18.3 Protecting Your Domain Registration

18.3 Protecting Your Domain Registration

It's possible for a corporation to spend hundreds of millions of dollars purchasing hardware and software, build multiple redundant data centers, and have multiple upstream connections and backup power systems yet have its entire network servicing several million customers go offline because it forgot to pay a single $35 annual fee.

It is important to remember that almost every transaction over the Web begins with a DNS query in which some computer somewhere on the Internet asks a top-level domain name server for the IP address of your organization's name servers. If your organization's entry in the .COM or .CO.UK database has been removed, no amount of redundancy or technical wizardry on your part will allow most users to access your services. For this reason, it is vital to ensure the safety of your domain name registration. Here are some suggestions:

• Know the name of the Internet registrar that maintains your domain name. Although many domain names are registered with Network Solutions, there are now more than a dozen registrars open for business, as well as many national organizations operating in countries other than the United States. Maintain a paper file with the name of the registrar and a printout of your organization's registration.

• Periodically review the registration information for your domain name, making sure that the contact information is up to date and that your bills have been paid.

• Take advantage of any advanced security features that your registrar allows you to put on your registration. Originally, Network Solutions authenticated all domain name change requests by examining the email address of the person making the request to see if it matched the email address of the registration on file. But after a number of high-profile domain names were changed by attackers, Network Solutions implemented its so-called Guardian system which allows its users to either assign a password to their domains or register a PGP key that is used to authenticate domain name change requests.

Besides being stolen by attackers, domain names can also be shut down or suspended by the action of lawyers. Throughout the late 1990s, domain names that were registered to one entity but appeared to impact the trademark of another organization were frequently the target of lawsuits. The Internet Corporation for Assigned Names and Numbers (ICANN) Uniform Dispute Resolution Policy (UDRP) is an attempt to solve these problems; all ICANN registrars are supposed to implement this policy. However, this policy may not be implemented by other nationally chartered registrars, and in any event is secondary to natural laws. Finally, the result of dispute resolution may not go in your favor, no matter how much you believe you are in the right, so it is always a good idea to have multiple domain names.