
How a domain registrar can kill your business - richeyrw
https://www.uptimechecker.io/blog/how-domain-registrar-can-kill-your-business
======
davidgh
I recall a time when a company I had association with lost their main domains
due to a failed renewal. In this case it was a long-term employee who left the
company that had loads of company bills going to his card. He cancelled the
card sometime after he left and the domains were not renewed. I’m not sure
where the renewal failure emails were going but probably some unmonitored
admin email box.

These were very important domains. Without them, this $1 billion+ company
immediately lost all of its ability to generate revenue. It was quite
shocking.

The problem was discovered when users started getting the registrar’s landing
pages rather than the company website pages. It was fixed relatively quickly
once identified but do to DNS propagation took about 48 hours for complete
resolution. During the window unrecoverable revenue well into the hundreds of
thousands was lost.

It seems to me that a domain renewal is always a risk, even with a highly
reliable registrar. A good defense is to limit the renewals for important
domains by registering them for as long as possible (10 years). Even then you
have a weak spot because your credit card will be expired by then so you
should back that up with a calendar reminder a few months prior to renewal to
make sure everything is set.

~~~
cialowicz
> A good defense is to limit the renewals for important domains by registering
> them for as long as possible (10 years)

This is an interesting take. I prefer the opposite approach: choose the
shortest possible registration window (1 year), and have a very clearly
defined, properly-documented renewal process that multiple people at the
company understand. It's unlikely that _all_ of those people leave the company
in a 1-year window, so the knowledge gets passed on reliably.

If a renewal happens only once every 10 years, then it seems _very_ likely
that the person responsible for it has moved on, knowledge around the process
is lost, and at best the documentation is very out-of-date (but more likely
it's missing).

My process is to have a shared calendar for these high-risk renewals. Top
company officers should be on this calendar (CEO, CTO, and some engineering
VPs). The calendar contains recurring events for domain and SSL cert renewals.
These calendar events are set up for about 1-month before the actual renewal,
and fire reminder emails at several intervals beforehand (in case people are
away or on PTO).

~~~
user5994461
I personally found a period of 1-2 year to be the absolute worst. On the next
cycle the man is gone because it's past the average tenure. The emails about
it were lost or auto deleted. Any documentation or process is useless because
the company or the supplier has changed.

To have a process be remembered, make it monthly or quarterly.

~~~
mkopinsky
How can you make domain renewals be monthly or quarterly?

~~~
gpm
If you have multiple domains you could renew them at seperate times.

Has the advantage that a failure might not be so disastrous either.

~~~
eli
Only if you had the foresight to register them at different times, right?

~~~
jethro_tell
Not necessarily, most registrars will let you renew for a full year or more at
any time. Buy both on the same day, set a reminder or open a ticket to renew
only one domain in 3/6 mo.

Also, get a registrar with an API and use a script to figure out how long a
domain is valid. Alarm through your monitoring system when you hit the too
close for comfort time frame.

You can scrape whois as well but that seems fragile.

------
hbosch
The timing of this is an amazing coincidence — I recently “lost” my domain in
the same way. I bought it originally on Namecheap but have since transferred
all my domains into a singular Google Domains account. My main domain, where I
have my personal site and all my important emails, disappeared without notice
on Wednesday the 9th last week. No expiration notice sent, no information as
to what had happened.

I contacted Google as soon as I noticed and hey have been alright to deal
with. Fortunately I am a Gsuite customer. I had to pay a fee to renew and
another fee to restore, which was over $100. It’s been in “restoration” mode,
ie offline, for days now and I am unable to even touch the DNS records until
it’s back. I’ve already lost a week of uptime with zero recourse. FWIW I use a
.co domain, and my site was throwing (for 24hrs or so) a splash page saying
the domain was suspended.

Eagerly awaiting for it to come back but I’m totally in the dark as to timing.

~~~
creeble
Did the domain expire, or was there some other issue?

I just transferred some .com domains to Google from Name.com, I hope these
expiry problems are limited to non- .com TLDs...

~~~
hbosch
The domain did expire, though I was never made aware of the upcoming
expiration. My assumption is that there was some glitch between Namecheap,
Google, and the .co domain authority... but I still don’t know exactly how my
domain expired so silently. All my other domains were purchased through
Google, this one was transferred in.

It really was a massive headache. I have no idea how long it would have taken
me to notice (site is my authoritative presence on the web, but is a static
personal page — no marketing or sales) and my email is a light trickle of
messages by design: bills, bank statements, close personal relationships.
Fortunately my brother told me his wedding invite bounced a day after going
offline so I could follow up relatively quickly.

I filed a ticket with Google and got first line support within an hour. They
confirmed it was still in Googles system. Then I was assigned a Senior
Specialist who called me on Monday to confirm ownership. It is now Wednesday
and my DNS records are still inaccessible.

If I were you I would definitely set an independent annual reminder to check
your domain status, just in case.

~~~
jtl999
I note my domains expiration dates and renew them at least 30 days before.

Your not the only person whose had issues recently with Namecheap not sending
renewal emails.

~~~
MiddleEndian
I have the opposite issue with namecheap. I have my domains on auto-renew, and
every time they're about to be due for their renewal, namecheap sends me a
scary email saying I don't have the funds to renew, and only the next day do
they auto-renew my domain.

~~~
pasbesoin
I had that happen with them, when I first finally decided to trust their
system to save my credit card information and turned on autorenew. Support
told me it was/is because I have a couple of dollar balance with them from
years and years ago, back when something involved making a transfer payment to
my balance with them and then executing against that balance.

If you have autorenew set, it first tries to draw against any existing
positive balance you have directly with Namecheap. If/when that doesn't work,
it then next tries your preferred payment method (e.g. your registered and
designated preferred credit card).

I was told if I found a way to clear my couple of buck balance with Namecheap,
I'd no longer get the warning email. The first attempt would be against my
credit card, which would work, and I'd just get one success email (after
preceding "upcoming" emails and all that).

I don't know whether this is correct. It's what I was told by support over
chat, IIRC.

~~~
MiddleEndian
OK, I'll investigate that solution when I get a chance. I reported it to tech
support a year or two ago and they were fairly confused.

------
djrogers
That's a horrible situation, and one I'd encourage everyone to try to avoid -
register production critical domains with a company that provides live phone
support and stick with tried and true TLDs.

Yeah, it may cost more, but this story just illustrates that you're staking
your entire company on a $15/yr service, and you get what you pay for.

Even if you want to run your marketing/landing page/etc off a .io or other
fancy tld, run your production stuff off a .com or country-level equivalent so
your customers aren't left in the lurch if something like this happens.

\- _edit - punctuation_

~~~
Someone1234
Indeed, there's a reason large multi-nationals use companies like MarkMonitor
as their Domain Register, even if they could get the same for $30/year, the
potential loss in revenue and brand damage could be worth tens of thousands.

It is a much harder balancing act for a startup, finding a domain register who
is reputable and responsive but not "overly" expensive. Even if your entire
business relies on it, $1K+/year just may not be in the cards even knowing the
risks.

I haven't used it but Google Domains claims they have telephone support and
are reasonably priced. Might be worth people checking out, their Gsuite
support has been pretty good.

~~~
pbhjpbhj
On what basis is your gsuite support -- Google's rep is "amongst the world's
worst support unless your spending $millions" ...

~~~
ballenf
Paid gsuite has live 24/7 phone support. I've used 5-6 times over 8 years and
gotten 5-star service _every single time_.

Haven't needed to call them in the past 18 mos. or so, however, and these
things can change.

I have gripes about aspects of gsuite itself, in particular how they've
removed a few features that I used from the $5/user/mo tier. Had to move to
$10 tier to keep email content filtering (ability to use regex to prevent
accidental SSN or CC inclusion). The filtering setup is much easier to use
now, but the old system worked well enough.

~~~
joecool1029
>Paid gsuite has live 24/7 phone support. I've used 5-6 times over 8 years and
gotten 5-star service every single time.

I've been a reseller for most of the decade and I can honestly say in all the
times we've called, we have _never_ had a single issue corrected by support.
We usually end up having to find workarounds for bugs. The last time was an
autosuspension our panel(s - there are two versions now) would not let us un-
suspend the client. This left him without email for a week, while support
would only respond during the early AM hours, and would repeatedly ask us to
prove identity, even though we were registered resellers with admin panel
access.

In all the years of working with different vendors, I honestly cannot think of
a single one with a 0% success rate in their support.

~~~
mjcl
Office 365 is pretty close to that, actually. You need Premier support to get
anything useful.

My favorite O365 support story is where first level support dicked around so
long with a missing mailbox that by the time they escalated the ticket,
_their_ backup had been overwritten. Luckily it was a user’s archive mailbox
and we still had their source PSTs, so not a lot was lost.

~~~
joecool1029
> Office 365 is pretty close to that, actually. You need Premier support to
> get anything useful.

I haven't had too much experience with their service support, but their app
support seemed decent. I was having an issue with S/MIME signatures not being
parsed properly on Outlook iOS. Support chat seemed competent and knew what
was happening (no support for S/MIME signatures yet).

------
cremp
I had some fun with NameCheap and the xyz tlds. Turns out, CentralNic (who
actually runs the zones) was not doing proper validation on the glue records,
and not removing old ones. NameCheap was sending CentralNic cached records,
and managed to foobar my domain glues.

I bypassed NameCheap, because I knew they weren't the ones actually
maintaining the records (registrars are just middle-men.) Using the DNS
contact in the SOA, I got a response within 12 hours, and it was fully
resolved within 24 hours (minus propagation.)

CentralNic contacted NameCheap, as did I, and they got their system fixed
within the week.

\--Edit--

CentralNic, not Nic. The roots were to nic.xyz.

------
csdreamer7
Never heard of domain.com. If anyone wants a recommendation I use namecheap
and have never had a problem. They are supporters of the EFF and Net
Neutrality.

Edit: If you are going to downvote, state why. Namecheap is a good service for
a good price and supports Internet freedom. When even GoDaddy was supporting
SOPA Namecheap took a stand against SOPA.

~~~
tux1968
Namecheap online support is seriously kick-butt great. Only complaint is that
they don't support Letsencrypt certificates with their web hosting plans.

~~~
csdreamer7
Yeah, I noticed that. What did they used to charge before Letsencrypt? $20?

------
trevordixon
My registrar suspended my domain because an abusive user was using a subdomain
for phishing. They told me they can't inform me first of abuse so I can deal
with it; they'll suspend the domain immediately.

Who's a good registrar that will contact me first if they get an abuse report?

~~~
postit
I'm printing and framing this for the next time our PO brings this amazing
sub-domain per user idea back on our backlog.

~~~
mseebach
The problem was the phishing, not the subdomain. If your app allows users to
run phishing operations, moving the content from user.foo.com to
www.foo.com/user probably won't help much in parent's scenario.

~~~
Boulth
But it would help to run user content on user.foo.io just like Github.

------
madengr
Back in the late 90's before it was Verisign (I can't recall the name), my
domain registration could only be changed with an email from my domain. Of
course I didn't have my domain up since I switched ISP and had to move my DNS
and mail server. Catch 22; what a cluster fuck. Weeks of phone calls with no
resolutions.

I was going to Virginia anyway, so I physically showed up at Verisign (I
wanted to bring a baseball bat), and explained it to the lady at the front
desk. She came back with an engineer who fixed it in 5 minutes.

As a side note, had to do something similar with Garmin. They kept sending me
GPS units with horizontal LCD polarization, when vertical is the standard for
sun glasses. Showed up and told the clerk to put on my sunglasses and turn her
head sideways to her LCD monitor. "Oh yeah, I see". She fetched an engineer,
and 1 week later had a GPS with correct polarization.

Sometimes it takes a physical presence; baseball bat optional.

~~~
gm-conspiracy
[https://www.imdb.com/title/tt0106856/](https://www.imdb.com/title/tt0106856/)

~~~
tsomctl
With that advertisement for Spider Man, that's the last time I ever click an
IMDB link.

------
ahje
I work for a domain registrar, albeit not the one mentioned in the article.

Obviously, we see a lot of expired domains on a daily basis, mainly because
customer's forget to renew despite us reminding them repeatedly during the
three months before the domains expire.

General advice: 1) Make sure there is more than one single contact person for
invoicing. All too often, the problem is that a single employee is unavailable
for some reason and that the rest of the business have no idea that the domain
needs to be renewed.

2) Keep the contact details valid and up-to-date. This should be a no-brainer
but a surprisingly large amount of businesses have domains registered to
single employees, or with invalid contact emails.

3) Don't wait until the domains expire; renew the domains for at least one
additional year. It will give you a whole year to fix stuff if you forget a
reminder. EDIT: Or if the registrar screws up like in this case.

4) Automatic renewals is your friend. It's a last line of defense if all else
fails.

5) Make sure you have a process for handling all of the above, even if you're
a one-man business. Domain names are often critical for the business, and it's
ridiculous to let the entire business rely upon a reminder sent 90 days before
expiry.

~~~
pmlnr
They payed for the renewal in time. The registrar didn't forward it "in time",
which is apparently a requirement from .io.

~~~
ahje
In this case, the registrar obviously screwed up. Still, if the domain had
been renewed for an additional year already, the domain would not have been
expired.

As sad as it may seem, you need to take other people's incompetence into
account when you're dealing with business-critical things like domain names.

~~~
pmlnr
The domain was paid, the registrar took the money, but .io didn't renew it,
because they need the renewal notice at least 3 days prior to expiry.

It was a registrar screw up, but my main take away is: avoid .io like plague.

See also: [https://hackernoon.com/stop-using-io-domain-names-for-
produc...](https://hackernoon.com/stop-using-io-domain-names-for-production-
traffic-b6aa17eeac20)

~~~
stef25
> avoid .io like plague

How else am I supposed to automatically add a layer of cool to my startup

~~~
kuschku
Make the startup name something ending in .de and use a .de domain. The "TLD
is part of the name" is also cool, and .de is reliable. e.g.: starma.de

~~~
stef25
For English words that would work I guess. Here in EU a .de would also
obviously point to something German which wouldn't be the intention.

~~~
friedButter
Why even support EU users though with all the GDPR overhead? Unless you are a
multinational who doesnt care about GDPR overheads, best not to target the EU
market isnt it?

~~~
stef25
I'm in Brussels, right in the belly of the beast!

------
OrganicMSG
Don't use *.io anyway. The domains are being sold under a very morally dubious
arrangement, given the UK kicked all the people off the island of Chagos and
gave the domain registration to a private entity.

[https://gigaom.com/2014/06/30/the-dark-side-of-io-how-
the-u-...](https://gigaom.com/2014/06/30/the-dark-side-of-io-how-the-u-k-is-
making-web-domain-profits-from-a-shady-cold-war-land-deal/)

The UK government's view of the Chagossians at the time they gave the island
to the USA for a military base was apalling:

“Unfortunately along with the birds go some few Tarzans or Man Fridays whose
origins are obscure and who are hopefully being wished on to Mauritius.”

------
alexandernst
Related - [https://medium.com/@alexandernst/from-successful-to-zero-
tha...](https://medium.com/@alexandernst/from-successful-to-zero-thanks-to-
namecheap-d392c76b2ffd)

~~~
justherefortart
TL;DR: Don't use namecheap.com either.

------
hk__2
Something that scares me regarding domain names is their variable cost. I
purchased a .sexy domain for a joke website and its price got raised by +70%
less than one year after that, making the joke a lot less appealing. There’s
no guarantee that when you purchase a domain name it reasonably stays around
that price for years.

Build a business on a domain -> the name increase by XX% -> you’re screwed and
must pay.

~~~
sebst
If it's a joke, okay, 70% might hurt.

.sexy is about 60-100$ per year. If you've build a business on it, paying
double the amount should not hurt.

For me the most important thing about this new gTLDs is more about reputation
of the gTLD registry. What if these go out of service? I'm pretty sure that
there exist a protocol for that case, but I'm also sure that domains in a less
popular new gTLD space might get far less protection from ICANN than any non-
sponsored gTLD.

~~~
Gustomaximus
> sexy is about 60-100$ per year. If you've build a business on it, paying
> double the amount should not hurt

I feel the issue is the lack of transparency and control. Who is to say some
registrar won't start charging people per visit or % revenue in the future?

~~~
sebst
Sure, I hear you. If it's a registrar, it's okay, simply change it. For a
registry, I believe that they would risk their mass market business cases, but
I'm also very sceptical about those ngTLDs for that reason.

------
damieng
Do not rely on other people to resolve time-sensitive issues when you can
easily avoid it.

In this particular case as soon as it's clear the domain hasn't renewed
despite being billed then manually renew it using the usual user interface,
pay the extra $10 and then contact support after to get one of the charges
refunded now the time-sensitivity is gone.

The stress alone isn't worth being out of pocket $10 let alone only for a week
or two.

~~~
teraflop
According to one of the comments in the support ticket (at the end of the
article) the registrar did not allow manually renewing the domain.

~~~
jethro_tell
I believe that's true, I think the point stands though, when you realize a
shit storm is coming, that's the right time to open your umbrella. Waiting
until you've been out of business for three days is a little late.

I probably wouldn't stick around as a customer, not because they got screwed
here but because they stood there with their hands on their head and watched
the train wreck. That's the difference between amateurs and pros (and the pros
learned this the hard way)

------
giobox
This is one of the potential drawbacks of using ccTLDs like .io - individual
nations are afforded much more control in the administration and dispute
resolution process than gTLDs. Unfortunately some are run more poorly than
others, which is why in this case the support agent states:

"Unlike common domain names [gTLDs] like .com or .nets. .IO's are managed by a
specific organization, that manages only .IO domain names..."

.IO of course being the ccTLD for the British Indian Ocean Territory, run by
these chaps: [http://www.icb.co.uk/](http://www.icb.co.uk/)

At any rate, it's worth bearing in mind that ccTLDs are not administered the
same way as a gTLD, and weird issues like this that are a pain to resolve can
happen.

~~~
busterarm
And every couple of years someone finds this out the hard way and goes on a
big rant like this one. Particularly with the .IO ccTLD. Or .LY.

It tells me that the person running the business isn't very good at estimating
the business risk of the technology they're using. That's when I start hoping
I'm not a customer of theirs and invariably find out that I'm not. Phew.

------
josefresco
I create websites for small businesses. I've seen almost every conceivable
domain renewal failure in my 20 years of experience. No matter how many times
we remind clients to get this aspect of their business documented we still
have sites go down every year. We charge a fee to "manage" domains for those
who opt-in, solely for this reason (and it's worth it).

The most common reasons:

Bad contact email

Auto renew off

Expired CC

Lost password

The more obscure:

Bought domain through a reseller who is now out of business (more common than
you think)

"Branded" contact email which post expiration, no longer works.

Disgruntled "losing" webmaster who registered domain under his/her account and
is now holding it hostage.

------
iampims
It is sad that often, a slightly less appealing .com domain is a better choice
than a slick domain on an unreliable tld.

~~~
astrodust
.io is run by morons. It's astounding that they haven't been fired.

------
bluedonuts
We spend lot of time thinking about making our services resilient against
failure at the infrastructure level yet the domain registrar is often
overlooked.

Not only do you have to worry about them making a technical mistake there is
also the risk of a phishing attack.

A while back I did a bit of research about what was the most reliable
registrar and the only one that i could find was Markmonitor. Most of the big
sites (google.com facebook.com etc) use them. They offer lots of cool features
that i had never heard of like registrar level locking and custom 'protocols'
(like a phonecall from X no. of authorised people) to validate a change. Plus
some others that seemed less interesting (to me) such as the brand protection.

They do of course charge a pretty penny. From memory there was a minimum cost
of $30k per year which allowed you pretty much as many domains as you might
want and the promise of being able to get ahold of a human if something goes
wrong.

------
jereze
Algolia implemented a retry strategy on a different domain, TLD, and provider
in their API clients. See step 14 of this article:
[http://highscalability.com/blog/2015/7/27/algolias-fury-
road...](http://highscalability.com/blog/2015/7/27/algolias-fury-road-to-a-
worldwide-api-part-3.html)

Complicated to apply to a website, but it gives some thoughts.

------
mhkool
I recommend using easydns.com as the registrar and DNS service. Their email
helpdesk is fast: <30 minutes. They answer the phone immediately and they are
knowledgeable. Phone support is during business hours, but the more expensive
packages have 24hour support.

And yeah, you need to have a lot of faith to use .io or other new TLDs which
are serviced by new companies.

~~~
smallbigfish
Hmm, lots of people here recommend EasyDNS.

I'm curios so I went to check.

They say that the "DNS PRO" offer has 5 million queries/month. Is that a lot?
Do they enforce the limit? That's 7000/requests/hour (or 115/minute or
2/second). That's not PRO in my books.

~~~
gregmac
DNS results typically get cached for at least a few minutes, and most users
use ISP or public DNS servers (eg, Google, CloudFlare, etc) which only do the
lookup once for many users, so your authoritative DNS server will see only a
fraction of the number of web requests you actually handle. I'd guess for most
sites this is probably below 1% in terms of requests per second.

------
pascalxus
For those who want the short version: Never EVER use domain.com as your domain
registrar. Yikes!

i really feel bad for those guys at uptimechecker.io

------
dylanpyle
I had a related issue where a previous registrar — who we had moved away from
months before — managed to accidentally "claw back" and disable our domain due
to a misconfigured billing script. The fragility of the whole ecosystem is
pretty scary.

Wrote it up on Medium @ [https://medium.com/thisiscala/the-duct-tape-holding-
the-inte...](https://medium.com/thisiscala/the-duct-tape-holding-the-internet-
together-12118be60ff1)

------
chmod775
Yes well. Don't use .io domains for anything serious.

I had one of the 20 largest .io domains for a time, until they shut us down
because they received one complaint in 3 years. It took them 2 days after we
resolved the matter to put the domain back online as well.

By that time I had already migrated to .org - which is run by a considerably
more professional non-profit organization.

------
hellweaver666
I worked at a domain registrar for over ten years. Every day I would have to
deal with a call from some irate customer who's business was down because they
forgot to renew the domain. This was after we would send them emails, starting
a month before the renewal was due and then more frequently the closer they
got to the renewal date. Many times they wouldn't even notice until the domain
had passed the grace period, fully expired and been snatched up by some
scalper and replaced with adverts.

Then they would be on the phone claiming to be losing thousands of pounds for
every minute the website was offline and how it needed to be resolved right
now or they would be sending in their lawyers.

If your business resolves around having a functional website, make sure you
have a solid domain renewal plan in place and are hosting with a trustworthy
registrar.

~~~
dheera
> This was after we would send them emails

Did your e-mails look like spam by any chance? e.g. contain images, look like
newsletters, contain tracking pixels, etc. -- most such e-mails get auto-
deleted on my end.

------
moistoreos
Just to be fair, this person waited until 3 days before expiration to verify
that everything was ok with his registrar.

They should have done this 90 days ago.

Create and implement a business policy to have IT come up with a procedure to
check this quarterly. There's no really any excuse for a tech company to have
this happen.

------
flurdy
Domain registrar and DNS for a company are too critical and fragile to go
cheap on.

For personal, hobby, one-off marketing domains; sure go cheap.

But for something you earn money from? Go with highy recommended providers.
Registrars with a secure administration, good track record of customer
service, high reliability, etc.

Also spread the risk around. Don't have domain, DNS, and services with one
provider. E.g. register domain with Gandhi, Hover etc, use DNS from
Cloudflare, Route56, etc, and host with GCP, Heroku etc (for example).

And use several providers if you have multiple domains in case one implodes.
That way not all of your domains disappears overnight.

And as many have mentioned already on this topic: Have well documented, well
practised renewal processes, and renew for multiple years if possible.

~~~
mmt
> And use several providers if you have multiple domains in case one implodes.

I'd add only on refinement: if possible, use domains with different top-level
(national) authorities.

Sadly, this kind of operational wisdom is rapidly being lost by the emphasis
on hiring "DevOps" engineers, with most of the emphasis on the "Dev" part,
since they're often just coders against cloud APIs, with much less value
placed on traditional sysadmin (or what ended up being called operations
engineering during and after the dot-com boom) experience.

Now, of course, that makes sense not to hire a full-time 100% sysadmin if what
you (think you) need is a 5% (or less) sysadmin. Also, most startups, and
probably even larger businesses, are going to be easily lulled into
complacency by the uptime records of the larger vendors (or really just AWS),
when following the best practices for technical reliability. "Infrastructure
as code" is supposed to alleviate the human/administrative risk, and I'm
actually convinced that it does to a very large degree (just at a huge cost in
markup/profit for Amazon for that infrastructure).

------
nodesocket
If this service was some run of the mill e-commerce or SaaS I wouldn't have
this reaction, but being a critical monitoring service that was down for days,
this reflects very poorly on them. My reaction is that I'd never use
uptimechecker.io. Quite honestly I am baffled why they'd even want to write
this post for others unaware of their company and the outage to discover. It
does not reflect well on them, despite spinning it and rightly blaming
domain.com.

Just use a respected and well known registrar such as Amazon Route 53 domains.
This could have all been avoided. I know the blame "should" fall on
domain.com, but ultimately startups are responsible for their service.

~~~
adventist
Wasn't their fault. Their users deserve to know exactly what happened. I value
transparency.

~~~
nodesocket
Absolutely, send your current customers an e-mail explaining... Just not
convinced a public blog post is good business for them moving forward.

------
wycy
They might have completely shut you out with the silent treatment because they
think you might sue. So maybe you should.

------
pawal
For a very long time, DNS simply has not been an identified risk for most
corporations. In the risk analysis they make, DNS is not on the map at all,
even though it may be a single point of complete collapse for them. Thus we
see extremely large corporations depending on a single DNS provider, using a
registrar that are more interested in profit rather than resilience against
attacks, no DNSSEC. Etc etc. This is slowly changing. What is. Not changing
fast enough is the ability to run more than one DNS provider, giving you yet
another spof.

------
risratorn
The whole domain registration system is a very complex and messy area to work
with, both from a development as an enduser perspective. I speak from
experience working at a hosting company implementing domain registrations
directly with the registry systems.

It's a incomprehensible mishmash of tld's implementing different methods of
registering, renewing, restoring, domains. Some require ID verification before
registrations, some have a quarantine of 1 week, other of 4 weeks, some no
quarantine. Some domains need to be renewed before expiry, some can still be
used 2 weeks after expiry, some domains allow transfers and trades, others
don't or do under strict circumstances. Some require transfer codes, others
don't. Some transfer codes are valid for 1 week, some are valid for longer.

There is no decent standarization on the technical level when it comes to
managing domain registrations. There is the EPP protocol but almost none of
the registries implement a standardized way of registering domains each
implementing a mess of extensions to suit their bureaucratic needs.

ICANN introducing over 1.2k new gTLD's some time ago also didn't help along
with the introcution of domains containing non standard latin characters and
the puny-code implementation there (eg: café.com is actually listed as xn--
caf-dma.com)

I'm not trying to defend domain.com who obviously failed to deliver on the
basics of decent support, but things like this (issues between domain vendor
and registry) happen more than most of us like to admit.

------
ek750
This is an interesting discussion, as I’ve recently run into problems with
transferring a domain from domain.com to google domains.

I’ve heard good things about google domains in the past and the price seemed
right (never had a problem with domain.com, but they charge separately for
domain privacy) and now I’m stuck in Vonnegut-like situation. They locked my
account because apparently the record that was transferred in doesn’t exactly
match my uploaded govt ID. I can’t/won’t change my legal name, and the account
is locked so I can’t fix the record. The phone support was sympathetic but
said I had to go through email, which I’m pretty sure is an AI. This has been
going on for a month now, and I’m pretty sure I’m never going to get this
resolved.

I haven’t seen any discussion or experiences people have with AWS route 53. Is
that a valid option? Seems reasonable and has privacy included.

------
berbec
Pardon my ignorance, but this is something I've always wondered.

You can setup fail over DNS servers, just list different DNS servers, possibly
from different companies, with your registrar.

Is the registrar a unavoidable single-point of failure? Your multiple name
servers are listed with your one-and-only-one registrar, no matter what?

~~~
txsh
This wasn’t a technical problem with the domain. The DNS changed because op’s
registrar failed to renew the domain. The website was working intermittently
because of propagation, not a server issue.

Problems like this are why registrars renew domains a month before they
expire. The way to avoid these issues is to check to see if your domain renews
on time. If your registrar fails to renew it, you have ample time to transfer
it to another registrar.

~~~
berbec
I understand it wasn't a technical problem.

I was wondering if it was possible to have a backup listing of your
nameservers in some fashion?

------
woodruffw
I used a free domain coupon from domain.com a few years ago, and was spammed
with both snail mail and robocalls (advertising services for the domain) for
months afterwards. I don't know whether they're selling customer data or what,
but it left me with a very negative image of their company.

~~~
gist
> I don't know whether they're selling customer data or what, but it left me
> with a very negative image of their company.

Whois is public and has always been as required by ICANN. If you don't
understand how things work then be fair and don't blame what you think is the
obvious cause or reason. There are valid reasons for whois being public and
all registrars have this in their agreement and it is widely known.

~~~
woodruffw
I know how WHOIS works. The letters were sent to my academic address, not the
professional address I disclosed to WHOIS.

------
ivan78
On my previous job we had to manage thousands of customer domains, including
annual renewal. This was very tedious task, so I wrote a Perl script, scraping
WHOIS and DNS data for all domains listed on our DNS servers. Based on this
data every domain was assigned a status, such as "Ok", "misconfigured", "about
to expire", "points to foreign DNS server" or "points to foreign Web server".
This script was scheduled to run every other day and sent CSV report (full and
diff from previous run) to a person responsible for domain renewal. Needless
to say, our support specialists were very happy with this improvement.

------
petercooper
I had similar beef with a .io domain name many years ago:
[https://news.ycombinator.com/item?id=1973704](https://news.ycombinator.com/item?id=1973704)

------
belorn
Big domain registrars operates usually on such a low profit margins that a
single support ticket cost more than that customer will ever create in
revenue. This create a very clear incentive models to focus on growth and
keeping support costs down.

I work at a smaller registrar and we usually close (resolve) tickets within
minutes and as a policy under the hour. We depend on word of mouth and
contacts for sale, so we kind of have the opposite incentive model. I may be
biased but I recommend avoiding the race to the bottom registrars for business
critical domains.

~~~
DenisM
Given that you’re in the industry perhaps you could list both yourself and
your best, most reliable competitors. It’ll benefit all of you. And all of us.

------
DenisM
So, how does one prepare for the worst? Let’s brainstorm:

0\. Register alternative domains in advance with a different registrar.

1\. Setup mailing list for all registered users and be prepared to blast them
with a new domain.

2\. Make mobile apps check both the main and the alternative domains.

3\. Make the mobile app notify the user of a new domain name requirement via
push notification and the like.

4\. Setup the phone system so that it can read the new domain before
connecting support.

5\. Setup support on a different domain (e.g. zen desk). If zendesk goes down
users will know to call us, if the main site goes down they may remember to
check zendesk.

6...?

~~~
maaark
-1. Choose a domain registrar & TLD not known to be fishy or incompetent (so not .io)

------
eightturn
This sorta reminds me of when Regions Bank forgot to renew its domain name..
for everything a smart business can do to acquire customers, developing
groundbreaking software, etc - sometimes the things that break are the most
obvious and mundane.. [https://www.billhartzer.com/pages/regions-bank-fails-
to-rene...](https://www.billhartzer.com/pages/regions-bank-fails-to-renew-
domain-name-web-site-goes-down/)

------
FrozenVoid
There are 100 year domains renewals/registrations if anyone wonders. So if
they really wanted to safeguard it, they could of done it.
[https://www.networksolutions.com/domain-name-
registration/po...](https://www.networksolutions.com/domain-name-
registration/popup-100-yr-term.jsp)
[https://www.tonic.to/faq.htm#12](https://www.tonic.to/faq.htm#12)

------
theoh
Yep.

"“Sunkenness” refers to the fact that intangible assets tend to have little or
no market value, unlike, say, land or a factory.

 _They have value as part of their owner’s business, but not to anybody else._

This means that investment in intangible assets is risky."

[https://www.ft.com/content/a01e7262-d35a-11e7-a303-9060cb1e5...](https://www.ft.com/content/a01e7262-d35a-11e7-a303-9060cb1e5f44)

------
ai_ja_nai
I recall UnitedDomains (German provider) who wanted me in 2016 to fax the
request to update the contact information. Fax it.

Times are mature for the equivalent of Letsencrypt for registering domains,
something like Letsregistrar. We need to have this inefficient industry wiped
away since it's really too much manual and too much in the way.

If somebody wants to found a noprofit to create a free registrar, I'm 100% in.

~~~
reaperducer
_> I recall UnitedDomains (German provider) who wanted me in 2016 to fax the
request to update the contact information. Fax it._

I had a similar experience with an Austrian registrar a few years ago. Must be
a regional thing, since Austria is Germany's Canada.

~~~
billforsternz
Nice pattern identification. I live in New Zealand and we are Australia's
Canada.

------
gwbas1c
I transferred two domains from Ghandi to Lunarpages over a decade ago.
Somehow, Ghandi's anonymization service was still enabled, and as a result, my
domains were blocked a few months ago.

Took about a week for Lunarpages to straighten out.

(BTW, the spam calls started immediately after Lunarpages fixed the problem.
It's a great thing that the EU finally twisted ICANN's arm over this issue.)

------
maxehmookau
A lot of domain registrars seem to go for the "pile it high, sell it cheap"
business model. I think as with any other commodity that a tech business (or
any business!) needs to run, you pick your suppliers carefully.

In the UK, I wouldn't touch 123Reg with a stick because I know their support
is terrible. I would however use Gandi or AWS as I know their support is
decent.

------
lopmotr
I don't know if this is a culture thing or personal style, but the author
keeps emphasizing that the story is true. To me, that reduces credibility
since I've often heard false stories whose narrators reiterated their
truthfulness unexpectedly when I wasn't doubting them. Not very reliable
logic, I know, but it's a small warning bell.

------
tobltobs
I always wonder how people care about "good prices" if they choose a
registrar. Quite often the domain name is the most valuable asset of your
company. As long as you are not a domain squatter you shouldn't care about if
you pay $10 or $1000 per year. And if possible register the name for the next
10 years in advance.

~~~
ddtaylor
I agree, but not all domains are fully fledged corporate entities - some of us
just throw together fun things randomly and for that it's nice to have an
$0.88 TLD.

------
jlarocco
I'm not sure the domain registrar is completely at fault here. If your website
going down will "kill your business" then it's a good idea to use a reputable
one and not the cheapest you can find.

And looking at domain.com just now, they don't seem to offer .io domains, so I
wonder how he even got the domain there?

------
gotrythis
None of the .ly domain registrars have auto-renew. They have an option to send
you a yearly invoice and a link to login, which they call "auto-renew", but it
doesn't actually take the all-important step of renewing. Lost a great domain
because of that.

------
tcarn
You'd have a fantastic case for a lawsuit against them. Good job keeping a
paper trail.

------
rakibtg
I had similar experience with domain.com

Their support team is from India, and they took a week to solve the issue.

I am looking for good domain service provider to transfer all of my domains
30+

Any recommendations? We use Digitalocean as the hosting service provider

~~~
aheppy
I've used Namecheap for many years and have found them very reliable and their
customer service responsive.

------
lowtto
Yes I've heard of domain.com . In fact, we even used it for one of our
products. We tried to purchase wildcard ssl via their control panel - the
result was a delay from our go live schedule by as much as more than a week.
It was the most horrible control panel I've ever used honestly. Feels like bug
from the alpha release candidate V1 bugs list. there's this weird bug when it
suddenly delete all our mailboxes for no reason. The moment we saw that bug we
immediately stop using it.

The support? The first guy that tends to you will always be the most stupidest
one. You almost always had to insist to get/ be forwarded to a senior level
support with actual brain.

tl;dr Stay 100 miles away from domain.com . By the way it wasn't me that chose
domain.com . I would never buy from any website that looks like this.

------
jiveturkey
thought this would be another idiotic story but it’s actually valuable.

still, some blame falls in their shoulders, cutting it so close.

anyway: use mark monitor. don’t know if they do .io though.

~~~
judge2020
While they did cut it close for looking at renewal status, based on the
following quote from the article, I can infer that the domain was set to auto-
renew:

> I knew our domain should be renewed about these dates, and we were already
> billed for this renewal.

------
prasanthmj
ICANN should make it mandatory for the domain registrars to send reminders at
least 1 month before expiry.

------
foobarbazetc
If you can, just transfer your domains to Google Domains and never worry about
shady registrars again.

(We also use Dynadot [good], Hexonet [good], Uniregistry [... okay].)

~~~
joecool1029
Terrible idea.

While Google's registrar seems ok right now, Google's support is nonexistent
when things go wrong. Literally every bit of their support is outsourced to
3rd-party companies that provide no path of escalation.

Even the really bad registrars (and there are a ton) usually have some direct
support (or resell off enom, which will extort your money for the privilege of
bailing you out).

~~~
sebst
That's the point. Domains causes no problems. Only in some weird scenarios,
things can become troublesome. In those cases you need a support. In others
you don't.

If you have a domain registrar with a good support, account the premium you
pay as such: a premium for an insurance when things go bad.

------
_Codemonkeyism
TL;DR .io

~~~
creeble
I _think_ TL;DR Domain.com, unless this is common with other registrars?

Is this a common problem in .io?

~~~
petercooper
.io has particularly long lead times for renewals with third party registrars.
I ran into a similar issue 8 years ago:
[https://news.ycombinator.com/item?id=1973704](https://news.ycombinator.com/item?id=1973704)

------
txsh
Mistakes and glitches happen. Op should have noticed their domain did not
renew a month before it expired, not just before.

DNS and domain propagation are slow turning ships. If a problem occurs, you
sometimes need days to straighten out the problems.

> I tried to set nameservers to correct values, but Control panel returned
> error: uptimechekcer.io is not managed here!

They misspelled their own domain in this article. It seems their problem is a
lack of attention to detail.

The complaint about charging for domain registration is nonsense. Domain
registrations are non-refundable. If a registrar ever registered domains for
customers before payment, they’d quickly find themselves out of business.
Payment is always up front across the industry.

------
sudouser
nearlyfreespeech.net provide great service, notifications and overall highly
recommended. been customer with several domains transferred or registered with
them over the past tears

~~~
jwilk
They don't support registering ccTLDs, such as .io:

[https://faq.nearlyfreespeech.net/section/domainregistration/...](https://faq.nearlyfreespeech.net/section/domainregistration/tlds#tlds)

------
notyourday
Who on earth uses .io for production critical domains?

~~~
Someone1234
These posts are tiring.

> Who uses [any technology/infrastructure choice] on production?!

A lot of people. That's always the answer.

