
The Great Puri.sm Outage of 2018 - grinsekatze
https://puri.sm/posts/the-great-purism-dns-outage-of-2018/
======
walrus01
this is some serious amateur-hour stuff on the part of the registrar. another
example of why not to use random ccTLD top level domains. nobody remember when
the .ly registry randomly canceled things they didn't like? when .cx canceled
things they found objectionable?

see also:
[https://news.ycombinator.com/item?id=5838670](https://news.ycombinator.com/item?id=5838670)

[https://news.ycombinator.com/item?id=12813065](https://news.ycombinator.com/item?id=12813065)

[https://www.theregister.co.uk/2017/07/10/io_hijacking_in_tra...](https://www.theregister.co.uk/2017/07/10/io_hijacking_in_transition_cockup/)

At least if you use .ca, .de, .us or .com/.net (or similar) you can have
reasonable confidence that the root zone won't fail entirely.

If something goes catastrophically wrong and kills your business that is run
by a .CA domain, CIRA knows that businesses in Canada have access to legal
recourses... Do you have the same with a .ly domain?

~~~
Illniyar
This case appears to be the registrar's fault, not the top level domain's
fault. Unless 1and1 uses a "sub" registrar for .sm domains (which is actually
quite likely) then I would say the moral of the story here is to not use
shitty 1$ domain registrars who if I remember correctly have very bad support
reviews.

~~~
duskwuff
Suspending all of a registrar's domains when they're behind on fees is also
super weird, though. A more typical approach would be to just stop letting
them perform new billable actions.

~~~
walrus01
Suspending all of a registrar's domains when they're behind on fees is exactly
the sort of thing that I expect ignorant bureaucrats at a small country ccTLD
registry to do. It's probably run by some person in San Marino who has never
seen the CLI of a router in their life. A number of small ccTLD are run by
their host country's "ministry of communications" or local equivalent.

~~~
mseebach
I struggle to see why this is problematic, to be honest. They (the registrar,
not puri.sm) didn't pay their bills, so they get turned off. The story doesn't
relay to what extent the registrar received reasonable and timely warnings
about this, although with a bit of guesswork, it doesn't feel absurd that
perhaps they simply failed to act on such warnings, like, at all.

If a SaaS doesn't pay their AWS bills, they get turned off, it's not on AWS to
keep the SaaS' customers running, and if AWS doesn't pay their electricity
bill - - etc.

~~~
rdl
The registrar is merely the path to edit registry records; most of the ICANN
agreements and registry-registrar agreements are structured to minimize
exposure of registrants to bad/failed/incompetent/evil registrars.

There are some registries which don't have registrars, and in that case
"suspend the registrant's domain name until paid" would be a reasonable
expectation, but it's definitely the expectation of most registrants that
their registrar isn't providing availability-critical service, merely
facilitating updates. (Unless the registrar is also providing DNS hosting,
which is generally a bad idea IMO.)

~~~
walrus01
Part of the problem is that icann policies for legacy ccTLD network
engineering and backend support systems are very lax compared to the
operational and technical requirements for a new gTLD.

------
oldcynic
The surprising omission from this post is that it doesn't conclude with them
migrating away from 101domains. Comically bad support and not paying registry
fees. I'd have pulled domains the moment it was live again.

~~~
warent
I've been using 101domains for .ai TLD for about a year now and never had
problems. Super responsive customer support too. Sure their admin panel is
pretty bad UX but overall it's been a positive experience.

What was your bad experience with 101domains?

~~~
detaro
Parent isn't saying that they had a bad experience, they are saying that
purism should switch after their bad experience, which the blog post is about.

~~~
warent
Oops, totally misunderstood that

------
Cyberdog
Purism makes crapware-free and security-focused phones and laptops. (Dear
product blog operators:
[https://news.ycombinator.com/item?id=16278142](https://news.ycombinator.com/item?id=16278142)
)

------
lwhalen
And this is why I use gandi.net for all my domain registrations. As their
tagline says, "0 bullsh*t". Such has been my experience with them for the last
~20 or so years.

~~~
Operyl
0 Bullshit, except when it isn't. They constantly kept harassing me for
information because "ICANN is asking us daily." After being threatened the 7th
day in a row, despite providing the same exact information every single god
damned day, with the same passport and state identification .. I gave up.
That's when I moved to Namecheap, had the glue record problem I mentioned in
another comment, moved from them to Google Domains and have been happy since.

------
_nalply
Another trap: Once a registrar didn't send renewal reminders and this way we
lost a two-letter domain to a domain grabber. What I have learnt: Set up your
own reminders to renew domains.

------
theossuary
This doesn't surprise me, I used 101domains to register a .io domain and only
had issues with them. Their support wasn't useful, and when I eventually
decided to move my domain away from them it got to the point where I was
concerned they'd hold it hostage, because they would not give me a transfer
code. Eventually I got it escalated and moved to another registrar, and
because of that experience I'll never use them as a registrar again. This
story just re-enforces that.

Props to the purism guys for going so far as to work with the TLD, that's
impressive.

------
fapjacks
My favorite part of the story is their sysadmins! Their names are great in
this context and make it sound almost like an ancient Greek epic: "Our long-
suffering and amazing sysadmins Theodotos and Stelios contacted our puri.sm
registrar, 101domain.com, to find out what was going on." You can't go wrong
with your two best warriors Theodotos and Stelios at hand!

------
lacker
It's pretty early to declare you've already had your greatest outage of 2018
;-) Hope you aren't jinxing it!

------
lzy
Switch to the .com they just registered permanently and 301 redirect their
fanciful domain hack registration to never have to deal with such an issue
again?

------
a2tech
Long story short? Don't use shitty registars. And that cute two letter
extension? Don't use that either.

------
krylon
I know this is not a very constructive comment, but I had a very stressful
day, being jacked up on caffeine while also being sleep-deprived.

My brain wanted to read "OutRage" instead of Outage, and I got kind of
confused, ending up thinking, "that is not _that_ outrageous! Why do people
get upset so easily?"

With that error corrected (what is it called? A "reado"?), the title makes a
lot more sense. ;-)

------
rdl
I hate people abusing ccTLDs for "cute" domain names. It breaks everything
about how they are supposed to be assigned/used.

The biggest assclownery was .ly, IMO -- an islamofascist rogue state (then;
now just a generic failed state) being used for various domains.

~~~
exikyut
Makes me wonder what kinds of interesting stories bit.ly have collected over
the years...

------
igor47
tl;dr their registrar, 101domains.com, failed to pay their registrar fees to
the .sm TLD so all .sm domains registered through them got suspended

dns outages are always a nightmare because of ttls, but bringing a registrar
and a nontraditional TLD into the picture meant a much more extended outage.

~~~
rconti
I can't believe that 101domains didn't notice that nobody else's .sm domains
were working either. You'd think after around a day they would have noticed
some correlation in complaints. Or the .sm specialist would have.

But yeah, don't use unnecessarily cheap infra for really critical stuff. I
don't get the fetish around obscure TLDs with web pages straight out of 1995.

[http://nic.com.ai](http://nic.com.ai)

~~~
bonesss
I'm gonna wager that .sm isn't too active with the registrar, and most of the
sites are of a relatively low-traffic nature.

If someone from the registrar starts checking the overall health of the TLD,
or any domain they weren't directly responsible for, it may have seemed that
"everything was ok" even though all their customer records were suspended...

------
foo101
How did it happen that the early internet development community agreed to hand
over the governance and registration of a domain name to central authorities
like domain name registrars?

What is preventing us from making domain name governance and registration
completely decentralized?

