Friday, 24 May 2019 08:23

auDA investigating company.com.au name, but does not say why Featured

By
auDA investigating company.com.au name, but does not say why Image by Ary setyobudi from Pixabay

The au Domain Administration, the organisation that administers the Australian domain namespace, has confirmed to iTWire that it is investigating the domain name company.com.au following a number of complaints, but has stayed mum on the nature of its investigation.

In response to a query, an auDA spokesperson said: "auDA can confirm that the domain name company.com.au is being investigated as the result of a number of complaints. As the investigation is ongoing auDA can give no further comment at this stage."

The query sent by iTWire was: "auDA is reported to be investigating how a gentleman named Jonathan Horne used a server from the domain registrar Terrific and glue records - created by one Anthony Peake at drop.com.au - to catch the domain company.com.au. Can you confirm or deny this? Or can you provide information on background?"

David Warmuz, the chief executive of Trellian, a company which owns Drop.com.au and DomainShield.com.au - the former one of two drop-catching firms and the latter a company that protects existing domain names - told iTWire that the company.com.au domain name was supposed to drop at the beginning of May but was delayed by a day.

Domain names often expire due to a variety of reasons — companies shutting down, company names expiring, or just forgetfulness on the part of the domain owner — and these get automatically notified to Afilias, the current operator of the Australian domain registry.

After an interval, Afilias lists these names at 1.30pm each day. Drop-catching firms — there are two which are authorised, Drop.com.au and Netfleet — use software to detect and take possession of names which they think are worth reselling. The resale is to the highest bidder and thus names that could be popular - like windows10.com.au, for example - are much in demand.

Warmuz told iTWire that Drop.com.au and another registrar, Terrific, had a relationship through which Drop could use Terrific to catch domain names. However the relationship stopped on the day that company.com.au dropped, he added.

domain

The domain registration details for ds-uniqueppp.com.au that used the same nameservers as those for company.com.au. Screenshot courtesy Robert Kaay

He denied claims being made that company.com.au had been bought by its original owner, Horne, for just $6.50.

"The domain dropped the following day and every drop-catcher was able to try to catch the domain for their respective clients," Warmuz said. "The domain was, however, caught by the Terrific registrar for their client, who was the prior owner of the domain."

He said this "came as a surprise to us as we were not aware that Terrific's connection was being used to compete with us".

Warmuz referred iTWire to the forum DNTrade for details of why company.com.au dropped a day late. There, Warmuz wrote: "There is/was a registry bug that was able to be exploited to stop a domain from dropping. By manipulating DNS on a dropping domain you could make it not drop until that DNS was removed."

A post on the website Domainer had on 3 May posted a screenshot [above] of the details of registration of a domain, ds-uniqueppp.com.au, which used the same nameservers as those for company.com.au. This would have ensured that company.com.au could not be removed from being an active domain, to one that Afilias could list as part of the dropped domains. This domain was registered by Peake, once a director for Terrific, the records show.

Warmuz continued in the DNTrade post: "We reported this bug to both auDA and Afilias many times going back at least six months ago and even prior. We have tested this with other domains in the past. After the recent patch released the night before, we had hoped it was, so we tested it with another domain that was dropping. We wanted this bug fixed as it should not be able to do that.

"So, yes, the domain company.com.au, as a result of this bug, did not drop. We reported the bug again right after the domain failed to drop, to both auDA and Afilias, so they are fully aware of our testing and what was done and how.

"For those not aware how this works, all it does is delays the domain from dropping. It does not give drop-catchers a better chance to catch the domain when it actually drops as it still has to drop at the same time the following day."

Warmuz told iTWire: "It needs to be made clear that the delay does not stop [a] drop-catchers' ability to attempt to catch the domain. We all wanted to catch this domain as whoever catches the domain is able to charge its client for it."

He said ASIC had confirmed that Peake was no longer a director for Terrific. "Drop and Terrific never had a formal business relationship in place. When we acquired DomainShield.com.au from Anthony Peake, he had an existing relationship with Terrific that, as far as I am aware, remained in place unchanged. But this has now ended as a result of the way the company.com.au domain was caught by Terrific."

Warmuz said no policies relating to domain names in Australia had been breached as a result of this incident. "Keep in mind that exposing a bug to delay a single domain from dropping is not breaching any Registrar or Registry or auDA policies. Everything has been documented and submitted to auDA and Afilias to make sure that domains drop, when they are supposed to drop," he said.

"And as a result of this, new functions have been put in place by the registry to make sure that they do. So this is great news for the daily drops."

iTWire contacted Afilias twice for comment on the issue, but the registry operator did not respond.

When auDA was asked about this, a spokesperson said the operation of the secondary market for domains, "as it relates to the daily drop list, falls outside the remit of auDA policy. While any registrar can choose to operate within the secondary market, all registrars must abide by their registrar agreement with us".

The spokesperson said auDA's policy was that domain names were available on a first-come first-served basis. "Recently deleted names have the same wholesale price at the registry, as any other domain name. The registry purges names at a set time each day, and any registrar can compete to register names on behalf of their customers.

"For transparency, the registry publishes a daily list of domain names that will be purged each day so that any registrar can compete to register a name that has been purged from the registry. The publication of the daily drop-list has been auDA policy since March 2010."

Asked whether there was a chance that the rumours around company.com.au would create public distrust in the process that is in place to allow bidding for domain names which come into play due to one reason or another, the spokesperson replied: "Competitors in the drop-catching market have evolved their own business models, and in doing so they need to comply with the Competition and Consumer Act. Any allegations of anti-competitive behaviour should be raised with the ACCC.

"If members of the Australian Internet community feel that auDA should create policies in this area, they should make a submission to auDA's General Advisory Standing Committee that was set up to advise the Board on new areas for policy development. Note that no submissions were made to introduce policies in their area in the recent policy review process managed by the 2017 Policy Review Panel."

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments