain got renewed, the vendor is harassing us about an invoice"--which is much preferred to "domain did NOT get renewed, our site is down until we update our credit card." It also helps mitigate the "crucial employee departed" problem, since MarkMonitor won't just give up on an unpaid invoice... they will escalate if they don't get paid.
Of course as a matter of practice we always have multiple people with access to the dashboard, but if all those people got kidnapped at once, the domains would still renew.
I recognize that MarkMonitor is more expensive than Namecheap or GoDaddy or whoever, but I also bet that a lot of successful companies that are super reliant on their domains have never called for pricing. I don't work for a mega-corp; we're a nonprofit. And who knows, maybe other registrars may be willing to offer a similar payment structure.
(I'm not affiliated with MM in any way--just a happy customer.)
Personally, I'd rather have a corporate domain be renewed once per year and have a defined process for it (e.g. literally have a binder somewhere listing all the details, and put reviewing it on a checklist of other yearly legal and financial tasks) than have it be forgotten about for 10 years at a time.
>> registering them for as long as possible
To clarify, you can register them for 100 years, not 10 years. Network Solutions offers the 100 year renewal.
While 100 years or even 10 isn't for everyone, I do still agree: register them for as long as feasible.
This is why -generally- there is a period after the domain expires in which it is locked and cannot be purchased by anyone other than the previous owner. Just in case someone tries to squat. There are a few registrars that do this. I've seen it (squatting) happen more to small businesses, because even if their site it showing the landing page they might not notice it until a month later and by then it has been released and squatted. Bigger companies with lots of traffic would usually get a notice from a customer or internal employee that the site is down. This is my experience at least.
The timing of this is an amazing coincidence — I recently “lost” my domain in the same way. I bought it originally on Namecheap but have since transferred all my domains into a singular Google Domains account. My main domain, where I have my personal site and all my important emails, disappeared without notice on Wednesday the 9th last week. No expiration notice sent, no information as to what had happened.
I contacted Google as soon as I noticed and hey have been alright to deal with. Fortunately I am a Gsuite customer. I had to pay a fee to renew and another fee to restore, which was over $100. It’s been in “restoration” mode, ie offline, for days now and I am unable to even touch the DNS records until it’s back. I’ve already lost a week of uptime with zero recourse. FWIW I use a .co domain, and my site was throwing (for 24hrs or so) a splash page saying the domain was suspended.
Eagerly awaiting for it to come back but I’m totally in the dark as to timing.
That's a horrible situation, and one I'd encourage everyone to try to avoid - register production critical domains with a company that provides live phone support and stick with tried and true TLDs.
Yeah, it may cost more, but this story just illustrates that you're staking your entire company on a $15/yr service, and you get what you pay for.
Even if you want to run your marketing/landing page/etc off a .io or other fancy tld, run your production stuff off a .com or country-level equivalent so your customers aren't left in the lurch if something like this happens.
I had some fun with NameCheap and the xyz tlds.
Turns out, CentralNic (who actually runs the zones) was not doing proper validation on the glue records, and not removing old ones. NameCheap was sending CentralNic cached records, and managed to foobar my domain glues.
I bypassed NameCheap, because I knew they weren't the ones actually maintaining the records (registrars are just middle-men.) Using the DNS contact in the SOA, I got a response within 12 hours, and it was fully resolved within 24 hours (minus propagation.)
CentralNic contacted NameCheap, as did I, and they got their system fixed within the week.
Never heard of domain.com. If anyone wants a recommendation I use namecheap and have never had a problem. They are supporters of the EFF and Net Neutrality.
Edit: If you are going to downvote, state why. Namecheap is a good service for a good price and supports Internet freedom. When even GoDaddy was supporting SOPA Namecheap took a stand against SOPA.
My registrar suspended my domain because an abusive user was using a subdomain for phishing. They told me they can't inform me first of abuse so I can deal with it; they'll suspend the domain immediately.
Who's a good registrar that will contact me first if they get an abuse report?
I work for a domain registrar, albeit not the one mentioned in the article.
Obviously, we see a lot of expired domains on a daily basis, mainly because customer's forget to renew despite us reminding them repeatedly during the three months before the domains expire.
General advice:
1) Make sure there is more than one single contact person for invoicing. All too often, the problem is that a single employee is unavailable for some reason and that the rest of the business have no idea that the domain needs to be renewed.
2) Keep the contact details valid and up-to-date. This should be a no-brainer but a surprisingly large amount of businesses have domains registered to single employees, or with invalid contact emails.
3) Don't wait until the domains expire; renew the domains for at least one additional year. It will give you a whole year to fix stuff if you forget a reminder. EDIT: Or if the registrar screws up like in this case.
4) Automatic renewals is your friend. It's a last line of defense if all else fails.
5) Make sure you have a process for handling all of the above, even if you're a one-man business. Domain names are often critical for the business, and it's ridiculous to let the entire business rely upon a reminder sent 90 days before expiry.
Don't use *.io anyway. The domains are being sold under a very morally dubious arrangement, given the UK kicked all the people off the island of Chagos and gave the domain registration to a private entity.
Something that scares me regarding domain names is their variable cost. I purchased a .sexy domain for a joke website and its price got raised by +70% less than one year after that, making the joke a lot less appealing. There’s no guarantee that when you purchase a domain name it reasonably stays around that price for years.
Build a business on a domain -> the name increase by XX% -> you’re screwed and must pay.
.sexy is about 60-100$ per year. If you've build a business on it, paying double the amount should not hurt.
For me the most important thing about this new gTLDs is more about reputation of the gTLD registry. What if these go out of service? I'm pretty sure that there exist a protocol for that case, but I'm also sure that domains in a less popular new gTLD space might get far less protection from ICANN than any non-sponsored gTLD.
Do not rely on other people to resolve time-sensitive issues when you can easily avoid it.
In this particular case as soon as it's clear the domain hasn't renewed despite being billed then manually renew it using the usual user interface, pay the extra $10 and then contact support after to get one of the charges refunded now the time-sensitivity is gone.
The stress alone isn't worth being out of pocket $10 let alone only for a week or two.
This is one of the potential drawbacks of using ccTLDs like .io - individual nations are afforded much more control in the administration and dispute resolution process than gTLDs. Unfortunately some are run more poorly than others, which is why in this case the support agent states:
"Unlike common domain names [gTLDs] like .com or .nets. .IO's are managed by a specific organization, that manages only .IO domain names..."
.IO of course being the ccTLD for the British Indian Ocean Territory, run by these chaps: http://www.icb.co.uk/
At any rate, it's worth bearing in mind that ccTLDs are not administered the same way as a gTLD, and weird issues like this that are a pain to resolve can happen.
I create websites for small businesses. I've seen almost every conceivable domain renewal failure in my 20 years of experience. No matter how many times we remind clients to get this aspect of their business documented we still have sites go down every year. We charge a fee to "manage" domains for those who opt-in, solely for this reason (and it's worth it).
The most common reasons:
Bad contact email
Auto renew off
Expired CC
Lost password
The more obscure:
Bought domain through a reseller who is now out of business (more common than you think)
"Branded" contact email which post expiration, no longer works.
Disgruntled "losing" webmaster who registered domain under his/her account and is now holding it hostage.
I recommend using easydns.com as the registrar and DNS service. Their email helpdesk is fast: <30 minutes. They answer the phone immediately and they are knowledgeable. Phone support is during business hours, but the more expensive packages have 24hour support.
And yeah, you need to have a lot of faith to use .io or other new TLDs which are serviced by new companies.
I generally avoid metered services where cheap unmetered alternatives are available.
First of all, 5 million DNS requests sounds like very little. It probably isn't due to caching, but it's hard for me to judge what I need/whether that's enough.
Second, what happens when someone who doesn't like me decides to make 5 million DNS requests? 5 million packets sounds like something a decent connection might be able to fire out in a few seconds. If I pick their highest plan, will a person that has a grudge and a fast link capable of IP spoofing cost me $2/second (theoretically $5M/month, although I'm sure they'd show some mercy at that point)?
Okay, anyone want to confirm or add other DNS registrars to the "One of the good ones" list?
Ive been recommending my friends to do the entire thing through Dreamhost including a WP install.
I personally am more technical, and have my domain name from 7 years ago on godaddy. Any suggestions on where I should use? How about my incompetent friends?
They say that the "DNS PRO" offer has 5 million queries/month. Is that a lot? Do they enforce the limit? That's 7000/requests/hour (or 115/minute or 2/second). That's not PRO in my books.
We spend lot of time thinking about making our services resilient against failure at the infrastructure level yet the domain registrar is often overlooked.
Not only do you have to worry about them making a technical mistake there is also the risk of a phishing attack.
A while back I did a bit of research about what was the most reliable registrar and the only one that i could find was Markmonitor. Most of the big sites (google.com facebook.com etc) use them. They offer lots of cool features that i had never heard of like registrar level locking and custom 'protocols' (like a phonecall from X no. of authorised people) to validate a change. Plus some others that seemed less interesting (to me) such as the brand protection.
They do of course charge a pretty penny. From memory there was a minimum cost of $30k per year which allowed you pretty much as many domains as you might want and the promise of being able to get ahold of a human if something goes wrong.
Yes well. Don't use .io domains for anything serious.
I had one of the 20 largest .io domains for a time, until they shut us down because they received one complaint in 3 years. It took them 2 days after we resolved the matter to put the domain back online as well.
By that time I had already migrated to .org - which is run by a considerably more professional non-profit organization.
I had a related issue where a previous registrar — who we had moved away from months before — managed to accidentally "claw back" and disable our domain due to a misconfigured billing script. The fragility of the whole ecosystem is pretty scary.
[+] [-] davidgh|7 years ago|reply
These were very important domains. Without them, this $1 billion+ company immediately lost all of its ability to generate revenue. It was quite shocking.
The problem was discovered when users started getting the registrar’s landing pages rather than the company website pages. It was fixed relatively quickly once identified but do to DNS propagation took about 48 hours for complete resolution. During the window unrecoverable revenue well into the hundreds of thousands was lost.
It seems to me that a domain renewal is always a risk, even with a highly reliable registrar. A good defense is to limit the renewals for important domains by registering them for as long as possible (10 years). Even then you have a weak spot because your credit card will be expired by then so you should back that up with a calendar reminder a few months prior to renewal to make sure everything is set.
[+] [-] cialowicz|7 years ago|reply
This is an interesting take. I prefer the opposite approach: choose the shortest possible registration window (1 year), and have a very clearly defined, properly-documented renewal process that multiple people at the company understand. It's unlikely that all of those people leave the company in a 1-year window, so the knowledge gets passed on reliably.
If a renewal happens only once every 10 years, then it seems very likely that the person responsible for it has moved on, knowledge around the process is lost, and at best the documentation is very out-of-date (but more likely it's missing).
My process is to have a shared calendar for these high-risk renewals. Top company officers should be on this calendar (CEO, CTO, and some engineering VPs). The calendar contains recurring events for domain and SSL cert renewals. These calendar events are set up for about 1-month before the actual renewal, and fire reminder emails at several intervals beforehand (in case people are away or on PTO).
[+] [-] snowwrestler|7 years ago|reply
The advantage of this is that domain renewals are not broken by payment problems. Payment problems produce a failure state of "domain got renewed, the vendor is harassing us about an invoice"--which is much preferred to "domain did NOT get renewed, our site is down until we update our credit card." It also helps mitigate the "crucial employee departed" problem, since MarkMonitor won't just give up on an unpaid invoice... they will escalate if they don't get paid.
Of course as a matter of practice we always have multiple people with access to the dashboard, but if all those people got kidnapped at once, the domains would still renew.
I recognize that MarkMonitor is more expensive than Namecheap or GoDaddy or whoever, but I also bet that a lot of successful companies that are super reliant on their domains have never called for pricing. I don't work for a mega-corp; we're a nonprofit. And who knows, maybe other registrars may be willing to offer a similar payment structure.
(I'm not affiliated with MM in any way--just a happy customer.)
[+] [-] crooked-v|7 years ago|reply
[+] [-] bhartzer|7 years ago|reply
While 100 years or even 10 isn't for everyone, I do still agree: register them for as long as feasible.
[+] [-] partiallypro|7 years ago|reply
[+] [-] flurdy|7 years ago|reply
[+] [-] paulsutter|7 years ago|reply
Funny thing about domain renewal is that it’s so inexpensive that it can fall through the cracks and not get on the calendar.
Could be useful to think of all the little deadlines that cause risk and use a single process.
[+] [-] jamespo|7 years ago|reply
[+] [-] dumbfounder|7 years ago|reply
[+] [-] matte_black|7 years ago|reply
[+] [-] hbosch|7 years ago|reply
I contacted Google as soon as I noticed and hey have been alright to deal with. Fortunately I am a Gsuite customer. I had to pay a fee to renew and another fee to restore, which was over $100. It’s been in “restoration” mode, ie offline, for days now and I am unable to even touch the DNS records until it’s back. I’ve already lost a week of uptime with zero recourse. FWIW I use a .co domain, and my site was throwing (for 24hrs or so) a splash page saying the domain was suspended.
Eagerly awaiting for it to come back but I’m totally in the dark as to timing.
[+] [-] creeble|7 years ago|reply
I just transferred some .com domains to Google from Name.com, I hope these expiry problems are limited to non- .com TLDs...
[+] [-] Sembiance|7 years ago|reply
[+] [-] mehrdadn|7 years ago|reply
[+] [-] djrogers|7 years ago|reply
Yeah, it may cost more, but this story just illustrates that you're staking your entire company on a $15/yr service, and you get what you pay for.
Even if you want to run your marketing/landing page/etc off a .io or other fancy tld, run your production stuff off a .com or country-level equivalent so your customers aren't left in the lurch if something like this happens.
- edit - punctuation
[+] [-] cremp|7 years ago|reply
I bypassed NameCheap, because I knew they weren't the ones actually maintaining the records (registrars are just middle-men.) Using the DNS contact in the SOA, I got a response within 12 hours, and it was fully resolved within 24 hours (minus propagation.)
CentralNic contacted NameCheap, as did I, and they got their system fixed within the week.
--Edit--
CentralNic, not Nic. The roots were to nic.xyz.
[+] [-] csdreamer7|7 years ago|reply
Edit: If you are going to downvote, state why. Namecheap is a good service for a good price and supports Internet freedom. When even GoDaddy was supporting SOPA Namecheap took a stand against SOPA.
[+] [-] trevordixon|7 years ago|reply
Who's a good registrar that will contact me first if they get an abuse report?
[+] [-] ahje|7 years ago|reply
Obviously, we see a lot of expired domains on a daily basis, mainly because customer's forget to renew despite us reminding them repeatedly during the three months before the domains expire.
General advice: 1) Make sure there is more than one single contact person for invoicing. All too often, the problem is that a single employee is unavailable for some reason and that the rest of the business have no idea that the domain needs to be renewed.
2) Keep the contact details valid and up-to-date. This should be a no-brainer but a surprisingly large amount of businesses have domains registered to single employees, or with invalid contact emails.
3) Don't wait until the domains expire; renew the domains for at least one additional year. It will give you a whole year to fix stuff if you forget a reminder. EDIT: Or if the registrar screws up like in this case.
4) Automatic renewals is your friend. It's a last line of defense if all else fails.
5) Make sure you have a process for handling all of the above, even if you're a one-man business. Domain names are often critical for the business, and it's ridiculous to let the entire business rely upon a reminder sent 90 days before expiry.
[+] [-] OrganicMSG|7 years ago|reply
https://gigaom.com/2014/06/30/the-dark-side-of-io-how-the-u-...
The UK government's view of the Chagossians at the time they gave the island to the USA for a military base was apalling:
“Unfortunately along with the birds go some few Tarzans or Man Fridays whose origins are obscure and who are hopefully being wished on to Mauritius.”
[+] [-] alexandernst|7 years ago|reply
[+] [-] justherefortart|7 years ago|reply
[+] [-] hk__2|7 years ago|reply
Build a business on a domain -> the name increase by XX% -> you’re screwed and must pay.
[+] [-] sebst|7 years ago|reply
.sexy is about 60-100$ per year. If you've build a business on it, paying double the amount should not hurt.
For me the most important thing about this new gTLDs is more about reputation of the gTLD registry. What if these go out of service? I'm pretty sure that there exist a protocol for that case, but I'm also sure that domains in a less popular new gTLD space might get far less protection from ICANN than any non-sponsored gTLD.
[+] [-] Kelbit|7 years ago|reply
Stick with tried and true domains - ideally .com, but your country's ccTLD is another good choice.
[+] [-] damieng|7 years ago|reply
In this particular case as soon as it's clear the domain hasn't renewed despite being billed then manually renew it using the usual user interface, pay the extra $10 and then contact support after to get one of the charges refunded now the time-sensitivity is gone.
The stress alone isn't worth being out of pocket $10 let alone only for a week or two.
[+] [-] teraflop|7 years ago|reply
[+] [-] giobox|7 years ago|reply
"Unlike common domain names [gTLDs] like .com or .nets. .IO's are managed by a specific organization, that manages only .IO domain names..."
.IO of course being the ccTLD for the British Indian Ocean Territory, run by these chaps: http://www.icb.co.uk/
At any rate, it's worth bearing in mind that ccTLDs are not administered the same way as a gTLD, and weird issues like this that are a pain to resolve can happen.
[+] [-] josefresco|7 years ago|reply
The most common reasons:
Bad contact email
Auto renew off
Expired CC
Lost password
The more obscure:
Bought domain through a reseller who is now out of business (more common than you think)
"Branded" contact email which post expiration, no longer works.
Disgruntled "losing" webmaster who registered domain under his/her account and is now holding it hostage.
[+] [-] iampims|7 years ago|reply
[+] [-] astrodust|7 years ago|reply
[+] [-] mhkool|7 years ago|reply
And yeah, you need to have a lot of faith to use .io or other new TLDs which are serviced by new companies.
[+] [-] tgsovlerkhgsel|7 years ago|reply
First of all, 5 million DNS requests sounds like very little. It probably isn't due to caching, but it's hard for me to judge what I need/whether that's enough.
Second, what happens when someone who doesn't like me decides to make 5 million DNS requests? 5 million packets sounds like something a decent connection might be able to fire out in a few seconds. If I pick their highest plan, will a person that has a grudge and a fast link capable of IP spoofing cost me $2/second (theoretically $5M/month, although I'm sure they'd show some mercy at that point)?
[+] [-] mkirklions|7 years ago|reply
Ive been recommending my friends to do the entire thing through Dreamhost including a WP install.
I personally am more technical, and have my domain name from 7 years ago on godaddy. Any suggestions on where I should use? How about my incompetent friends?
[+] [-] smallbigfish|7 years ago|reply
I'm curios so I went to check.
They say that the "DNS PRO" offer has 5 million queries/month. Is that a lot? Do they enforce the limit? That's 7000/requests/hour (or 115/minute or 2/second). That's not PRO in my books.
[+] [-] Ensorceled|7 years ago|reply
[+] [-] SaltySolomon|7 years ago|reply
[+] [-] bluedonuts|7 years ago|reply
Not only do you have to worry about them making a technical mistake there is also the risk of a phishing attack.
A while back I did a bit of research about what was the most reliable registrar and the only one that i could find was Markmonitor. Most of the big sites (google.com facebook.com etc) use them. They offer lots of cool features that i had never heard of like registrar level locking and custom 'protocols' (like a phonecall from X no. of authorised people) to validate a change. Plus some others that seemed less interesting (to me) such as the brand protection.
They do of course charge a pretty penny. From memory there was a minimum cost of $30k per year which allowed you pretty much as many domains as you might want and the promise of being able to get ahold of a human if something goes wrong.
[+] [-] jereze|7 years ago|reply
Complicated to apply to a website, but it gives some thoughts.
[+] [-] chmod775|7 years ago|reply
I had one of the 20 largest .io domains for a time, until they shut us down because they received one complaint in 3 years. It took them 2 days after we resolved the matter to put the domain back online as well.
By that time I had already migrated to .org - which is run by a considerably more professional non-profit organization.
[+] [-] pascalxus|7 years ago|reply
i really feel bad for those guys at uptimechecker.io
[+] [-] dylanpyle|7 years ago|reply
Wrote it up on Medium @ https://medium.com/thisiscala/the-duct-tape-holding-the-inte...