Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

ICANN Investigates Insider Domain Name Snatching

kdawson posted more than 6 years ago | from the suspected-not-proven dept.

The Internet 152

Tech.Luver sends us word that, hot on the heels of reports that Verisign may be planning to sell DNS root server lookup data, ICANN has opened an investigation into a suspected practice by registrars it calls "domain name front running." The suspicion is that insiders at some registrars are using information from whois searches to snatch up desirable domain names before interested customers can register them. Here is ICANN's announcement of the investigation (PDF). ICANN asks that anyone who suspects they have been victimized by domain name front running to email them with details.

Sorry! There are no comments related to the filter you selected.

Some proof (5, Informative)

suso (153703) | more than 6 years ago | (#21114021)

I have proof of this happening and I'm sure others do too. We have two different customers that looked up domains to see if they were available, asked us to register them and before we could register them, they were already registered by places in China and the Carribian. Both domains where somewhat obscure and I didn't see any reason why they should have normally been bought. In both cases, the domain was released after the 5 day period that ICANN allows (which I think was a mistake on ICANN's part to have that policy). But in some cases it might not be released if it turns out to be popular. As I said about the Verisign thing, this is an invasion of privacy.

One of our customers (who allowed me to mention in this post that his domain in question was psysci.net) that had this happen said that he only used the command line whois and networksolutions.com to lookup the domain, so it might not just be small registrars involved in this scam. But that's a pretty serious accusation to bring against Network Solutions so take that with a grain of salt. THe company that tasted psysci.net had a name of Wan-Fu China, Ltd. The company that tasted the other domain had a name of (MAISON TROPICALE S.A.), which you can find a little more information about here [domainstatute.com]

Use DNS to look up domains. (2, Informative)

pikine (771084) | more than 6 years ago | (#21114437)

Have you tried:

host -t NS domain.com
instead? If it says NXDOMAIN (no such domain), the domain does not exist.

Re:Use DNS to look up domains. (3, Informative)

suso (153703) | more than 6 years ago | (#21114875)

Have you tried:

        host -t NS domain.com

instead? If it says NXDOMAIN (no such domain), the domain does not exist.


Well of course I can do that but now even that is in danger of being snooped [slashdot.org] . But I can't expect a customer to do that every time, but they deserve better treatment than to have their domain snatched before they can even buy it. I think once this whole Verisign thing gets resolved, I'll setup a domain checker on our website so that they have someplace more trustworthy to check.

Re:Use DNS to look up domains. (1)

trolltalk.com (1108067) | more than 6 years ago | (#21116845)

"I'll setup a domain checker on our website so that they have someplace more trustworthy to check."

  1. set up domain name checking website
  2. snoop on queries
  3. PROFIT!

Re:Some proof (0)

Anonymous Coward | more than 6 years ago | (#21114543)

yeah this is definitely a problem i can confirm this is happening across the board.

Dear icann please increase the domain reg cost and eliminate the free trial period.

Re:Some proof (1)

thePowerOfGrayskull (905905) | more than 6 years ago | (#21116325)

yeah this is definitely a problem i can confirm this is happening across the board.

Dear icann please increase the domain reg cost and eliminate the free trial period.
Hey, thanks for the solid evidence! Now I'm sure they'll be sure to fix this right away!

Re:Some proof (1)

fotbr (855184) | more than 6 years ago | (#21114603)

I'm not so sure that network solutions is completely innocent in all this. They're in it to make money, and if they can make money by selling records of whois requests, they'll do it. I've had similar experiences checking their whois service to see if a domain is registered, only to come back a couple of days later and find its now registered. First time I chalked it up to bad luck, second domain was too obscure to be bad luck.

I don't think network solutions is doing the snatching, I merely think they're selling the lookup information.

Re:Some proof (1)

hodet (620484) | more than 6 years ago | (#21115029)

hmmmm....I just tried checking a random domain on the networksolutions whois. ( 21laforest.com ) It's available so I'll check it a month from now to see if its snatched.

Re:Some proof (3, Funny)

Chapter80 (926879) | more than 6 years ago | (#21115169)

I just tried checking a random domain on the networksolutions whois. ( 21laforest.com ) It's available so I'll check it a month from now to see if its snatched.
ha ha! Not a very controlled experiment.
  • find an available name
  • post it on slashdot
  • check a month later to see if it's taken.
There are enough ass-tunnels out there (like me) who'd pay $8.95 just to screw up your experiment!

Re:Some proof (1)

hodet (620484) | more than 6 years ago | (#21115357)

Good point, now I will check a second secret domain to prove or disprove the "ass-tunnel" hypothesis.

Re:Some proof (2, Funny)

jamar0303 (896820) | more than 6 years ago | (#21116079)

"There are enough ass-tunnels out there (like me)"

Thank you for that brilliant word. Ass-tunnel. Now I will forever associate you with Goatse (which I think is a visual representation of such).

Re:Some proof (1)

sharkey (16670) | more than 6 years ago | (#21116883)

**AA, actually . Asstunnels [slashdot.org]

Re:Some proof (0)

Anonymous Coward | more than 6 years ago | (#21117571)

So, who is going to register asstunnels.com and SEO it to make it show up in searches for record/movie companies?

Re:Some proof (1)

liquidpele (663430) | more than 6 years ago | (#21115385)

Everyone is having these issues...
but I think we are all focusing on the symptoms and not the cause.

Domain names need to be priced geometrically - so every one you buy costs more and more. No one needs more than 25 domain names. If they need more than that, make a NS and have subdomains dammit. It's much harder to get your squatting site to recoup $1000 than $8.

Re:Some proof (1)

Dogtanian (588974) | more than 6 years ago | (#21116749)

Domain names need to be priced geometrically - so every one you buy costs more and more.
Then there'll just be some contrived workaround, involving registering under different peoples' names, different company names and/or downright bogus names or companies.

And even if they consider that and somehow stop it (it's fairly obvious), commonsense tells us that some enterprising cretin will have figured out another sneaky way around it in no time.

Re:Some proof (1)

liquidpele (663430) | more than 6 years ago | (#21116963)

Then each owner of the TLD should be required to verify the register's info if requested by another person. If they can't verify the account info, they revoke the domain for 30 days to let the person correct the info, otherwise they release the domain to be registered by anyone again. imho, this should be done already anyway. So how would you verify the info?
1) Call the phone number - ask what domains they have registered. If they can't tell you (because the list is way too longer) then F-em.
2) Mail a letter to the address with a URL where they have to go to and it asks them what domains are registered - If they don't reply or can't input it, then F-em.

Of course give them 15 days to reply to the requests, and then 30 days to get in touch after the domains is revoked just in case there is a mis-understanding there.

And just so you can't DOS they system, make it so they only have to verify details once every year (at a random time) or once each time the contact info is changed (whichever is smaller).

Email them? (0, Offtopic)

A beautiful mind (821714) | more than 6 years ago | (#21114053)

ICANN asks that anyone who suspects they have been victimized by domain name front running to email them with details.
This is surely just a tricky ploy to gather email addresses! Then they can proceed to sell the list..

Mods: whoooosh! -nt- (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#21114275)

-nt-

Re:Email them? (3, Interesting)

sm62704 (957197) | more than 6 years ago | (#21114403)

OK, I know yours was a joke post, but something pissed me off for YEARS that I don't think should be allowed. I wanted to register mcgrew.org or alternately mcgrew.com back when com, org, and net (and ones you can't get like gov and edu) were the only roots.

What infuriated me was that some sleazeballs had registered .com and .org for every name in the phone book, and was selling "your name can be your email!" mcgrew.com, smith.com, jones.com, even johnson.com (which one would expect to be a porn site) led to the same company.

Eventually they opened up .info and I managed to snag mcgrew.info and moved all the stuff I'd been polluting the net since 1997 [mcgrew.info] with (yes, that particular page is older than slashdot). And newer stuff.

Of course, if I had actually managed to get mcgrew.com, the comedian with the same name as me out in Colorado probably would have sued me for it, despite the fact that I'm 10 years older than him.

-mcgrew

(then I discovered K5, back in its heyday, [kuro5hin.org] and actually had people READING my pollution, and strangely LIKING it. Still scratching my head over that one...)

It's not fair! (0, Offtopic)

reabbotted (871820) | more than 6 years ago | (#21114101)

Yeah, yeah. I'm pretty sure this happened to me when I tried to register microsoft.com! Give me my domain name back!

Not the Point (5, Insightful)

mfh (56) | more than 6 years ago | (#21114117)

When a domain is snatched, usually it doesn't matter if the original owner gets it back or not. That's not the point, in most cases. Thieves will use the domain to drive traffic to their astroturfing/spam network and drive their PR up in the process. That stays in memory indefinitely and has a beneficial impact on any site like that.

If the owner gets their network back, they still have the stigma of the bad activity associated with the domain.

Preventing domain theft is going to only get increasingly more difficult as technology becomes more complicated.

*That's* Not the Point (1)

Niten (201835) | more than 6 years ago | (#21114349)

This isn't about snatching domain names from previous owners. It's about improper use of search records from the whois databases, using this information to automatically grab new, currently unregistered domains when other people check the domain names' registration status.

Re:*That's* Not the Point (1)

mfh (56) | more than 6 years ago | (#21114675)

Yes, but when ICANN reverses the snatches, it will be too late and the damage will be done, so the domains will be useless to new owners, anyway.

There is entirely too much stress on domain names. There should be more stress on domain content.

Re:*That's* Not the Point (1)

bcattwoo (737354) | more than 6 years ago | (#21116531)

How will the damage already be done? Why would potential customers be going to a website that the business owner hasn't even registered yet?

I suppose there is a chance that Google might find the junk site, determined it was crap, and send it down to the bottom of the heap during the 5 day trial period.

Re:Not the Point (2, Interesting)

sm62704 (957197) | more than 6 years ago | (#21114657)

This is only slightly on-topic but I have karma to burn so wtf, someone might think it interesting or amusing.

I used to be a Quake addict, ad my ISP offered "unlimited internet access" and he wasn't kidding. They gave free web hosting with internet service, so I proceeded to start the "Springfield Fragfest" [sj-r.com] (note that the link is NOT to the Springfield Fragfest, it is to an article in Springfield's local paper that succinctly illustrates the fact that the real Springfield, which has an alderman named Gail Simpson, is sicker and funnier than the cartoon Springfield. The article is about "Klutzo the Clown", a former police officer, being arrested for being a pedophile).

Anyway, a series of freak accidents got my site popular, and I finally registered thefragfest.com and continued the site there. A few readers jokingly pestered me to host porn on it (one fellow whose online name was "Dopey Smurf" is now a medical doctor in Canada, he's probably reading this now). After a few years I got tired of the sirte, let it grow cobwebs, and finally let the domain lapse.

Well, Dopey got his wish. thefragfest.com was, last time I looked, a porn site.

-mcgrew

Re:Not the Point (0)

Anonymous Coward | more than 6 years ago | (#21115079)

original owner?

we're talking about new, obscure, never registered domains.

rtfa.

I believe it happened to me.... (2, Interesting)

lena_10326 (1100441) | more than 6 years ago | (#21114193)

A year ago I searched on a domain I had spent 2 weeks thinking up. It was available but I waited 3 days. When I went to purchase, it was registered 1 or 2 days before. At the time I chalked it up to bad luck.

I only wish I could remember the domain name. I might have it in my notes but I have pages and pages of notes.

Re:I believe it happened to me.... (1, Funny)

Anonymous Coward | more than 6 years ago | (#21114335)

You spent two weeks thinking up a domain name and now can't remember it?

Man, you must have a terrible memory. Did you spend the entire two weeks going "I need a good domain name... how about awesome.net? Nah, that's no good. How about awesome.net? Yes, that's it!" :)

Re:I believe it happened to me.... (2, Funny)

lena_10326 (1100441) | more than 6 years ago | (#21114569)

You spent two weeks thinking up a domain name and now can't remember it?

Man, you must have a terrible memory. Did you spend the entire two weeks going "I need a good domain name... how about awesome.net? Nah, that's no good. How about awesome.net? Yes, that's it!" :)
  1. I think up a lot of domain names. I have lots of ideas.
  2. It was 5-15 minutes a day.
  3. My ad hoc method gets me very good domains.
  4. I want you to try to think up a domain name with only dictionary words and see how well you do. Big talk from an anonymous weenie.
  5. I have a list of a few hundred potential domain names. It's something I do, so if you can remember 1 name out of several hundred that you wrote down a year ago, great for you then.
  6. I believe you're a big fat turd with sausage fingers, given you hide behind anonymous to shield your real username.

Re:I believe it happened to me.... (2, Funny)

thrillseeker (518224) | more than 6 years ago | (#21114743)

I believe you're a big fat turd with sausage fingers

No match for "BIGFATTURD.COM".
>>> Last update of whois database: Thu, 25 Oct 2007 15:54:43 UTC <<<


Just in case ...

Re:I believe it happened to me.... (1)

lena_10326 (1100441) | more than 6 years ago | (#21114869)

No match for "BIGFATTURD.COM".
>>> Last update of whois database: Thu, 25 Oct 2007 15:54:43 UTC <<<
You forgot sausage fingers. That was the clincher. Heh.

Re:I believe it happened to me.... (1)

Marvin01 (909379) | more than 6 years ago | (#21115161)

Server Name: BIGFATTURD.COM Registrar: GODADDY.COM, INC. Whois Server: whois.godaddy.com Referral URL: http://registrar.godaddy.com/ [godaddy.com] >>> Last update of whois database: Thu, 25 Oct 2007 16:54:43 UTC

Re:I believe it happened to me.... (0)

Anonymous Coward | more than 6 years ago | (#21114893)

Er, sorry if I offended you. It was just a joke (hence the :) at the end).

I wasn't actually doubting your ability to do your job. Again I apologize that my joke (and my anonymity) bothered you.

Re:I believe it happened to me.... (1)

lena_10326 (1100441) | more than 6 years ago | (#21115569)

Hmmm. An apology. WOW.

Okay, I'll retract my big fat turd comment. But, the sausage finger one still holds.

I just tried one. (0, Offtopic)

grub (11606) | more than 6 years ago | (#21114205)


No match for "ICANNARETHIEVINGCUNTS.COM".

Let's see what happens.

Re:I just tried one. (1)

grub (11606) | more than 6 years ago | (#21114233)

(the idea being bad registrars auto-register it and ICANN gets mad) Forgot to preview

How to buy a domain in this day and age (3, Informative)

hansamurai (907719) | more than 6 years ago | (#21114243)

Say you want domain xyz.com and you have no idea whether anyone else owns xyz.com or if it's in use.

1. DO NOT go to xyz.com. If it is being squatted then the squatters now have a hit on it, they have one more reason to keep it if they're just testing out the ICANN 5 day snatch and release policy.

2. Go to a registrar site and do a search on xyz.com

3. If no one owns it, buy it NOW. The first hour after your search could very well be the only time it is ever available ever again. There is a very high probability of this. If you do not buy it right away, by the time you come back it will be gone. A squatter will have bought the site to abuse the ICANN 5 day policy. If it gets enough hits, they will keep it, if not, they will release it and by the act of releasing some other squatter will probably pick it up. This will keep on repeating itself until you pay enough money for some just as evil company to grab it and sell it to you.

There's your guide to buying a domain name in three obnoxious steps.

Re:How to buy a domain in this day and age (1)

lena_10326 (1100441) | more than 6 years ago | (#21114293)

Now you tell us. :D

Couldn't one start "poisioning" the hit database? (2, Interesting)

laing (303349) | more than 6 years ago | (#21114299)

Why not just start a bot that makes random DNS queries? This would eventually make it unprofitable for the squatters to squat.

--
This space for rent

Re:Couldn't one start "poisioning" the hit databas (1)

hansamurai (907719) | more than 6 years ago | (#21114355)

This is undoubtedly going on. People like us are doing it to screw with all squatters, and squatters are probably doing it to other squatters to get them to buy and keep crap domains. Doesn't seem to be helping much though.

Oblig. Anti-Flag (0, Redundant)

sm62704 (957197) | more than 6 years ago | (#21114757)

Hey, we're rolling, hey..
Go home, go home
Squatter go home
Go home, go home
Squatter go home
I think I hear your Mommy callin'
On your cellular phone
She said your dad wants his car back
So you'd better come home
Squatter go home
Squatter go home
Squatter go home
Squatter go home
Go home, go home
Squatter go home
Go home, go home
Squatter go home
You got no money for the punk rock show
It's delagated for a beer and a ho
Spitting, pissing, cumming, and shitting
So you have cool clothes
Squatter go home
Squatter go home
Squatter go home
Squatter go home
I see you sitting on the boulevard with your tired and pissed off stare
Tellin' everyone your hard luck story, and what landed you here
You think of mommy and daddy out in their safe suburban home
And you know that's where you're gonna be when you start to feel the cold
I'm saying poser go home
Poser squatter go home
Summer squatter go home
Poser squatter go home
Squatter go home
Squatter go home
Squatter go home
Squatter go home
Squatter go home
Squatter go home
Summer squatter go home

Re:Couldn't one start "poisioning" the hit databas (1)

Mysticalfruit (533341) | more than 6 years ago | (#21116499)

Here you go... This program when run will create X number of random domains and then do DNS queries against them. Thus poisoning the hit database. Note: I'm sure any real programmer will look at this code and cringe...

#!/usr/bin/perl

use strict;
use Net::DNS::Packet;
use Net::DNS::RR;

my @silly_list = ('sex','linux','monkey','pants','lucky','duck','cow',
        'chicken','clown','w2k3','fart','junk','monk','towel','hyper','viper',
        'amp','station','depot','diaper','super','leet','wicked','help','soft',
        'ware','micro','dyne');

my @tld_domains = ('.com','.edu','.org','.net');

my $domain;
my $num = $ARGV[0]; # Number of junk domains to create.
my $res = Net::DNS::Resolver->new;
for(;$num >= 0; $num--)
{
        $domain = return_domain(@silly_list);
        $domain .= $tld_domains[rand(4)];
        print "Checking: $domain\n";
        lookup_domain($res,$domain);
}

sub return_domain
{
        my (@list) = @_;
        my $count = @list;
        my $dom_length = int(rand($count)/4)+2;
        my $domain_name;
        for(;$dom_length > 0;$dom_length--)
        {
        $domain_name .= $list[rand($count)];
        }
# print "domain = $domain_name\n";
        return 'www.' . $domain_name;
}

sub lookup_domain
{
        my ($resolver,$domain_name) = @_;
        my $packet = $resolver->send($domain_name);
        my @answer = $packet->answer;
        my $ans_count = @answer;
        my $item;
        if($ans_count > 0)
        {
        foreach $item (@answer)
        {
                print $item->name . " " . $item->address . "\n";
        }
        }else{
        print "Not a valid site!\n";
        }
}

Re:Couldn't one start "poisioning" the hit databas (2, Insightful)

lena_10326 (1100441) | more than 6 years ago | (#21114419)

I don't think it'd work. It'd be very easy to load them into a table, filter them against dictionary words, and sort them by # of hits.

Human eyeballs could pull the top 1000, do a quick spot check on the list, remove garbage names, and register the rest. Once setup, it'd take about 10-15 minutes of human intervention a day.

Re:Couldn't one start "poisioning" the hit databas (1)

theskipper (461997) | more than 6 years ago | (#21115125)

Good point. So if you're a whitehat and have access to the list of domains, some poisoning could still be applied by simply looking up each domain a (large enough) number of random times.

The results could still be filtered by dictionary/eye but you at least devalue # of hits in their decision making process. Seems like a pretty important variable to take out of their equation.

Re:Couldn't one start "poisioning" the hit databas (1)

lena_10326 (1100441) | more than 6 years ago | (#21115497)

Poisoning with dictionary domains would have more potential to mess with them...

Re:How to buy a domain in this day and age (0)

Anonymous Coward | more than 6 years ago | (#21115685)

3. If no one owns it, buy it NOW

The only problem with that is, what if that is exactly the behavior the registrars are trying to cause you to take? So, if you suspect the domain will be registered if you don't register it RIGHT THIS SECOND, and you register it, they get your $X even if you don't end up using the domain.

Only a conspiracy theory, but....

Re:How to buy a domain in this day and age (1)

trolltalk.com (1108067) | more than 6 years ago | (#21116945)

Why would you see if a domain is available unless you want to register it?

If you DON'T want to register it, why do you care if someone else "snatches" it?

That being said, the 5-day free period should be eliminated, immediately.

Re:How to buy a domain in this day and age (1)

oahazmatt (868057) | more than 6 years ago | (#21116391)

I've actually just subscribed to your practice. I lost a domain back in May due to financial issues (my first and last name.com) and went to register it again about two months ago. I did the search but didn't purchase immediately, believing I had time. Two days later it was a generic link site.

This time, I searched for a new domain, found it available, and bought it outright. If I hadn't read this story, I probably would've delayed my purchase and lost on another domain name.

wow (3, Funny)

zehaeva (1136559) | more than 6 years ago | (#21114255)

I am so very glad that ICANN has quickly come forth at the first signs of such a horrible problem, to think that the registrars would abuse their positions like this.

I think we all can rest since ICANN is going to fix this before it even becomes a problem.

oh wait ...

Dear ICANN: (2, Funny)

circletimessquare (444983) | more than 6 years ago | (#21114287)

I have been the victim of Internet-related Terminology Front Running (tm). It began innocently enough with "trolling" borrowed from fishing terminology. But when "phishing" itself became a term, as well as "blog", "AJAX", "spidering", etc., I realized I was in a strange world where tech writers invent terms for phenomena most people aren't even aware exists yet. Usually the phenomena is out there for awhile first, and as it gradually trickles into common knowledge, terminology gradually evolves. But here we have terminology existing even before awareness of the phenomenon. Which brings us to "front running"...

Oh, wait, we're talking about a different kind of front running? It means what again?

See what I mean ICANN? I can't even keep track anymore. I thought I was tech savvy, but if I blink, these crazy kids are using words I don't even understand.

Wait... ICANN is the wrong organization to complain to about this?

I give up.

Re:Dear ICANN: (1)

cthulu_mt (1124113) | more than 6 years ago | (#21114535)

It began innocently enough with "trolling" borrowed from fishing terminology.

Actually, its trawling,/i>, but nice try.

Re:Dear ICANN: (2, Interesting)

sm62704 (957197) | more than 6 years ago | (#21114995)

It began innocently enough with "trolling" borrowed from fishing terminology.
Actually, its trawling,/i>, but nice try


Wikipedia says you're wrong [wikipedia.org]

Trolling is a method of fishing in which some form of bait, such as a fishing lure or a living fish, is drawn on a line through the water. Trolling from a moving boat is a technique of Big-game fishing and is used when fishing from boats to catch large open-water species such as tuna and marlin. Trolling is also a freshwater angling technique
On the other hand, [wikipedia.org]

Trawling is a method of fishing that involves actively pulling a fishing net through the water behind one or more boats, called trawlers.
-mcgrew [kuro5hin.org]

There's got to be a better way (1)

MeditationSensation (1121241) | more than 6 years ago | (#21114331)

than domain names. One time I register {my firstname}{my lastname}.com and let it lapse. I do not have a memorable or popular name at all. Yet sure enough, someone was squatting on it for a couple of years. I keep thinking something akin to AOL's keywords would have been better than domain names. Say instead of a domain, it's just a plain string. No top levels or any of that. "IBM Corporation", "/.", "Natalie Portman is hot". Maybe have a maximum size and forbid a few characters to prevent code execution and the like. Maybe a have a nominal fee so someone doesn't grab zillions of strings. But man, the restrictions and absurdity in place right now is nuts.

Well, DNS itself is a dumb 20th century idea (1, Insightful)

Quadraginta (902985) | more than 6 years ago | (#21115149)

Why have domain name service at all?

That is, why do we have this superelaborate expensive annoying structure, the only purpose of which is to translate one string (the hostname) into another (the IP address)? Sure, a nice 32 bit number (0x4a7d1368) is easier for programs to work with than a variable-length alphanumeric string ("www.l.google.com").

But so what? The only legitimate purpose of technology is to make our lives easier, not to serve as a temple in which we practice the complicated correct forms of worship. My 2007 Odyssey is way more complicated under the hood than my 1968 Volkswagen was (and of course that means car designers and car mechanics have a much more complicated and demanding job these days), but the 2007 car is much easier for the user to drive and take care of than the 1968 car. That's as it should be. Technology should be designed and evolve so that the ease and convenience of the user is the first priority. How easy or cool it is to implement should be a distant secondary goal only. (But programmers should not complain, because the more complicated and difficult a scheme is to implement, the better-paid the job of implementer is.)

The alphanumeric string that human beings find easy to remember and use should be the "real" address of an Internet host, and it should be up to the robots and programs behind the scenes to cope with the complexity of correcting routing packets to the destination using only this string.

More fundamentally, the idea of making one giant and (literally) global hash in which each host is mapped to a unique ID tag is violently contradictory to the way people naturally think. We naturally think in terms of local variables and namespaces. It perfectly possible for a bookstore in Liverpool to have the same name as a bookstore in Atlanta, because human beings consider the bookstore name a local variable and use the context ("Am I in England or Georgia?") to figure out the correct global meaning. Internet hostnames should work in a similar way; it should be possible for the Liverpool and Atlanta bookstores to have the same name on the Internet, too, with some method of choosing context to resolve ambiguity. Yes, I realize the dotted aspects of hostnames was supposed to do something like that ("foo.bar.com" versus "foo.baz.com"), but it clearly didn't work out that way. Perhaps because it was designed by people for whom the world was broken up into a few very large organizations (.mit.edu, .af.mil,...) containing a nice orderly heirarchy (.mit.edu -> .ee.mit.edu -> .rle.ee.mit.edu -> myhost.rle.ee.mit.edu). The real world doesn't look like that at all, which is why most people these days couldn't even tell you why there are dots in the URL and what purpose they were supposed to serve.

I also know lots of schemes that rely on the present madness would be broken. Tant pis. Can't make an omelet without breaking eggs.

Re:Well, DNS itself is a dumb 20th century idea (1)

Deltaspectre (796409) | more than 6 years ago | (#21115531)

I don't know how you propose to solve this, but I host several sites on my home computer which has one IP, but serves different content depending on which domain name the user has accessed.

Re:Well, DNS itself is a dumb 20th century idea (1)

idontgno (624372) | more than 6 years ago | (#21116241)

That's not a very good technical objection. Almost any network-aware operating system can assign multiple "virtual" IP addresses to a single physical interface. If you change your network stack over to the "IP Name" scheme, it'd be no real difference.

I'm not saying that direct name->machine mappings would be a good idea, only that it's technically feasible.

I certainly wouldn't want to write the routing algorithms for non-hierarchical variable-length addressing schemes.

Re:Well, DNS itself is a dumb 20th century idea (1)

_xeno_ (155264) | more than 6 years ago | (#21116651)

Slashdot is a site that receives international visitors. How would you propose we label Slashdot in your scheme?

Likewise, if I talk about the Starbucks in Burlington, I know what I mean, but without some context you'll have no way of figuring out what I'm talking about.

A quick Google search comes up with Starbucks in Burlingtons in Vermont, Ontario, North Carolina, Washington, and Massachusetts. Which one do I mean when I say "the Starbucks in Burlington?"

Well, I mean the Starbucks in Burlington, Massachusetts. But here's the thing: there are two Starbucks in Burlington, Massachusetts. (More if you count Starbucks served inside of other stores.) Which one do I mean? Well, for this example, I mean the one on Mall Road.

So I can't just say "the Starbucks" because that is too vague. I can't just say "the Starbucks in Burlington" because that's too vague. I have to exactly specify it, down to a street. People aren't going to want to have to do that just to link to places like CNN or aren't going to think that there might be a different, "closer" CNN in some parts of the world.

A real-world example could be the difference between Nissan Computer and Nissan Motor. Currently Nissan Computer has nissan.com [nissan.com] , but under your scheme if I said "Nissan" based on my location (Massachusetts) it'd be obvious I meant Nissan Motor because Nissan Computer are further away than the nearest Nissan dealer.

How would I explicitly point to Nissan Computer in your scheme? By specifying an exact location?

Back to the Slashdot example. Where is Slashdot? I guess it's in the United States. So I could address it as "Slashdot US" in your scheme. But what if someone sets up a Slashdot Massachusetts? I don't want that Slashdot, I want the original. I guess that's in Michigan. But the servers are in California, aren't they?

Your scheme fails because it doesn't allow an exactly specified address, it instead works solely for discovering locations. So instead of remembering Slashdot's new fully qualified domain in your scheme, I could just search Google for it. Something I can do already.

Ultimately, though, it doesn't solve the problem. At some point you still need a registrar to assign names for whatever your smallest geographic region is.

Re:Well, DNS itself is a dumb 20th century idea (1)

halcyon1234 (834388) | more than 6 years ago | (#21117277)

We have layers of routing in networking to allow for easy modification of the system as a part without changing the system as a whole.

If you combined Layers 3 and 2 together, then it would be responsible for naming and routing. When you entered a name, the part of the system that takes in the name also has to know how to route it. If you change the routing protocol, you also have to completely redo your naming protocol. Right now, the naming protocol just discovers a place, and lets a specialist figure out how to get to that place. The routing doesn't care about the naming, and vice versa.

And for the record, the real world DOES work like the dots in an URL. They refer to subdomains-- places within places. So, in your example, a human knows the difference between Joe's Books in Georgia and Joe's Books in London BECAUSE of those dots. The thought process of "Am I in England or in Georgia?" is solved by observing the dots. It's Joe's Books, Goergia. Or Joe's Books, London.

An URL couldn't (or shouldn't) work like this, because URL's aren't geographically defined. In this example, you'd force someone to come up with a Georgia subdomain of .US. And any business in Georgia would have to register as JoeBooks.Georgia.US. What if there's more than one location? What if it's an international company? What if the bookstore is in Georgia, but thier shipping plant is in New York? How far down should the URL drill? JoeBooks.Downtown.Westpoint.MeriweatherCounty.Georgia.UnitedStates.NorthAmerica.NorthenHemisphere.Earth.SolSystem.Milkyway.Universe ? What if JoeBooks moves to Toronto? Do they need an entire new domain?

Computers don't work the way people think, because they're computers. Computers and humans speak two entirely different languages, and it's up the the programmers and engineers to come up with the interfaces that will best translate between them. URL is one such interface. It isn't perfect, but it's damn near the best we can do.

Re:There's got to be a better way (1)

morgan_greywolf (835522) | more than 6 years ago | (#21115867)

How would that be any better?

I've never used whois for this exact reason (2, Informative)

Qbertino (265505) | more than 6 years ago | (#21114421)

I've *never* used whois for probing novel domain-names for this exact reason. I just use the URL and see if it hits. If it and it's adjacent ones on other tlds of interest don't hit and I want it, I order it.

Being a little paranoid allways helps.

Re:I've never used whois for this exact reason (1, Interesting)

Anonymous Coward | more than 6 years ago | (#21115061)

I've *never* used whois for probing novel domain-names for this exact reason. I just use the URL and see if it hits. If it and it's adjacent ones on other tlds of interest don't hit and I want it, I order it.


I always just use nslookup. That way it is just between me and my DNS server. Someone would have to be constantly sniffing my DNS server and its upstream authorities and rapidly analyzing the huge amounts of data in order to grab a domain before I can register it. (entirely possible, however less likely than a whois or registrar search)

Re:I've never used whois for this exact reason (2, Interesting)

Marvin01 (909379) | more than 6 years ago | (#21115075)

You don't trust 'whois', but you trust your ISP not to sell DNS records? You are far more trustworthy than I. Not to mention the significant chance that the domain might be registered, but not exposing a web host.

Re:I've never used whois for this exact reason (1)

mikael (484) | more than 6 years ago | (#21115247)

You could try 'traceroute' - but maybe that goes through the name servers anyway.

Re:I've never used whois for this exact reason (2, Insightful)

idontgno (624372) | more than 6 years ago | (#21116379)

Of course it does. Any IP communications which uses a name rather than an IP number is using some type of name resolution. Since the real question posed by this situation is "has this domain name been registered", you can't answer it without consulting with the domain name resolution system. And that is either a WHOIS query at a registrar or a name resolution check through a DNS, either incidental (ping my.foobar.foobaz.org) or intentional (dig my.foobar.foobaz.org).

And I have doubts about using DNS to verify it anyways. Domains aren't hosts; the domain "foobar.foobaz.org" might have many host names within it (such as "my", mentioned above), but you can't guarantee that you can guess them. Yah, www.foobar.foobaz.org seems like a likely place, but if I'm front-squatting the foobar.foobaz.org domain, I may not host a site at that address. (Of course, I'd be an idiot not to, since hits on that site make measuring interest in the domain easy, and I can aways linkfarm or upload drive-by malware for a bounty.)

Some probabilistic inference (2, Interesting)

jpfed (1095443) | more than 6 years ago | (#21114431)

To greatly reduce any doubt that this is happening, people should determine the availability of extremely unlikely domain names, like a random string of 24 characters.

tksmowlapoxnvbwlqanmiutklweh.com
laskjdfghlfkajgneruykvjniour.com
qwieurylkajbaiurylkjasndfgpu.com

If several of those are snatched up after a whois lookup, it's clearly not because anyone else actually bought the domain name because they wanted to use it.

Re:Some probabilistic inference (1)

kernelphr34k (1179539) | more than 6 years ago | (#21114573)

I'll test that theory now. Although a domain was snatched from a buddy of mine early this morning, and 2 other domains on Tuesday. Will be interesting to see what comes out of all of this.

Re:Some probabilistic inference (4, Funny)

blueZ3 (744446) | more than 6 years ago | (#21114669)

What do you mean, extremely unlikely?

The first one is obviously used by The King of Siam's Major Order of Worried Lemurs Acting Perfectly or Xylophone Needing Vampires Being Wheedled Like Queens of Another Nice Monarchy In Utah's Tasteless Kingdom, Looking at Everyone's Hiney

The other two are equally obvious

Re:Some probabilistic inference (1)

theskipper (461997) | more than 6 years ago | (#21115339)

Wow, your 'b' key must be having a nervous breakdown after that post.

Give him the rest of the day off before he goes postal on v or n.

Re:Some probabilistic inference (1)

JUSTONEMORELATTE (584508) | more than 6 years ago | (#21115085)

Crap! How did you guess my super-secret domain?

I'm kind of sensitive to this stuff right now. (3, Informative)

Dr. Manhattan (29720) | more than 6 years ago | (#21114525)

I failed to renew my free dyndns.com domain on time and on Saturday someone using the U.K. host "Real International Business Corp." (which Google shows to be a host for all kinds of scam websites) stole the domain. It wasn't just someone grabbing an unused domain - they put up a copy of my front page (though the links led nowhere).

They were even loading images, like I do, from my ISP's webspace. For a while I had changed the image to a big "WARNING!", but they noticed that yesterday and removed all links and images from their copy. A DMCA takedown won't work since they're in the U.K. and from what I've read of the hosting service, ethics aren't exactly their strong suit. So I've got to just learn from experience here. Oy.

I can sympathize (2, Insightful)

Anonymous Coward | more than 6 years ago | (#21116057)

A good friend of mine had a very successful website with 300,000+ users that made him over $100,000/year. The domain had been registered using some free email account that he stopped using. Eventually the email address was reclaimed and made available again and some guy registered it and hijacked his domain. It took him over a year and a half plus thousands of dollars in legal fees to finally get his domain back. By that time the domain was worthless because all of his customers had gotten fed up with the service outage and left. About the only thing going for it now is a Google pagerank of 7. He's also looking for a job.

The moral of the story is to keep tabs on your email addresses.

ICANN needs to put registrars out of speculation (4, Informative)

Animats (122034) | more than 6 years ago | (#21114551)

One of the provisions of the ICANN Registrar Agreement is this: [icann.org]

  • 3.7.9 Registrar shall abide by any ICANN adopted specifications or policies prohibiting or restricting warehousing of or speculation in domain names by registrars.

So ICANN has the authority to insist that registrars get out of the domain speculation business. They don't have to ask the registrars; they can simply order it.

Currently, most of the "registrars" [icann.org] are fronts for domain speculators. Take a look at the list. There are whole families of phony registrars (Enom1, Inc., Enom2, Inc., Enom3, Inc., ... Enom371, Inc., ... Enom469, Inc.) There are ones who admit they're domain speculators (NameJumper.com, Inc., "!!BBB Bulk Inc"). There are ones that are fronts for "Club Drop".

Most of these "registrars" are so phony they don't even have a business address.

This registrar information is useful for filtering junk sites. If a site is registered with one of the bogus registrars, it's probably desirable to block its e-mail (which is probably spam), and throw it out of search engines.

More Common than it should be (1)

wolff000 (447340) | more than 6 years ago | (#21114567)

I think cyber squatting is just as bad as this. You shouldn't get a domain unless you have a use for it. Not just by one hoping to sell at an inflated price later. There should be some sort of price cap on a domain name.

I'd rather see a crackdown on typos... (3, Interesting)

damn_registrars (1103043) | more than 6 years ago | (#21114571)

As much as front-running is annoying (at the very least), I think registering typo'd domains is actually worse. Considering how many domains are registered simply for the purpose of catching people who misspell the domain they want to visit, it may be a larger problem.

And from my experiences, it seems like the typo squatters usually bombard you with pop-ups and other annoying crapola on their sites when you accidentally wander into them. The front-runners at least seem kind enough to just tell you "this domain could be yours for only $1M". Bastardly, sure, but less of an annoyance than 4 pop-ups that trigger more pop-ups on being closed.

a good idea (2, Insightful)

FudRucker (866063) | more than 6 years ago | (#21114607)

why not make a domain named www.ICANNOT.org and just make it a listing/cache of domain names already taken so users looking for a domain can see if a name is already taken...

Oops, too late, already taken...

I'd be shocked if it wasn't happening (1)

marquis111 (94760) | more than 6 years ago | (#21114619)

This very idea occurred to me about 5 years ago, and I immediately assumed that someone out there was doing it already. It's an idea that's too easy to abuse for it not to be happening.

direct lookup (1)

TheSHAD0W (258774) | more than 6 years ago | (#21114665)

You can directly lookup whois information at the internic's lookup page [internic.net] , or use the unix whois command or a Windows utility like Cyberkit [pcworld.com] to discover whether or not a domain has been registered without leaking your interest to someone who might try to grab it first.

Re:direct lookup (0)

Anonymous Coward | more than 6 years ago | (#21115341)

Does internic keep a copy of the database, or are they just forwarding the query to verisign? If the latter, do you trust verisign (corporate motto "do more evil")?

Re:direct lookup (0)

Anonymous Coward | more than 6 years ago | (#21115389)

um, nslookup That's what its for. Windows or *nix command line, the syntax is the same.

I say SPAM the domain Spammers (2, Interesting)

PS3Penguin (1048518) | more than 6 years ago | (#21114673)

I say we setup a dictionary based query that (slowly as to not DNS) .. generates a mountian of plausible but not needed DNS queries. The domain squatters would then spend $$$ grabbing what amounts to useless domains .. Use the old scale of economy attack on them. It they have to sit on 10,000 useless names to hit one "real" one .. it becomes a LOT less profitable .. and they will move on.

Re:I say SPAM the domain Spammers (1)

mabhatter654 (561290) | more than 6 years ago | (#21114731)

under the rules there's no penalty for the 5 day waiting period. The squatters drop them before they pay any money. Icann needs a $15 non-refundable restocking fee or something.

Re:I say SPAM the domain Spammers (1)

Quietust (205670) | more than 6 years ago | (#21117009)

under the rules there's no penalty for the 5 day waiting period. The squatters drop them before they pay any money.
Then trick them into thinking the domains are "real". Expand the dictionary-DNS script to keep track of the fake domains it queried and retry them occasionally - if they get registered, then add them to another list and start actively querying the webpages to generate "hits" for them.

For optimum performance, publish both lists (both queried and subsequently registered domains) somewhere online so other people can also participate (and then hope some "savvy" spammer doesn't arrange for the Storm Worm botnet to remove you from the Internet).

ICANN should forbid registrars from owning domains (1)

david.emery (127135) | more than 6 years ago | (#21114767)

That would clean up this problem, right? Sure, it's an impact on other lines of business, but domain registries have a 'special role' to play in the internet. One question, though, is whether ICANN could legally enforce this rule in various jurisdictions. Probably so, since ICANN could revoke the registry for not playing by the rules, but IANAL...

        dave

Re:ICANN should forbid registrars from owning doma (1)

CaseCrash (1120869) | more than 6 years ago | (#21114843)

Then how in the world could they have a webpage to allow you to register domains in the first place? They need at least one domain

Re:ICANN should forbid registrars from owning doma (1)

david.emery (127135) | more than 6 years ago | (#21115069)

A registry would itself have to register with the root registry, which I guess is Network Solutions, right? Doesn't ICANN have to bless anyone who wants to be a registry?

The domain name for my-bogus-registry.com would have to be registered first -with someone else-, before you could set up www.my-bogus-registry.com. So the specific bootstrap problem you mention should not occur.

      dave

Re:ICANN should forbid registrars from owning doma (1)

Blakey Rat (99501) | more than 6 years ago | (#21116599)

NetworkSolutions has now changed their name! They're now known as http://205.178.187.13/ [205.178.187.13] ! Watch for our new ad campaign during the Super Bowl.

mod dOwn (-1, Flamebait)

Anonymous Coward | more than 6 years ago | (#21114773)

mo7e 7orward, [goat.cx]

Wouldn't surprise me (1)

ajs318 (655362) | more than 6 years ago | (#21114823)

If you do a whois on a domain name, then somebody, somewhere gets to see that you might be interested in buying it. It was really only a matter of time before someone started doing this.

Re:Wouldn't surprise me (1)

Dogtanian (588974) | more than 6 years ago | (#21117491)

If you do a whois on a domain name, then somebody, somewhere gets to see that you might be interested in buying it. It was really only a matter of time before someone started doing this.
I had this happen to me almost two years ago; it's hardly new.

already happens (rumours) (1)

micromuncher (171881) | more than 6 years ago | (#21114881)

I think this already happens. When you do a whois, which is usually the first thing in registering a domain, a variety of authorities are queried. Now - I don't know which one - but one of them is naughty and camping starts. There have been 3 occassions where I have run whois through netsol where within 24 hours the domain went from avail to camped (by studiomobile - a net 'research' company.) I think it is more than a coincidence.

Who needs front running... (1)

xENoLocO (773565) | more than 6 years ago | (#21115179)

.. when you have stuff like this going on...

http://www.mentallyretired.com/2007/09/17/fraud-in-the-domain-name-market/ [mentallyretired.com]

I wanted a domain name after it expires in half a year and they're ALREADY MAKING ME BID FOR IT. Keep in mind, this is the REGISTRAR, not the current domain owner.

I think this happened to me, but with a twist.. (4, Interesting)

Unmanifest (948811) | more than 6 years ago | (#21115239)

I was going to buy Squandered.org, .com, .net to release some original music and essays. Squandered.org was to be the band name, with the .org in the name to emphasize the "new media" thing.

So I checked via godaddy.com, and it was available, but I didn't purchase it because my checking account was overdrawn. A while later(2 weeks to a month), I went to buy it, and it was taken. Whois said it was taken shortly after my availability check, by a company in Maine. It was cash-parked at Network Solutions.

Anyway, a few months later(the dates are vague, I didn't mark my calender) I checked it to see what the people from Maine were doing with the title of my life's work. It was still just cash-parked at Network Solutions. So I checked WHOIS again, to refresh my memory about the name of the company, and it was now owned by an individual in Maryland instead of a company in Maine, but here's the scariest part: the registration date had *magically* moved backwards to 2005!

I had personal reasons to remember very specifically that the location of the owner was in Maine. I didn't remember the company name, but I definitely remembered that the date of registration was just after I had checked it.

And it's still just cash-parked. When it first happened, because of "Maine" and some personal events, I suspected a certain person I knew from certain forums had taken it for basically spiteful reasons. But when the date was altered, I was mystified and paranoid. "Why would the CIA and time-traveling lizard-people from Sirius conspire to keep me from doing my little project under that name?" Now, I'm relieved to find a more plausible explanation. A scammer or scammers with access to official registration data. Makes sense, I also own several other domains, so I might pop up as a high-probability purchaser. But I never contacted the owner, and in the intervening time I've reworked things to release soon under another name that I've owned for years.

I did, however, pop off an email to ICANN detailing the events.

Let me reiterate what's been said by others on this thread: don't check a domain unless you're ready to purchase it immediately.

GoDaddy's doing it (1)

guruevi (827432) | more than 6 years ago | (#21115645)

GoDaddy's doing it for sure. Several domains that I have probed with their service that are currently not available anymore:

http://guruevi.com/ [guruevi.com]
http://pcman.com/ [pcman.com]
my last name ...

Google it first (1)

Darth Cider (320236) | more than 6 years ago | (#21116217)

Before doing anything, google xyz.com to see if it is active. Doing searches that ping the site, or that go through a registrar, or that alert anyone at all to interest in xyz.com can be a costly mistake. (I learned this lesson after seeing domains snatched after searches through reputable registrars.)

Yikes (1)

Dannon (142147) | more than 6 years ago | (#21116489)

The fortune at the bottom of the page reads:
You will gain money by a speculation or lottery

Well, someone is, at least....

Nothing new (1)

MoonRabbit (596371) | more than 6 years ago | (#21116573)

About six years ago, I wanted a domain that was listed as a "pending delete." The domain had expired 2 years previously and had passed any grace period. In order to get in on the "waiting list" I had to send the controlling registrar (dotregistrar) $60 for nonrefundable "shares" to become a "member." I was first on the waiting list for three years when they informed me that my shares were about to "expire," and since three years had elapsed and the domain was still a pending delete, I opted to spend my remaining $15 on another domain rather than lose it. I was convinced of the scam at that point and was not going to give them any more money. The day after I quit paying to be first on the waiting list, the domain was suddenly registered to a domain squatter. Still is, except now it's "for sale." I complained to ICANN about this, but I might as well have sent my congressman a letter complaining about gas prices. The real killer is that I wanted the domain for a nonprofit I was working with at the time.

Re:Nothing new (1)

trolltalk.com (1108067) | more than 6 years ago | (#21117107)

You were defrauded. You should have just waited until the 30-day redemption period was over and you could have just registered it with any other registrar. How do you think I got trolltalk.com?

http://www.cyberindian.com/domain-registration/article.php?article_id=185 [cyberindian.com]

  1. 30 day "redemption" period
  2. 5 day "pending deletion" period
There's no such thing as "a waiting list". Ask for your money back.

Domain Name Front Running (1)

HTH NE1 (675604) | more than 6 years ago | (#21116913)

ICANN has opened an investigation into a suspected practice by registrars it calls "domain name front running."
I prefer "squatspecting" myself, as it is the cybersquatting upon others' domain prospecting, possibly to ransom the domain to the person who intended to register it.

There was a .com domain I wanted, but it is currently held by a law firm with named partners sharing the same initials, and they could easily hold onto it indefinitely even if there's a change in partnership to maintain communication with former clients of the old firm. When I finally decided to get the .tv version which had been free, it too was taken.

I now keep my ideas to myself until I'm sure I want to run with them. Though I fear these people may grab it even within the few minutes it will take me to search and register.

No news here.. (1)

sw155kn1f3 (600118) | more than 6 years ago | (#21117125)

I suspected this for years, when circa 2003 I ran whois query/dns searches on short and very meaningful domain in .com, just perfect to suit my needs, which was registered 1 week later! Guess wh was the registrar? Some squatter.
After that I just go and register domain in 1 transaction - using registration form as whois/dns lookup and then immediately check out.
From 2003 I registered 4 domains and this rule worked pretty well.
Also I have one story when one not so expensive registrar just snatched domain from legitimate user. This is scary stuff. All registration are electronic, which means you even don't have a paper about domain is yours.
I guess all we can do is to bring as much attention to these cases as possible.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?