Domain Name Disaster Contingency

ISPs have watched DSL firms default and cable access companies go kaplooey this year. But what happens to your ISP business when a domain name registrar fails?

by Julie Wheeler [December 12, 2001]

One of the hottest topics in technology circles this year is disaster recovery. Though much of the talk in this area has been in the event of cataclysmic circumstance, online business operators realize that any type of data disaster could mean the untimely demise of the company.

The headlines in the news have asked "What If Your Internet Service Provider Suddenly Left You Without Service? Find Out Who Is Coming To The Rescue ... " in response to Excite@Home's recent demise. But it's not the first time such reports have filled the news. This year we've witnessed bankruptcy proceedings of several national DSL providers—business disasters that left broadband users scrambling for connectivity in a dried-up service sector.

Could a contingency plan have saved these companies' customers some grief?

Maybe. But, then again—maybe not.

Though DSL disasters did leave some customers looking for replacement providers. For the most part, market forces take care of this type of situation. When a company goes under—whether it's a registrar, ISP or CLEC—the business will make every attempt to sell off its assets and pay the piper. We've seen this time and again this year. The "big boys" are always lurking around like vultures ready to swoop down and pick the bones of the fallen firm—especially when they can acquire them at fire-sale prices.

As ISPs and Web hosting companies, your customers need to feel confident that their sites will Web accessible to Internet users at all times. This not only includes how you run your own services and backup systems, but also those systems that actually house the information behind your customers' domain names—the domain name registrars.

The problems DSL customers had restoring Web access and connectivity cost their companies time and money. But someone was there to pickup the pieces and restore Web services. These problems pale in comparison to the possible tribulations domain owners could experience if their data suddenly disappears with their registrar.

If proof of your customers' domain name ownership is gone, so are their rights to their business. This leaves your clients open to the possibility of having to vie for their own domain names—right along with the rest of the world.

RAA Rx?
During its November meeting in Marina del Rey, Calif., the Registrars Constituency, a sub-group of ICANN, discussed the issue of registrar failure what happens to the data at great length. Through the Registrar Accreditation Agreement (RAA), which domain name registrars must adhere to, ICANN necessitates that registrars periodically submit their data for storage to be used only in the event a business failure.

But the Registrars Constituency wants to make sure the program is fool proof—before they have to find out the hard way that it's not—like during a business disaster. The constituency wants to take the provisions set forth in the RAA even further to ensure the reliability of their practices and to "increase consumer confidence in the gTLD shared registry architecture." As a result, the constituency initiated a test bed program to sort out new data escrow plans."

The group's report questions "what disaster recovery procedures should be established to enable the use of the escrow data in the event it becomes necessary." During its test bed phase, the contingency intends to determine what procedures should be in place if a registrar were to fail? If another registrar has to take up its services, will it have all the data it needs to keep customers domain names safe and secure?

Of course, there is no disaster if the registrar in question backs up its data—right? Probably not, but there is no guarantee that the replacement service will be able to access the data. What if when it came time to use the escrow data, the information was outdated or flawed in some way?

Viable resolutions
One of the Registrar Constituency's primary concerns is whether the stored information would be useful to the registrar charged with picking up the pieces after a business disaster. With help from the Internet community and other registrars, the constituency seeks to develop data transmission alternatives, third-party escrow agents and other viable solutions to a data recovery disaster.

One of the solutions proposes to make data recovery easier by developing a "thick registry model." That is, VeriSign, the registry for .com, .net and .org, would house all whois data instead of referring DNS queries to the registrars that actually documented the domain.

While this solution would go a long way toward collecting vital information for data recovery, it also propagates another problem. As illuminated by rival registrars, the VeriSign whois database is full of missing, incorrect and outdated information. Can you imagine if this information were used solely in the event of a registrar's failure? Remember, this is also the information that a new registrar would use to contact all of its new customers. It would be chaos at best, resulting in lost or stolen domain names and a lot of dissatisfied customers.

Another solution the constituency discussed was building a "buddy system." With this method of data escrow if one registrar fails, its buddy registrar would take over providing registration services to its clientele. Unfortunately, the failed registrar's customers would have no choice of service providers—they would be stuck with the "buddy registrar." In fact, customers could conceivably transfer their domain name away from a registrar that they could potentially end up with as a "buddy" after their new registrar folds.

Of course, this could happen even if ICANN were to transfer customers to new registrars without giving each and every registrant a choice. Current registrar agreements provide consumers with their choice of registrar services, but there is no guarantee there will always be a choice. This is another question the constituency must resolve in its test bed phase.

When all is said and done, the biggest question could be how registrars take what they learn during the test bed and expand it to the 200-plus domain name registration services around the globe. The most important question the Internet community must answer, especially the companies these practices will most affect—ISPs, Web host firms, and the like—is how it will participate in the decision-making process to make this project a success.

—End