registries .is Discussion

[Jens P. Jensen]

Hello,

I have opened this thread for discussions about the ccTLD .is, which has recently got more attention from Domainers world wide. ISNIC is the Registry for .is and I am the CEO. I am happy to answer questions about the TLD .is, participate in discussions as well as place a comment on Ideas from the community.

Jens Pétur Jensen
CEO
ISNIC, the. is Registry
Reykjavik
Iceland.

 

[Jens P. Jensen]

Hi Jens, and welcome to NP- nice to see you on here.

I've held an account at ISNIC for a number of years now, and have found the enforcement of your domain name policies very very strict, in particular external nameserver delagtion. If there is any deviation whatsoever from your RFC5966 and RFC1912, there is danger of this:

ISNIC periodically checks domains in the .IS zone for compliance with these requirements, and informs the domain contacts should their domain fail. Domains that consistently fail to comply will be suspended (i.e. removed from the .IS zone file) until their technical setup is fixed. Please note that domains are deleted if they are left suspended for more than 60 days.

This is a message I have received on a number of occasions, and had been forced to move nameservers from a popular DNS service such as Namecheap, to a more obscure one, for example, just so I don't risk losing my name. This does not instill confidence that registering a name through ISNIC is a safe thing. I remember having to test a number of DNS companies before finding one or two that saitisfied the ISNIC requirements.

This would not be an issue for your users if you considered more DNS options than basic forwarding from your site.



Yes but email address is also displayed. This wouldn't be a problem except for the fact that the displayed email address is ALSO the ISNIC account address. IMO this is a security concern. You should consider an option of allowing us to have a different contact email for our .is domains rather than the account login one.

Hi,
how much is the registration fee?

€29.90

 

[Jens P. Jensen]

ISNIC's Whois service is indeed visible and without ads. ISNIC's forwarding service is also free of charge. A forwarding to a given URL (or A record) and/or set mail server for domain (MX record).

 

[GoKaizen]

https://time.is/
https://archive.is/

 

[Jens P. Jensen]

https://time.is/
https://archive.is/

Thanks Adam27 I didn't know of https://time.is/. How cool is that!

 

[Jens P. Jensen]

On the other hand we gat a lot of complaints about https://archive.is (from angry people who regret having done something and placed it on the internet) which of course we can't do anything about.

 

[Jens P. Jensen]

Here are few very short .is domains that just got deleted:
fc.is
bd.is
zt.is
zm.is
zj.is
yk.is
yj.is
yh.is
xj.is
qy.is
74.is
qz.is
xf.is
xh.is
zd.is
zl.is
yg.is

 

[daved2424]

Hi Jens, and welcome to NP- nice to see you on here.

I've held an account at ISNIC for a number of years now, and have found the enforcement of your domain name policies very very strict, in particular external nameserver delagtion. If there is any deviation whatsoever from your RFC5966 and RFC1912, there is danger of this:

ISNIC periodically checks domains in the .IS zone for compliance with these requirements, and informs the domain contacts should their domain fail. Domains that consistently fail to comply will be suspended (i.e. removed from the .IS zone file) until their technical setup is fixed. Please note that domains are deleted if they are left suspended for more than 60 days.

This is a message I have received on a number of occasions, and had been forced to move nameservers from a popular DNS service such as Namecheap, to a more obscure one, for example, just so I don't risk losing my name. This does not instill confidence that registering a name through ISNIC is a safe thing. I remember having to test a number of DNS companies before finding one or two that saitisfied the ISNIC requirements.

I would like to echo these comments. I have had a .is domain for several years, but because of the difficulty in finding a suitable hosting provider that will work with ISNIC I have been unable to make use of it.


Please, please, please can you support more providers? Namecheap for one!

 

[Jens P. Jensen]

Hello Daved2424,
>Please, please, please can you support more providers? Namecheap for one!
Your question should be the other way around, i.e. you should ask Namecheap and other providers to provide name servers that comply with the very healthy, simple but secure tech. req. of .is: https://www.isnic.is/en/host/req. You should not ask ISNIC to lower its DNS security

More and more hosting companies and ISP providers understand the importance on DNS security. Here is a list of some very good hosting companies you can trust with your valuable .is domains. Order by the number of hosted .is domains today. We where told Namecheap is considering supporting (comply) the .is
1. cloudflare.com
2.
hyp.net
3.
101domain.com
4.
iwantmyname.net
5.
parkingcrew.net
6. dnsimple.com
7.
udag.org
8.
dreamhost.com
9.
co.uk
10.
eurodns.com
11.
cscdns.net
12.
instradns.com
13.
dnsmadeeasy.com
14.
markmonitor.com
15.
netnames.net
16.
trademarkarea.com

Kind regards, please support more DNS Security for better Internet.

ISNIC
/Jens.,

 

[anantj]

Kind regards, please support more DNS Security for better Internet.

This is not entirely in our control. Pretty much none of the big aftermarket/parking services DNS servers are accepted by you.
I tried with Afternic, Sedo, Uniregistry, Bodis etc. None of them worked. Not all users are technical enough to muck around with DNS, PTR records, TTL etc... You need to also have a product that average, non-tech users can use. This, currently, is not the case

 

[Kate]

The best is to always use a third-party DNS service, not your registrars'.
For example, dns.he.net will work fine with .is domains, it's free for up to 50 domains. Other similar services exist.

The parking companies are lacking when it comes to their own DNS:

ns1.bodis.com [199.59.243.21]
ns2.bodis.com [199.59.243.22]

ns2.sedoparking.com [209.200.165.74]
ns1.sedoparking.com [209.200.164.69]

2 NS on the same subnet = no redundancy
Quite frankly, it is not acceptable for a parking company or a web hosting company not to follow best practices in this area.

.is is not the only TLD that is rather strict about delegation requirements, .de is also famous for being as strict, and some other ccTLDs have similar rules too.

 

[Jens P. Jensen]

This is not entirely in our control. Pretty much none of the big aftermarket/parking services DNS servers are accepted by you.
I tried with Afternic, Sedo, Uniregistry, Bodis etc. None of them worked. Not all users are technical enough to muck around with DNS, PTR records, TTL etc... You need to also have a product that average, non-tech users can use. This, currently, is not the case

Thanks I understand your view. Especially parking, why ISNIC doesn't accept any parking is worth considering. More later..

 

[anantj]

The best is to always use a third-party DNS service, not your registrars'.
For example, dns.he.net will work fine with .is domains, it's free for up to 50 domains. Other similar services exist.

The parking companies are lacking when it comes to their own DNS:

ns1.bodis.com [199.59.243.21]
ns2.bodis.com [199.59.243.22]

ns2.sedoparking.com [209.200.165.74]
ns1.sedoparking.com [209.200.164.69]

2 NS on the same subnet = no redundancy
Quite frankly, it is not acceptable for a parking company or a web hosting company not to follow best practices in this area.

.is is not the only TLD that is rather strict about delegation requirements, .de is also famous for being as strict, and some other ccTLDs have similar rules too.

Sure. I understand the specifics of the issue that the .IS registry surfaces. But my point is, there should still be a way to work with these providers. If you eliminate most of the avenues for selling/parking domains, you lose out on the entire aftermarket demographic.

And getting these large providers to make changes? Good luck with that. I've not been able to get Afternic to fix a simple domain filtering bug, forget getting them to make major changes to their core infra. This is just an example. Again, as I said, not everyone is tech savvy and can do what you suggested or even understand the real cause of the issues. Now unless ISNIC is targeting only technically savvy users, this is actually a big problem.

Having strict delegation requirement is fine as long as there are alternatives. While I don't claim to fully understand the implications of a less strict requirement, my conjecture is that if the DNS fails, the site goes down. That's a risk that the users must be willing to take and this can be indicated via either a explicit warning or a opt-in check box to enable to make a concious decision. If the risk is different and can directly impact the registry, then that's a different issue and one that I don't have the knowldge to comment on

Please understand the larger implications of the issues and not the specific issues themselves.

 

[anantj]

Thanks I understand your view. Especially parking, why ISNIC doesn't accept any parking is worth considering. More later..

Not sure I understand. I'll await more details.

Thanks

 

[Alan Glennon]

Jens -- I haven't studied the isnic site recently. Is there documentation that explains how to configure .is settings for sites hosted on common service providers used by startups (e.g., Amazon Web Service, Google Cloud Platform, Microsoft Azure, IBM Bluemix, Heroku, and/or Digital Ocean)?

 

[anantj]

Tagging @Joe Styler, @Sedo , @Uniregistry - Can you help in this regard with Afternic? Your DNS servers are not compliant with the standards so they cannot be used with .IS domains.

 

[daved2424]

The best is to always use a third-party DNS service, not your registrars'.
For example, dns.he.net will work fine with .is domains, it's free for up to 50 domains. Other similar services exist.

I don't even know where to begin with setting up a third-part DNS service. Is there a guide available as to what to do at he.net's end?

Many thanks

 

[Jens P. Jensen]

Not sure I understand. I'll await more details.

Thanks

Meaning that if a domain is parked, why should it have to meet ISNIC tech. req?

 

[Jens P. Jensen]

Jens -- I haven't studied the isnic site recently. Is there documentation that explains how to configure .is settings for sites hosted on common service providers used by startups (e.g., Amazon Web Service, Google Cloud Platform, Microsoft Azure, IBM Bluemix, Heroku, and/or Digital Ocean)?

Sorry for my late answer. All you (the hosting service) need to know and do is:
1. To register their Name Servers by ISNIC: https://www.isnic.is/en/host/new
2. comply with all of the following requirements: https://www.isnic.is/en/host/req

As simple as that!

p.s. why can't all hosting companies be as good as CloudFlare.com? Here is an fantastic blog for those very interested: https://blog.cloudflare.com/how-we-made-our-dns-stack-3x-faster/

 

[Karl Grand Maison]

Be honnest... Who made that search? ... pen.is...

 

[anantj]

Meaning that if a domain is parked, why should it have to meet ISNIC tech. req?

I think you misunderstood. Two issues that I'm trying to state: 1. I can't park the domain due to the restrictions at ISNIC, 2. The parking NSes were examples that such heavily used servers don't work, smaller, less popular NSes have an even lesser chance of being conformant (this is anecdotal) that such heavily used servers don't work, smaller, less popular NSes have an even lesser chance of being conformant (this is anecdotal)

p.s. why can't all hosting companies be as good as CloudFlare.com? Here is an fantastic blog for those very interested: https://blog.cloudflare.com/how-we-made-our-dns-stack-3x-faster/

Presumably, because all hosting companies either do not have the resources/funds or the energy. Not taking a potshot but I can make a similar statement for the UI/UX of the ISNIC website. Such a comment really does not help the average user.

 

[kostaki]

Any news on the expired .is list? I would be interested in that.

A list of .is domains before they drop or after they dropped.

 

[Jens P. Jensen]

I think you misunderstood. Two issues that I'm trying to state: 1. I can't park the domain due to the restrictions at ISNIC, 2. The parking NSes were examples that such heavily used servers don't work, smaller, less popular NSes have an even lesser chance of being conformant (this is anecdotal) that such heavily used servers don't work, smaller, less popular NSes have an even lesser chance of being conformant (this is anecdotal)

Presumably, because all hosting companies either do not have the resources/funds or the energy. Not taking a potshot but I can make a similar statement for the UI/UX of the ISNIC website. Such a comment really does not help the average user.

I understand you. I'll take this up with my staff, and at next board meeting (a week from now). ISNIC has been rather proud of its nameserver requirements, but if they are hurting our sale by driving customers away, we will of have to look seriously into that. I forgot to point out ISNIC's free forwarding service, which can be used it to forward the domain to any given URL (e.g. a promoting "parking" website).
My remark including CloudFlare.com was more of a joke.

 

[Jens P. Jensen]

Jens -- I haven't studied the isnic site recently. Is there documentation that explains how to configure .is settings for sites hosted on common service providers used by startups (e.g., Amazon Web Service, Google Cloud Platform, Microsoft Azure, IBM Bluemix, Heroku, and/or Digital Ocean)?

Didn't I give you answer on this, sorry here are the URL's anyway:
Nameserver Requirements: https://www.isnic.is/en/host/req
Nameserver Setup Check: https://www.isnic.is/en/host/req
Domain Requirements: https://www.isnic.is/en/domain/req
Domain Setup Check: https://www.isnic.is/en/domain/test

Its all located on ISNIC's front page, left in the red column under Domains and Nameservers.

 

[Jens P. Jensen]

Any news on the expired .is list? I would be interested in that.

A list of .is domains before they drop or after they dropped.

Hi Kostaki, this is not (yet) something we publish regularly, but here is the todays list (mostly Icelandic domains). Remind me again next Tuesday, then we will have a longer list.

miraart.is
vgarborg.is
zetafilm.is
hreinn.is
th1s.is
dílar.is
uppbodstorg.is
spegillinn.is
islandslysi.is
carib.is
bílasalahafnarfjarðar.is
mumm.is
azn.is
bilasalahafnarfjardar.is
myfuture.is
appo.is
icelandnaturetours.is
nomnom.is
berry.is

 

[anantj]

I understand you. I'll take this up with my staff, and at next board meeting (a week from now). ISNIC has been rather proud of its nameserver requirements, but if they are hurting our sale by driving customers away, we will of have to look seriously into that. I forgot to point out ISNIC's free forwarding service, which can be used it to forward the domain to any given URL (e.g. a promoting "parking" website).

Thank you. Appreciate your openness to requests and suggestions from your users.