.org, .ngo, .lgbt, .asia, .aero, .info, .mobi, .pro, , .MN (Mongolia), .AG (Antigua and Barbuda), .BM (Bermuda), .BZ (Belize), .GI (Gibraltar), .IN (India), .ME (Montenegro), .SC (the Seychelles), and .VC (St. Vincent and the Grenadines), .SG (Singapore) and .HN (Honduras) and more
All are provided or supported by Afilias, the company running .IO.
dig afilias-nst.info MX
> The reason closest to our hearts is the geopolitical background of .io domains which we only learned about recently.
Later in the article:
> Of course, we will make sure to redirect all traffic from *.plan.io appropriately so no existing links will break in the future.
Which to me sounds like they will keep paying for the .io domain for the foreseeable future.
That's how it comes off to me.
"We have therefore decided to match what we paid for .io domains in the past with donations to the Chagos Conservation Trust and the UK Chagos Support Association. We will continue to do so every year - as long as we will have our .io domain (or the Chagossians start receiving their fair share of the domain business)."
I don't fault them for keeping their .io considering the downsides of not doing so.
EDIT: Google finds some announcements where registrars tell their customers about a switchover of the registry backend to Afilias June 10th, 2017. Wonder if they run the DNS or not? The nameservers are in IP space owned by ICB, but that doesn't necessarily mean anything.
According to https://en.wikipedia.org/wiki/.io .IO TLD is run by Internet Computer Bureau - are they the same/related companies?
Also I've never observed an outage for it like this.
If you're going to be pedantic, at least do it properly.
scarcity of available domain names under the major tlds, imo.
I imagine the registrar just doesn't check for names that would be nice targets, but it would be nice to know for sure.
That was enough to spur us to begin planning to move production traffic off our .io domain as well.
Not being available for several hours can severely damage businesses. Startups that haven't built trust yet as well as some large companies. Imagine a bank's website not being available for several hours. It doesn't matter if it's a DNS issue, people would start panicking very quickly.
I trust and support my brothers in Grenada.
I guess the money probably goes into the treasury, but it can't be more than a drop in the bucket.
I still think TLDs in general were a mistake. It always felt life a leftover from the old Usenet dominated Internet. The Internet quickly outgrew the categorization system and we ended up where we are today with most everything being shoved in .com because it was the least strict.
Also, in 2009 an attempt was made to prevent resettlement by declaring the area a marine reserve. 
Edit to add: just to be clear, the UK had bought these people's homeland something like five years previously. Bought.
This hits me from a deep emotional place. We shouldn't do things like this. The deeper and more connected this giant web becomes for me, and the more parts I know about, the more everything I've ever known comes into question. It feels as if the final episode will be the big reveal that Bruce Wayne is on the therapist's lounge discovering his second alter-ego, the Joker.
On the scale of a territory like BIOT, it is a reasonable expectation; Tuvalu is a high-profile example. However, the point is that there are no Chagossian representatives who have had a say in the organisation or governance of the territory's Internet infrastructure. There are a multitude of possibilities for how the .io ccTLD could be operated, but Chagossians have not had the opportunity to influence or decide them. In the absence of that, it seems right that the relatively lucrative .io registration business is used in some way to the benefit of displaced Chagossians.
On the scales of US budget, it's not likely that income of any government enterprise would noticeably affect your personal income. It may be different for smaller nations.
There is a difference, though, between "the legal representative of the country controls the domain and gets money from it, which they distribute as they see fit" and "somebody having no connection with the country controls the domain and gets money from it". The first may not be ideal, especially for countries with oppressive governments, but makes sense. The second makes much less sense, if we talk about geographic domains at least.
If it were part of Mauritius, it would fall under the existing MU.
Source: I'm the tech lead of Google Registry.
Don't forget, .google is far from the only closed TLD we have, too.
Would Google entertain supporting something like .local.dev for this purpose, used only within a single organization and without reverse-lookup supported?
If not, is there a better alternative that also maintains the aesthetics as well as the similarity with production domain names?
We use real domain names for all of our dev servers on my team. They happen to be .co domain names, not our own TLDs, because of a chicken-and-the-egg problem.
Will also note that Amazon is a registrar but relies (as others do) on markmonitor.com to be the registrar for their own domain .com name. Ditto for google which is also a registrar. So they could be the registrar for their own .com domain but choose not to do so.
The first thing is admittedly a PITA, but SSL certificates should not be a problem. Either you use LetsEncrypt which automates the pain away anyway or you do the sane thing and buy a wildcard cert - this has the added advantage that no one can run a service discovery by simply grepping a CT log. Yes, I know, security by obscurity, but scriptkiddies will go for the low hanging fruit first, and having your domains show up in CT logs is ultra low hanging fruit.
> secondly we would need to only change our infrastructure to not use any Route53 specific feature
You should not be locked in to Amazon (or for that matter any Cloud provider) anyway, given how easy it is to get banned from them (hint: it's enough if your Google account manages also the Youtube channel and videos on it get striked too often).
> Using a widely used TLD like .com/.net/.org is the best and easiest way to ensure reliability.
Another caveat right here: .com and .net are operated by Verisign, while .org is operated by PIR. You should always take care to choose a different operator for the backup TLD!
For what it's worth, Let's Encrypt plans to offer wildcard certs starting in January 2018.
I can imagine a competitor trying to boot you off by bombarding their abuse team with bogus complaints and triggering automated actions. It's been done in the past, the problem is that all major companies (not just hosting, but ANY large company!) try to save on actual customer support and even more on stuff they can't bill to the customer, like a properly staffed abuse team.
For $0.88-$0.99/yr one can have a domain in the same registry as the Alphabet Inc. website's domainname. For that price, it would not be a clever name, but it could be an easy-to-memorize 6-digit number. What if it is only used for an API endpoint?
A higher level of "reliability" IMHO could be achieved by use and publication of a stable IP address, perhaps anycasted if one can afford it. At least it could be a backup for emergencies, such as DNS failures.
Consider that DNS itself e.g., disseminiation of root.zone, does not rely on DNS. The IP address for ftp.internic.net is well known and rarely changes. As I recall, when it does, they notify the public in advance. Some years ago if I am not mistaken, there was a change from 184.108.40.206 to 220.127.116.11.
Another example is third party DNS providers. They too publish stable IP addresses. Sometimes users might even memorize them, or store lists of these addresses e.g. included within installed software.
As a user, I hold no bias against any company that publishes its stable IP addresses. In fact, on the issue of reliablity I would hold them in higher regard than those who rely 100% on DNS and third parties associated with DNS service. DNS is reasonably reliable, but IMO not more so than a stable IP address.
They are a very reliable registry operator. This was a bad screw up, and I guess it had something to do with the migration.
That doesn't sound very reliable to me...
Quite a lot of tech companies are using .io nowadays. If .io reliability is an issue what is the next best alternative for tech domain names?
Keep a .io domain or whatever you want for marketing purposes if it's absolutely necessary, just realise your splash page is at risk of failure some times. Whether it's worth the trade-off is likely up to the individual company.
.com is the best not-alternative
Note that some of these newer TLDs can be more expensive (up to $60/year).
Disclaimer: I work for Donuts, owner of many new TLDs.
.io and .com are short and easy to remember.
A .com WILL also be expensive, because all the good names and most of the crap ones are either used for other companies or, and that's worse, for squatters who hope to extract five-digits prices.
Then this answer is not helpful, this whole article and the parent's question were about reliability.
Use the main TLDs for serving traffic and .io/* for corporate/marketing sites or webapps if the occasional outage isn't a major problem.
Someone Twitter tagged us and linked to this discussion and it's great to see so much support for the community.
Couple of links on the background below.
A couple of .io start ups set up a site to encourage others to support us and other Chagos-related support groups which allowed us to a lot more of our work - campaigning, supporting community projects and issuing crisis grants - over the past few years. Called 'The Dark Side of .Io,' it's actually offline now but the owner has assured me it'll be back on shortly.
I've no expertise to comment on technical issues. On the moral side, I've not met anyone in the community who has a serious issue with firms using the .io domain name - most are impressed that so many firms have chose to back the Chagossian community out of their own pocket. As someone mentioned below, as recently as one year ago the UK government refused to allow Chagossians to return to the Chagos Islands. The community will not see any money from the renewal of the lease on their homeland for use as a military base.
These are the main issues, and while the .io domain name is somewhat symbolic of the wider exploitation of the Chagossian people - others profiting from their homeland with the community itself seeing no benefit - there is at least a positive side to this, which is harder to find in the government's decision to continue the exile.
If anyone is interested in finding out more please see our website (not .io - but that's out of cost and ignorance factors more than ethics)
We're actually planning a bit of a revamp of the site shortly and I'd be remiss if when posting here I didn't ask for anyone interested in getting involved in that - email@example.com
The dnscheck.pingdom.com page shows that .io domains commonly route to different name servers. Just try stream.io and slither.io and you should see different authoritative name servers. (I picked those randomly for the test.)
"In 2011 I paid for and registered o1.io (I really wanted 01.io, but back then it was not available to register domains containing only numbers on .io).
The .io NIC web interface is really horrible and I ended up in an inconsistent state after making the "horrible" mistake of clicking the back button. Even though my Paypal account got charged, I received an email confirming I was the owner of the domain, and so on, I couldn't access my account.
Next step I took was contacting them. I got ignored and after 7 days later they made a transaction reversal on Paypal and I never heard a word back from them, even though I have tried to contact.
Some time later they made the o1.io domain a reserved one and so if I wanted it now I would have to pay thousands. What a shame."
So either you have to think up a completely ridiculous name for your new service/product/company, pay stupid amounts or use something other than .com
And what if your product is just an api for use by developers? Now the api is part of your brand.
It's just a bad situation all around.
I don't know of any API that requires cookies from the site. Usually you use an access token or something similar for an API.
> But you have the additional challenge of having your api domain treated as 3rd party and are thus subject to all the security measures and sandboxing that come with that.
CORS solves most of the pain points. You just need to ensure the API is serving the correct CORS headers.
The other poster is correct though in that CORS will handle alot of your issues.
You are absolutely right in that it is definitely going to increase the effort involved in rolling out a site/service. I don't know of any pretty solution to the issue.
Since then, the number of inexplicable error reports has dropped dramatically.
1) Storing passwords in plain text: Although the post is now down, it pointed to the fact that Nic.IO will email you your password in plain text. Something which everyone that's spent more than a few weeks coding should know not to do.
2) Another pretty major outage back in 2013 that rendered two of my sites offline.
I personally stopped using them after my last IO domain lapsed but this should serve as a stark warning to anyone thinking they can pick up a cute IO domain
I think .io was part of the issue for the delay.
After the last outage, we at gator.io took it as a 'all hands on deck' firedrill to get our api off .io. The problem is that many of our customers have scripts on their sites with the old .io endpoint. Migrating them is very difficult.
Less trendy, but otherwise, zero regrets.
Do not use this unethical TLD: https://gigaom.com/2014/06/30/the-dark-side-of-io-how-the-u-...
Addendum: Mind you I applaud their coming forward to report this. Hopefully people get the message. It's not the first time fashion got the better of a large number of people.
In the "What Really Went Wrong" section, the author wrote:
> it does not take a lot of research to find out that the .io TLD team made several mistakes
and went on to cite two incidents, which are not exclusive to .IO domain. So let's not blame ".io domain team" and only happen to .IO domain, try to convince me (at least the way I read it based on the title) that using .io domain is a bad idea. I should stop using .com then.
For me, I was looking for a "so we are going to switch away from .io domain in the next year or so" at the end of the post, because .io is not good according to the author. The plan instead is just add a backup domain, so it looks like the author is eating his/her own words, even though the critical stuff are going to run over .com. So let's just switch everything over, what's the big deal for your user-facing website not over .com? Do people really think a big deal now about .io vs .com when you have established a business?
Anyway, I do appreciate when a postmortem is available because I can learn something new, but I do hope we write postmortem with an objective tone. So no, if there is a downvote button on HN for the submission, I would downvote.