Ask HN: I purchased a domain and now the registry wants to take it back
I purchased a very nice .io domain 2 days ago and I received an email from my registar today saying there was a bug in the registry and that the domain should not have been available so they are going to cancel my registration.
Right now I own the domain. What can I do? Is it okay for registries to do this? Does it happen often?
Thanks!
75 comments
[ 12.8 ms ] story [ 702 ms ] threadI might be able to transfer it to another registar, but I'm not sure it would help (the registar is Gandi and I trust them)
Previous discussion: https://news.ycombinator.com/item?id=22001822
Would be truly unfortunate if a hypothetical decentralized alternative had a similar bug that let someone else register and already-owned domain, as that bug would likely invalidate the entire structure of the registration and bring the whole system down as people exploited the vulnerability to steal every possible domain in a decentralized manner. At least this centralized solution can fix it and adapt.
I would be a little skeptical. Make sure that the email really is from your registrar. Also, it's likely that "do nothing" is your best course of action, in any case. If the email is legitimate, there's nothing you can do to stop them. If it's a scam of some kind, you avoid increasing your exposure to risk.
I cannot find any trace of the domain on the internet, so at least I don't think it was used. I don't know if there is some kind of way back machine for domain name records / whois ?
Thanks for the info on the migration, that could indeed explain this.
If this is the case, under no circumstance tell your registrar you're okay with losing it and dig your heels HARD.
Either way you should get a cert for it with the longest expiration you can ASAP while you control it ;)
I can tell you I’ve seen legal orders transferring a domain from one registrant to another, if the order has the registry named to take action, the domain kind of just goes poof, sure it’s in your system but you can’t do anything against it.
Then maybe the original poster should demand such a legal order? I doubt there exists one now given it's only been a couple days.
"ICANN's official policy is that domains are not property to be owned. Domain names are registered (rented) by payment of an annual registration fee."
But your point is valid that domains are essentially registered according to the terms of a probably-long and verbose agreement.
Blockchains are a great idea but some problems are better solved by the brick-and-mortar legal system.
There still exists a legal system in which the NFT could potentially recovered. Yes it's harder with easy cross border theft, but that just means we need better global treaties.
If your car is stolen, there's a potential for it to be physically found and returned.
If someone somehow finds the private key to steal an NFT, they could steal the NFT and then delete the private key for the new address that owns it. At that point, treaties don't matter. The ownership exchange is permanent until someone can derive the private key from the public key, which if someone did, then ALL NFTs could be stolen.
There's also an easy fix for this. Make the NFT include a smart contract that requires periodic "checkins" that require the private key, and if the checkin fails, ownership reverts the previous owner or another address specified in the smart contract.
Or attach a smart contract that requires registration with a third centralized party.
NFT technology can interplay with existing legal frameworks and protections with the right programming.
The global DNS namespace is heavily controlled. I very much doubt that these funny namespaces will be anything other than a fad used in niche applications. Metamask supports .eth, fine, but you wont be pointing at your https server with it if you expect grandma to resolve it.
We have seen it before, many times. NewNet isnt a thing this decade. You cant invent arbitrary TLDs and expect the internet to use em.
IMHO they will fail. You wont see decentralized name registration in the global DNS namespace. Too much abuse potential, too little flexibility with errors, trademarks, etc
I agree with you there. The key problem is maintaining ownership of a valuable domain, not freeing domain ownership from ICANN or automating dispute mediation.
Putting domain ownership on a blockchain just makes it almost impossible to maintain ownership of the domain if someone steals your "crown jewel" certificates.
this is a place from which the natives were evicted by force.
I somehow doubt they're getting any financial benefit from it.
https://en.wikipedia.org/wiki/.io
https://en.wikipedia.org/wiki/Chagossians
https://en.wikipedia.org/wiki/Diego_Garcia
as a reminder, ethos capital are the amazing people who tried to "buy" .org a while back
https://en.wikipedia.org/wiki/Ethos_Capital
If this doesn't fit the economics textbook definition of Rent Seeking, I don't know what does.
The UN resolution (international norms???) and International Court of Justice (ICJ) is being violated by the UK and US:
https://www.reuters.com/article/us-britain-mauritius-un-idUS...
Of course the US is going to lobby to keep the base, and of course it’s horrific that thousands were forcefully removed to build it (and the US should compensate for that), but any interpretation where the US is in international error here due to Mauritian sovereignty considerations is plainly transparent in its purpose (particularly in a comment that references China off the bat).
That’s the UK’s problem. Notice the Mauritian prime minister in the very article you linked only discussed problems with the UK.
http://www.paulgraham.com/name.html
Do you think you could ever convince them by saying hey I saw this domain was available but came back 2 days later and it's not available, can you still get it for me? The answer is unequivocally no.
Know your right and defend them against overreach of private entities.
However, given domains are not securities and domain registrars are not FINRA members or registered securities broker-dealers, I don't think this is "frontrunning" in the sense that you're used to hearing the word.
So who knows if it's even illegal, and even if it is, who knows what recourse anyone has about it, given how quasi-legal and international the ownership of domains is.
In the future, use gandi.net or namecheap.com. They don't engage in such despicable practices.
McDonalds don't change the prices on the menu when they see you walk through the door looking particularly hungry.
I did not believe it at first, (thought the emails about paying someone else for my domains were a phishing scam) but I guess it did happen.
I have many godaddy=evil stories, the fact they don't enable letsencrypt / easy free ssl on their hosting / cpanel servers - it just makes them really shitty netizens on top of all the other shady things they have pulled over the years.
ENS would not have this problem, however, you might as well write a name on a piece of paper and never show anyone. It is not the same thing.
ENS will never be resolvable via the global DNS namespace. Its like a parallel DNS namespace. I don't believe that any blockchain NS will ever marry with the global name resolution namespace. Handshake and Namecoin are alternatives too, and there was non-blockchain thing called NewNet that no longer exists.
Globally resolvable names need to have registration details, so when you register "cocacola", Coke can sue you for trademark infringement. They need to be revocable.
I'm saying it wont happen because they wont let it. Its a closed club, and its a big deal when new TLDs get added. Johnny ethereum isn't allowed in.
Unfortunately though, .eth already collides with the reserved 3 letter country TLD made for Ethiopia.
> It would be a centralized service with decentralized records.
That is the best way to describe ENS. Your .eth domain is still sitting on a single TLD managed by so called 'trusted' centralised key holders.
Because it's a scam.
No, you don't. Read the terms and conditions.
I've looked into this exact problem because I wanted to know, what it takes to fully and completely own your own domain. The best way is to apply for an ICANN registrar accreditation which entails these requirements [2]:
In the case of Facebook, they were able to receive an expedited approval since link [1] indicates that their company will not be buying nor selling any domains. It just exists for the sole purpose of owning the domain. Why did Facebook do this, you may ask?Well, social engineering. An Njal.la hosted domain was successfully transferred to Namecheap (through no fault of Njal.la) through forged German Court records [3]. So now, no one can socially engineer the domain away from FB and I suspect the vast majority of these companies.
RIP. Looks like I won't be owning my own domain anytime soon.
[1] https://registrarsec.com/
[2] https://www.icann.org/resources/pages/financials-55-2012-02-...
[3] https://www.vice.com/en/article/qj8833/dark-fail-fake-court-...
Both have the save website and mailing address but there are 2 independent ICANN accreditations.
Likely, it is designed to prevent another sort of attack.
As I expected, they took domain for themselves... Whois says:
This name is reserved by the Registry in accordance with ICANN Policy. >>> Last update of WHOIS database: 2021-11-20T13:42:39Z <<<
:(
Trademarking the domain name gives you vastly better protection, since even if the registrar/registry takes it back, nobody else can use it, so the incentive for those entities to change their mind on leasing it to you is reduced.