An Open Letter to ICANN Regarding GoDaddy

I sent this letter to ICANN today in response to these two links I found on Twitter.

 

GoDaddy’s New “Selective DNS Blackouts” Policy
UPDATE on GoDaddy’s New “Selective DNS Blackouts” Policy

 

Letter after the jump, reasoning after the letter.

The Letter

GoDaddy has officially stated that they are in deliberate violation of Section 3.7.7.2 and it is their intent to deliberately violate Section 3.3.1 of the ICANN Registrar Agreement, with no limitation or regards to the associated sections limiting such actions.

With regards to Section 3.7.7.2 violations, GoDaddy has elected to provide a bundled service (Registration + DNS) under a single agreement. They are deliberately refusing to disclose within the aforementioned agreement that they may or will block DNS queries and Whois queries without notice, and in fact, block these instead of returning required error messages.

With regards to Section 3.3.1 violations, there can be no question that GoDaddy’s decision to deliberately block Whois queries without returning errors is a knowing, willful, and flagrant violation of the terms. Per 3.3.1; “At its expense, Registrar shall provide an interactive web page and a port 43 Whois service providing free public query-based access to up-to-date (i.e., updated at least daily) data concerning all active Registered Names sponsored by Registrar for each TLD in which it is accredited.” GoDaddy has publicly stated that it is their intent to willfully violate section 3.3.5, which prohibits the limitation of access except wherein an unauthorized third party is specifically performing bulk queries and said third party is NOT an ICANN Accredited Registrar performing their responsibilities under the Registrar Agreement.

I have been working with DNS and domain registration since before ICANN existed, and this is honestly, the absolute most flagrant and disgusting violation of the principles and functionality of DNS and the domain system in general, that I have ever seen. It is beyond pale, beyond unacceptable – it is purely an attempt to use market share to not only push aside ICANN as a governing body, but to seize control of multiple TLDs by force.

There is no question that I am personally and materially affected by GoDaddy’s stated actions and policies, in spite of the fact that I have NO relationship with GoDaddy whatsoever, nor do I have any relationship with any other registrar or operator. I have been able to trace multiple DNS lookup failures to GoDaddy’s DNS servers blocking legitimate queries without explanation. These were not AXFR, bulk, or other such requests – they were individual A/CNAME record queries. Which in turn has the effect of disrupting access to domains and websites which elected to use their DNS servers. Such behavior destabilizes the Internet as a whole without question, by deliberately and knowingly interfering with the operation of the DNS system. Their actions are so broad and overreaching that it destabilizes both BIND and NSD based ROOT-SERVER systems, and calls into question the entire operational integrity of both registrar and DNS systems.

For these reasons above, I am requesting as a private individual with no relationship to any named entity who has been affected by the named Registrar’s actions, that ICANN begin revocation proceedings for GoDaddy’s accreditation as a registrar under section 5.3 of the agreement on the basis that GoDaddy has committed a fundamental breach of sections 3.7.7.2 and 3.3.1, and is violating 5.3.6 by their actions fundamentally endangering the stability of the Internet and bringing into question the operational integrity of DNS and the Registrar system.

There is absolutely no question that should ICANN fail to respond authoritatively, effectively, and aggressively to GoDaddy’s decision to flagrantly violate the Registrar Agreement will do permanent damage to ICANN. If ICANN should fail to begin revocation proceedings, it will serve to demonstrate that ICANN has absolutely no authority, open the door to dismantling ICANN, and open the floodgates to permit any registrar to do anything they want without limit.

Sincerely, Phillip Jaenke
Concerned IT Professional, BIND administrator since 1994

The Reasoning

Here’s the facts for you, in ultra condensed form, since I’m supposed to be working on financials for my startup anyway.

  • Without DNS, the Internet as you know it, just doesn’t work. Period.
  • DNS has only become more critical in the past 15 years; going to a webserver by IP doesn’t work with technology like VirtualHost.
  • The vast majority of users on the Internet these days, cannot survive without DNS. They have no idea how IPs work.
  • Blocking or hijacking DNS lookups of specific records has been identified as the preferred method of blocking and monitoring access to social media by oppressive regimes in the middle east.
  • Preventing other name servers from retrieving NS (NameServer) records can and does in fact, block access to all services for a given domain. No exceptions. Nothing will work.
  • Domain name registrations grew at an exponential rate every year from about ’99 to ’04 as everyone tried to cash in on selling popular domain names. The growth has slowed somewhat, but some gTLDs are still seeing exponential growth.

It is impossible to understate the importance of DNS. DNS is in fact, the glue that makes the Internet work. DNS is why you go to “google.com” and not “http://8.8.139.235:80″. When you selectively block DNS queries, you in effect, destabilize the entire domain to which those queries are associated. When you go a step further, as GoDaddy explicitly has, you destabilize the entire Internet. Not just because you control a dangerously large market share – damn near monopolistic at that – no. You destabilize the entire Internet because you call two fundamental things into question.

One, you have broken the core underpinning of DNS. Completely. DNS can no longer be considered “reliable” as it must be, nor can it be trusted. Without DNS, everything falls apart, as mentioned above. There is no “twitter.com” there is only an IP address you’ll have to memorize. And that has a high tendency to break load balancing technologies as well.

Two, you have completely broken the supposed governing body of the Internet, ICANN – Internet Corporation for Assigned Names and Numbers. ICANN is the authority that grants a company permission to register domain names for TLDs, that enables governments to control their country’s assigned TLD – like Tonga and “.to”. They are the supposed regulator of behavior for the entities that let you register BobIsAwesome.com for just $2.99. If they permit GoDaddy to completely ignore the rules that specifically say that GoDaddy cannot block Whois queries and permit GoDaddy to make DNS unreliable, questionable, and outright unstable then section 5.3.6 simply does not apply.

If we permit GoDaddy to continue with this, this has the potential to completely destabilize the Internet. Not only that, but it will unquestionably destroy what little legitimacy and force ICANN has left. They have already developed a reputation as corrupt, money-hungry, and often incompetent. If GoDaddy gets away with this, then how can anyone legitimately or honestly believe that ICANN has any authority whatsoever? The honest answer is: we can’t. ICANN’s registrar agreement means absolutely nothing. I can pay my $4,000 per year, then let anybody register domains with me as a proxy, however they want, with whatever information they want. And ICANN can do nothing about it.

Fraud is already rampant in the registration system, as well as corruption. For a wonderful example of this, try to bring a UDRP proceeding about. One which you know and are guaranteed to win, simply because the only legitimate information provided by the registrant was an email address – which is now defunct.  (I know this, because I am trying to bring said UDRP proceedings about right now.) Despite the fact that the registrant information is totally false and fraudulent – fake address, fake phone, fake fax – you must pay the National Arbitration Forum $4,000 to send a certified letter, which will only get returned as undeliverable, then travel to a location of their choosing at your own expense, so the panelists can say that you win by default. Which is bad enough before you find out that the NAF panelists handling UDRPs are systemically corrupt and incompetent and ICANN has no authority over them.
Then comes the real corruption. Let’s say the person you bumped wants to force you to pay for it. They can then forum shop to get a new UDRP ruling where they win by default, or you contest, and they still win because of severe bias in the system, even when they don’t have a trademark. If UDRP rules against you at any point? There is no appeals process. No way to get your domain name back. You can file a lawsuit in court, but it has to be a “mutually agreed jurisdiction” and all sorts of other absurdities. But hey, you can start over with UDRP again in a new forum, such as WIPO if you already used NAF.

It’s time to beat ICANN with the end-user and IT professional club, till they get their act together and get some teeth. And if they choose not to, it’s well past time to vote not only with our wallets, but to act in accordance with our responsibilities and obligations as IT professionals to either force GoDaddy to comply or see them shut down. It is within our power to tell GoDaddy “no, this is not acceptable” – and more importantly, it is our responsibility as professionals regardless of specific areas of expertise to ensure the stability and integrity of the core systems that make the Internet work.

  1. No Comments