I never understood why ccTLDs of some third-world countries became popular for hosting production code. There is a real risk of somebody stealing your domain due to vulnerable infrastructure and incompetence at the organizations that sometimes employ less than 10 people. The notable takeover of the .io ccTLD by Matthew Bryant [1] should have been a wakeup call for everybody.
One good explanation is that people simply aren't aware of the implications of purchasing those domains. Personally this is the first I'd realized .io was both 1) unreliable and 2) a country code.
Speaking of questionable TLDs: does anyone know what happened to Togo's .tg registry? I see that there are bunch of SSL certificates revoked due to "registry problems" [1] this month, but I haven't seen any news or warnings about it.
I imagine the registrar just doesn't check for names that would be nice targets, but it would be nice to know for sure.
That's the only reason I use them. Since .am (Armenia) allows anyone to register a domain I can have boreh.am and hence be d@boreh.am. Still haven't got around to putting up content at the web site at http://d.boreh.am :(
The incident was far from minor IMO. I think .io has had 6+ hours of downtime (full or partial/non-trivial) this year, long enough to push the annual availability down to 99.93% from what I recall from memory of reading post-mortems.
That was enough to spur us to begin planning to move production traffic off our .io domain as well.
Did any of the large TLDs (.com/.net/.de/.fr/.co.uk) have an outage like that in the last decade?
Not being available for several hours can severely damage businesses. Startups that haven't built trust yet as well as some large companies. Imagine a bank's website not being available for several hours. It doesn't matter if it's a DNS issue, people would start panicking very quickly.
Exactly. That's why .co was/is popular: it's like .com, and it's even shorter! The fact that it's Columbia's country code is not at the top of most people's minds.
Does anyone know how reliable .co is? Who manages the domain? I have a few .co domains (because the .com was bought by some reseller who wants to have >$1,000 for the domain) but somehow wary using them for production.
Agreed. I looked at it for one of our properties a few years ago and discovered that the legal ownership of the domain wouldn't really be ours long term. I'd prefer to stick with US-enforced property rights, warts and all.
1: https://thehackerblog.com/the-io-error-taking-control-of-all...