We have millions of users who are on our free dynamic DNS service to connect to their home computers or other IT assets. This is something we have provided since 1998 and it was originally an alternative to standard domain registration but is now used more for names that have dynamic endpoints, i.e. IP addresses that change a lot.
Today, however, we see a growing vendetta against this functionality.
Internet users have a few different ways to get human names to point to things on the Internet. They can register domains (either in a gTLD or a country specific TLD with their own rules) or obtain a name through a dynamic DNS provider.
We have a good business case for it as well. These millions of users periodically want to do something more with their service. Perhaps they want more of these hostnames or they want to use a real domain name when they don’t need to register a domain name, contributing to a more available gTLD name pool.
But there is a new effort that is quite scary. We’ve seen takedowns at the registry level (the most recent affecting a fellow DNS provider) resulting in a major outage of many names and websites not affiliated with the takedown. Call it collateral damage.
It goes like this:
- bad.dyndns.org is bad.
- good.dyndns.org is good.
- Gov’t says dyndns.org is bad and takes dyndns.org out.
- Now bad.dyndns.org AND good.dyndns.org hosed.
But there are over 1MM hostnames in dyndns.org. Is that the right thing to do?
In the past, law enforcement has gone to the registrar to take down a particular name. Starting last November, the new approach is to go straight to the registry. This takes the domain holder out of the loop since registries don’t have any contact with the registrant. One would question whether there is the opportunity to confront the accuser.
Sure, many would say that subdomain “registries” shouldn’t exist and that they are harmful for the Internet. There’s an argument that the bar of scrutiny is lower since we have less contact or information about a subdomain holder.
I’m not sure why that matters though. If you think that it’s impossible to get a domain purchased with a fake/hijacked email address and a stolen credit card, you have some research to do. In many cases with this stuff, you nuke it, clean it up and move on. Whether you deal with a registrar or a registry, what’s the difference?
I think it’s terribly inappropriate to simply yank the domain without giving some reasonable time to fix it (and I mean a time measured in hours or single number of days).
As we think about new TLDs, will we just go to the root name servers and yank the TLD because a domain or subdomain has content we don’t like? Why not provide some opportunity to actually cure instead of shoot first and ask questions later?
Being practical, I don’t want to see our users affected because law enforcement decides to use an automated or semi-automated process to shut things off a level up. With that in mind, I question the premise of continuing to offer these free services.
Is the next step we see ordering web hosting companies to shut down because a single website they host has material of question? What’s the efficacy of doing this anyway? Will that malicious or “immediate take down worthy” content actually go away or will it just get pushed somewhere else?
While I understand that law enforcement is not as sensitive to the distinction of where the content is relative to operator/domain holder, I do not agree with takedown orders that go straight to a person who has no business relationship with the actual offending party. If you believe that, it doesn’t matter whether where the dots are in the domain name because process is being circumvented.
Let’s have a conversation about how to ensure that abuse can get handled quickly and easily.
Do abuse contacts need to be more public and if so, where? Does there need to be a database that people can query with a subpoena? Let’s fix the system rather than chill it.
At DynDNS.com, we are concerned about millions of hostnames disappearing (and we’ve already had thousands) because a single name had content that was questionable. Consider that the earlier takedown appeared to have parallel enforcement with the operator actively working with LEO when they were ultimately yanked.
At the same time, we believe in realities of the world and do not want to create a situation ripe for a major outage because this mentality around dynamic DNS. Not sure what would happen if we just turned off free accounts but it’s something we’re watching and thinking about. We believe that removing third level domains for free users is an absolute last resort and is not considered lightly, but we do have our customers to consider.
Would love to hear your thoughts below.