Zoom outage caused by accidental 'shutting down' of the zoom.us domain
status.zoom.us

624 points

RVRX

3 days ago

321 comments

Animats 3 days ago

That seriously devalues MarkMonitor's services. MarkMonitor claims to be a "an ICANN-accredited registrar and recognized industry leader since 1999". The whole point of paying for MarkMonitor is that they're an expensive service for valuable domains and are not allowed to screw up. GoDaddy should not be involved here at all.

  • electroly 3 days ago

    GoDaddy Registry operates the .us registry. You cannot have a .us domain without their involvement. Consider whether you wanted a .com domain instead (which is operated by Verisign).

    • throw_a_grenade 3 days ago

      zoom.com is an audio equipment manufacturer, which was there before zoom.us.

      I guess that's what happens where they had to accept substandard domain, because they were unwilling to be creative about their name.

      • thih9 3 days ago
        6 more

        > zoom.com is an audio equipment manufacturer

        False, the audio equipment manufacturer uses: https://zoomcorp.com/

        The https://zoom.com domain shows content from the video chat platform.

      • dtgriscom 3 days ago
        11 more

        I always assumed that Zoom reacted to security/privacy concerns about its association with China by getting a "*.us" domain that sounded very United States.

        • zeristor 3 days ago
          9 more

          Maybe it’s just simple word play of “Zoom us” as in call us. As opposed to “Zoom me” which might be just for one person rather than group chat.

          • mikedelfino 3 days ago
            8 more

            Do English speakers pronounce .us domains as dot us instead of dot u s?

            • williamscales 3 days ago
              2 more

              It would only be pronounced as "uhhss" as part of a domain hack. Otherwise "you ess". Source: am from USA.

              • RIMR 2 days ago

                Zoomus

            • Ylpertnodi 3 days ago
              4 more

              Dot yoo ess. Source: am European.

              • KineticLensman 3 days ago
                3 more

                Me too: 'you ess' (British)

                • pasc1878 3 days ago

                  Noting that we British would always call our country "you kay" so .us would be derived from that. I suspect similar reasoning from Europe.

                • wyclif 3 days ago

                  I also say 'dot you ess' and I was born in the USA.

        • jsheard 3 days ago

          AFAICT they've used that domain since day one, so probably not.

      • redbell 3 days ago

        But the dot com domain is now owned by Zoom Communications or just Zoom (as we know it). If you type "zoom.us" in your browser, you will be redirected to https://www.zoom.com/

      • yahoozoo 3 days ago
        2 more

        This is … Zombocom.

        • op00to 2 days ago

          You can do anything at ZomboCom.

          Anything at all.

          The only limit ... is yourself.

      • CPLX 3 days ago

        They've had zoom.com since at least 2019 or so. It used to just be a redirect to Zoom.us though they've made a switch since then.

      • Fokamul 3 days ago

        Maybe after recent US events, everything will move to .ru TLD

      • rhubarbtree 3 days ago
        25 more

        Incidentally, Zoom seems a terrible name for a video conferencing app - anyone know why they chose it?

        • eesmith 3 days ago
          4 more

          The Wikipedia editors know, https://en.wikipedia.org/wiki/Zoom_Communications#Early_year... :

          > In May 2012, the company changed its name to Zoom, influenced by Thacher Hurd's children's book Zoom City.

          It cites https://vator.tv/2020-03-26-when-zoom-was-young-the-early-ye... where Jim Scheinman says:

          > “I loved this fun little book as much as my kids, and hoped to use the name someday for the perfect company that embodied the same values of creativity, exploration, happiness, and trust. And the name works perfectly with a product that connects us visually to one another and that always works so fast and seamlessly.“

          • JadeNB 2 days ago

            > In May 2012, the company changed its name to Zoom, influenced by Thacher Hurd's children's book Zoom City.

            To save people the agony of visiting Wikipedia for themselves to check, changed from Saasbee. Which, good call.

          • sidewndr46 3 days ago
            2 more

            The reference to "Zoom City" is from an article published in 2020. It seems like a remarkably fitting ret-conning of what is probably a very boring branding decision.

            • eesmith 2 days ago

              What would be the point of ret-conning some other decision?

        • bakuninsbart 3 days ago
          9 more

          It is a one-syllable word, easy to pronounce in many languages, quite distinct from other words and brands, and can easily be turned into a verb.

          • rhubarbtree 3 days ago
            3 more

            Why does that make it a good name for video in particular?

            • andylynch 3 days ago

              Cameras often have zoom lenses for close ups.

              Fits great with the idea of bringing people together with video.

            • racked 3 days ago

              Why does it have to be -- ever "googled" something? ;-)

          • Hobadee 2 days ago
            5 more

            Verbing your nouns is a great way to lose your trademark.

            • Talanes 2 days ago
              3 more

              Are there any actual recent examples of this? The major examples I've always heard are solidly in the 20th century. It's not like Google has had any problem holding their trademark.

              • Hobadee 2 days ago
                2 more

                Kleenex and Xerox were both (somewhat) recently in danger of loosing theirs. They both pulled pretty big campaigns to un-verb their trademarks. Google still has a bunch of other products that people are familiar with, so they are in less danger of loosing theirs right now, but give it some time (like 50 years, not 10) and it may happen, especially if they get broken up for being a monopoly. (Which has been mentioned)

                • Talanes 5 hours ago

                  I'm usually a big proponent of longer-term corporate thinking, but deciding your name around problems you might have five decades after becoming a household name is a little much.

            • DiggyJohnson 2 days ago

              When they came up with it that would be a best case scenario.

        • skywhopper 3 days ago
          6 more

          It’s all relative. Is “Webex” better? “Skype”? “BlueJeans”??

          • disillusioned 2 days ago

            BlueJeans is one of those absolutely catastrophically stupid branding decisions. There's just........ no justification. It's confusing at best, and abbreviated as BJ at worst.

          • rhubarbtree 3 days ago
            4 more

            Fair. They are worse.

            • moomin 3 days ago
              3 more

              Especially Skype, which is getting shit down. In favour of Teams, which is so much worse it’s hard to describe.

              • lambdaone 2 days ago

                That's a really fantastic typo. I know it was unintentional, but still...

              • cute_boi 2 days ago

                We use Skype and it is worst atm. Skype freezes every minute.

        • thund 3 days ago

          Subjective, Zoom is a pretty cool name

        • j45 3 days ago
          4 more

          One guess - fast video.

          • j45 3 days ago
            3 more

            Added context: Zoom delivered a step change in video conferencing quality for the many, vs the few, and in a lot of ways did seem to force others to be better.

            During the pandemic many people used zoom more than their cell phones.

            • rhubarbtree 3 days ago
              2 more

              I immediately agreed with this, but at the same time it’s not “fast” is it? It’s higher quality or more reliably, something like that. But emotionally I agree it does feel “faster”.

              • j45 2 days ago

                Fair point - it's smoother video that gives a better quality experience.

                The speed of starting a call sometimes could take a bit more but once established was higher quality than the alternatives at the time.

  • redbell 3 days ago

    > The whole point of paying for MarkMonitor is that they're an expensive service for valuable domains

    A while ago and, out of curiosity, I did a Whois Lookup to see what big tech companies are using as their domain registrar and found that Microsoft, Google, Amazon, Tesla, Netflix and Shopify are all using MarkMonitor. On the other hand Apple uses "Nom-iq Ltd. dba COM LAUDE", Meta (and its children) uses RegistrarSafe and Nvidia uses SafeNames.

    • jenny91 3 days ago

      RegistrarSafe is a registrar spun up by Meta for precisely the purpose of guarding their own domains and isn't open to external customers.

    • taspeotis 3 days ago

      > COM LAUDE

      Someone had fun with that one.

    • snowwrestler 2 days ago

      That’s interesting, Apple used to use CSC, which is the “other” big corporate registrar, competitor to MarkMonitor.

    • conradev 2 days ago

      Many of those also run their own gTLDs, too: .apple, .google, etc

  • debarshri 3 days ago

    I guess they are paying markmonitor because of their ability to reach out to Godaddy and get stuff resolved.

    Imagine being a small startup with a similar problem. Godaddy will not even entertain you.

  • Maxious 3 days ago

    GoDaddy runs the root dns for .us

    • mentalgear 3 days ago

      GoDaddy is the rot of us domains, besides being rotten culturally as well

    • dawnerd 3 days ago

      Wait really? I use a .us domain for personal stuff, that.. makes me want to reconsider.

      • NewJazz 3 days ago
        10 more

        Also .us domains don't have who is privacy.

        • lazide 3 days ago

          Yeah I found that out when I stupidly used my real contact info, and ended up getting spammed all to hell.

        • talideon 2 days ago
          2 more

          WHOIS privacy isn't a registry-level service. It's a registrar-level service.

          • Kwpolska 2 days ago

            It’s both. Some domains do not allow WHOIS privacy (.us is one of them), some have it built-in, while most don’t care and registrars can fill in with fake data.

        • gerdesj 3 days ago
          6 more

          Please don't keep us in suspense ... who is privacy?

          • stwrzn 3 days ago
            5 more

            They probably meant "whois privacy"[1] (without the space). Whois is basically a way to get information about a domain name (and many other stuff). Whois privacy just ensures that your address, name and other stuff is not public.

            [1]https://en.wikipedia.org/wiki/Domain_privacy

            • imcritic 3 days ago
              4 more

              They were probably joking when they asked that question.

              Your reply doesn't seem sarcastic, so I take it you genuinely r/whoosh'ed (that's a reference to a subreddit about situations where someone is acting clueless).

              • 0_gravitas 2 days ago
                2 more

                Realistically, I don't think HN is the place for those kinds of jokes, which are best kept for reddit/twitter.

                • kitchi 2 days ago

                  Yeah I'm increasingly seeing these reddit-style low effort jokes on here, hopefully it's transient as folks acclimatize to the culture and customs here.

              • stwrzn 3 days ago

                I know ;) Some people still value an explanation though.

    • unethical_ban 2 days ago

      I understood what you meant. I can understand why someone would want to clarify the terminology for those who don't know DNS well.

    • AStonesThrow 3 days ago

      > GoDaddy runs the root dns for .us

      .us is not the “root DNS” and your misidentification is muddying the waters.

      .us is a TLD (Top-Level Domain) and more specifically, a ccTLD (cc = ‘Country Code’).

      https://en.wikipedia.org/wiki/.us

      And the English Wikipedia says that its registrar is a subsidiary of GoDaddy named “Registry Services, LLC”.

      The root DNS servers and registry are not run by GoDaddy or a subsidiary.

      https://en.wikipedia.org/wiki/Root_name_server

      They are operated by important entities. Not companies that release sexy commercials featuring Danica Patrick. I keep getting confused between GoDaddy and Carl’s, Jr.

      • bawolff 3 days ago

        I think its clear from context they mean the .us TLD, and not the root zone, since obviously it wouldn't make sense to talk about the root zone for .us.

        Its also very reasonable to use the more well-known name of the parent company to describe sonething done by its subsidary.

      • gjsman-1000 3 days ago
        13 more

        [flagged]

        • bo0tzz 3 days ago

          That's not what they said.

        • bjt 3 days ago
          11 more

          .us is not a root name server. The root name servers are one more degree removed.

          • kowabungalow 3 days ago
            10 more

            Hence 'for .us'. The trouble with this form of pedantic is that the nicer way to interpret the misunderstanding is that the pedant is ignorant either of language or the structure of dns.

            "He runs the Internet routers for our company." -> "Your company doesn't run the Internet" -> wtf?

            • fluidcruft 3 days ago
              9 more

              It was a clarification that GoDaddy's ability to fuck everything up isn't quite as broad as suggested.

              • jsjohnst 3 days ago
                8 more

                It actually didn’t help at all. Read the part quoted again, OP specifically indicated .us, not “root zone”. The registrar for .us (GoDaddy) is in fact the “root dns for .us”

                • AStonesThrow 2 days ago
                  3 more

                  > The registrar for .us (GoDaddy) is in fact the “root dns for .us”

                  “root DNS” has a very specific meaning, and you’ve misused it again.

                  Root DNS means ‘.’ and only ‘.’ There is no other “root”. That’s why it’s called “root” to be unambiguous.

                  In fact, in recent history, the root name servers use their own domain for convenient forward DNS resolution: ‘root-servers.net’ GoDaddy doesn’t run this either... Surprise, surprise!

                  > Your company doesn't run the Internet

                  Yeah well as a fragment, the statement makes sense, more or less, because there’s no “term of art” being abused there in your reductio ad absurdum.

                  Indeed you can run your own private root DNS, if you don’t want to interact with the real Internet, but your private roots are different from your private/hidden/split-horizon TLD. Another thing GoDaddy isn’t running. Did you know that GoDaddy doesn’t run news.ycombinator.com? Not even a subsidiary!

                  GoDaddy doesn’t run any “root DNS”, and they never have: period, full stop. [Pun intended]

                  • immibis 2 days ago
                    2 more

                    The whole point of a tree is that every node is the root of its subtree.

                • fluidcruft 2 days ago
                  4 more

                  The original clarification was perfectly fine to and arguing about the correction is reply-all-unsubscribe line noise. There was confusion, it error corrected, move on.

                  • jsjohnst 9 hours ago
                    3 more

                    Yet you chose to reply-all-unsubscribe line noise further. Maybe take your own advice and move on bro.

                    • fluidcruft 4 hours ago
                      2 more

                      Necromancing an over two-day old thread to ask someone to move on is a bit rich lol.

                      • jsjohnst an hour ago

                        Yet you still reply again! Guess you put zero value in your own advice, got it!

  • thayne 2 days ago

    Well, another point of MarkMonitor is to get access to ccTLDs with requirements that are more difficult for you to meet yourself. Like needing to have a physical address within the country. MarkMonitor has offices in a bunch of countries just to meet that requirement, so they can sell ccTLD domains to customers.

    The legality of that system seems a little questionable to me, but IANAL.

  • fsckboy 2 days ago

    >The whole point of paying for MarkMonitor is that they're an expensive service for valuable domains

    the whole point of MarkMonitor is more in the trademark realm, rather than a cloud sysop role.

    "Mark" is what trademarks are called in the ... trade.

  • TheDong 3 days ago

    MarkMonitor isn't at fault here.

    If you register a ".ps" domain, it doesn't matter if you use MarkMonitor or Namecheap, they can't help you when the ongoing genocide results in the removal of Palestine as a country and ".ps" no longer is a valid country code top level domain.

    Similarly, if you register a .us domain instead of a ".com", ".net", or ".org", MarkMonitor can't help you when GoDaddy inevitably screws up.

    History has borne this out: .com domains are well-managed. ccTLDs like '.io', '.su', and '.fj' have all had significant security or availability issues because they're run by "eh, whoever the hell the country picks" with no standards.

    Financially, a proper gTLD also can't raise prices unilaterally and weirdly, while if you pick a ccTLD, the country has free reign to arbitrarily change prices, delete your domain, take over your domain, etc etc.

    Do not use a ccTLD.

    • Hackbraten 3 days ago

      There are countries whose ccTLD registrars are impeccably well-run and have been for decades, such as DENIC, the entity that oversees the .de ccTLD.

      If you're based in Germany, I don't see a reason why you would want to avoid .de domains.

      • immibis 3 days ago
        5 more

        Them being subject to the pretty draconian laws of Germany is a minus for most people if they had no other reason to have to follow those laws (such as not being in Germany).

        • lxgr 2 days ago

          Somebody that is based in Germany (which is what GP was recommending .de for) is usually subject to German law, due to... being in Germany.

          And conversely, when not based in Germany, you'd need a proxy Administrative Contact anyway. (Registrars can probably provide that for you, but it seems like asking for trouble.)

        • moe_sc 2 days ago
          3 more

          Mind ellaborating what draconian laws you are talking about?

          • immibis 2 days ago
            2 more

            If it's not strictly non-commercial then you have to publish your fill name and home address prominently on it. You can't say anything insulting about anyone, even if true. And you can't criticize what Israel did because it's considered antisemitism.

            • lxgr 2 days ago

              > If it's not strictly non-commercial then you have to publish your fill name and home address prominently on it.

              Under German law, as far as I understand this is true for publications "addressed to a German audience" regardless of your domain's TLD, your server location etc.

      • NewJazz 3 days ago

        There are definitely exceptions, and having a connection to the country in question helps, but unfortunately countries seem to enshittify in different but similar ways as old companies.

    • chrismorgan 3 days ago

      >>> This block was the result of a communication error between Zoom’s domain registrar, Markmonitor, and GoDaddy Registry, which resulted in GoDaddy Registry mistakenly shutting down zoom.us domain.

      That sounds like MarkMonitor is at least partly at fault here.

      • subscribed 2 days ago
        2 more

        Mark Monitor have issued a correct request for the `serverUpdateProhibited`, but GoDaddy changed the code to `serverHold` instead.

        100% on the GoDaddy staff.

        • oarsinsync 2 days ago

          > Mark Monitor have issued a correct request for the `serverUpdateProhibited`, but GoDaddy changed the code to `serverHold` instead.

          I’m curious about where are you seeing what Mark Monitor requested? It doesn’t appear in the official status update. Is this public information formally posted somewhere we can all see?

      • NewJazz 3 days ago

        I mean, one person is saying what to do and the other person is doing it. And the person doing things is taking down zoom.us... Also knowing who godaddy is and what they do...

    • chrismorgan 3 days ago

      > Financially, a proper gTLD also can't raise prices unilaterally and weirdly, while if you pick a ccTLD, the country has free reign to arbitrarily change prices, delete your domain, take over your domain, etc etc.

      Look into what’s happened with pricing on domains like .org and .info. They’re increasingly absurd, with the restrictions on price increases that once were there largely being removed, at the pushing of the sharks that bought the registrar. Why are these prices increasing well above inflation rate, when if anything the costs should go down over time? Why is .info now almost twice as expensive as .com?

      • agwa 3 days ago
        4 more

        Although the .org price caps are gone, the registry has to raise prices uniformly for all domains. They can't target popular domains for discriminatory pricing. ccTLDs can.

        • ryan29 2 days ago
          3 more

          > They can't target popular domains for discriminatory pricing.

          That's not completely accurate. Section 2.10c of the base registry agreement says the following in relation to the uniform pricing obligations:

          > The foregoing requirements of this Section 2.10(c) shall not apply for (i) purposes of determining Renewal Pricing if the registrar has provided Registry Operator with documentation that demonstrates that the applicable registrant expressly agreed in its registration agreement with registrar to higher Renewal Pricing at the time of the initial registration

          Most registrars have blanket statements in their registration agreement that say premium domains may be subject to higher renewal pricing. For registry premium domains, there are no contractual limits on pricing or price discrimination. AFAIK, the registries can price premium domains however they want.

          • agwa 2 days ago
            2 more

            You omitted key portions of that section. Here's the full quote (emphasis added):

            > The foregoing requirements of this Section 2.10(c) shall not apply for (i) purposes of determining Renewal Pricing if the registrar has provided Registry Operator with documentation that demonstrates that the applicable registrant expressly agreed in its registration agreement with registrar to higher Renewal Pricing at the time of the initial registration of the domain name following clear and conspicuous disclosure of such Renewal Pricing to such registrant

            Furthermore:

            > The parties acknowledge that the purpose of this Section 2.10(c) is to prohibit abusive and/or discriminatory Renewal Pricing practices imposed by Registry Operator without the written consent of the applicable registrant at the time of the initial registration of the domain and this Section 2.10(c) will be interpreted broadly to prohibit such practices

            Yes, premium domains can be priced higher, but the Renewal Pricing has to be "clear and conspicuous" to the registrant at the time of initial registration. Are you aware of any litigation related to this?

            • ryan29 2 days ago

              The exact pricing isn’t disclosed. All they do is tell you the price will be “higher”. Anyone registering a premium domain is getting higher than uniform renewal pricing, so whatever they’re doing right now is considered adequate and that’s just generic ToS in the registration agreement AFAIK.

              It sounds like you think I’m being deceptive. Do you know about any registry premium domains where someone has a contractually guaranteed price?

              Also, based on my own anecdotal experience, ICANN doesn’t interpret 2.10c broadly and they allow the registries to push the boundaries as much as they want.

  • ValveFan6969 3 days ago

    Agreed. This is a whole lot of screw ups that I would have expected from the indie company down the street, not an ICANN accredited registrar. It's pretty pathetic when it takes public pressure for the ICANN to finally start doing their goddamn job.

  • renegade-otter 3 days ago

    These big companies spend tens of millions on homegrown tooling, even their own languages and databases, but they can't assign one dev to write a domain-monitoring tool?

    • dewey 3 days ago

      You are thinking like a developer. In reality that means that now they are responsible for it, if MarkMonitor messes something up they can use their relationship to all the registrars to fix the problem and MarkMonitor is on the hook in case anything goes wrong.

      This is a better situation to be in than some internal tooling that failed to notify someone because it got forgotten after the developer left.

    • crazygringo 2 days ago

      Because it's cheaper and more reliable to outsource that to a company specializing in it.

      If one dev had written it, how many times would that tool have failed by now? When the original dev left the company a decade ago, the tool has been transferred between teams six times, it failed a migration and the email address it used to send errors to no longer exists so nobody noticed, and it's literally gotten lost in the shuffle?

    • zippergz 2 days ago

      Markmonitor is much more about the people and service behind it rather than the software. To replace markmonitor you don't need a dev to write a tool. You need a dev to write a tool, and then a team of people who build relationships with everyone in the domain world and are available 24/7 to make calls and deal with issues if they come up.

    • lazide 3 days ago

      It’s one of those ‘this problem is so simple, our big corporation cannot hope to solve it’ type of problems.

lrvick 2 days ago

To try to convince my employer at the time to drop Zoom, I decided to see how many security vulns I could find in 2-3 hours.

Found 12 confirmed bugs in that window using only binwalk and osint.

The worst was that I noticed the zoom.us godaddy account password reset email address was the personal gmail account of Eric S Yuan, the CEO.

So, I tried to do a password reset on his gmail account. No 2FA, and only needed to answer two reset questions. Hometown, and phone number. Got those from public data and got my reset link, and thus, the ability to control the zoom.us domain name.

They were unable to find a single English speaking security team member to explain these bugs to, and it took them 3 months to confirm them and pay me $800 in bug bounties, total, for all 12 bugs.

The one bright side is this did convince my employer to drop them.

  • jaxefayo 2 days ago

    How long ago was this? A few years ago they were hiring aggressively for security team members in the US, including a dedicated fuzzing team. I’m guessing this was from early on when Zoom was just getting popular?

    • lrvick 2 days ago

      About 7 years ago

  • popcalc 2 days ago

    You're admitting to committing a felony?

    • MiguelX413 2 days ago

      White hat hacking is fine.

      • popcalc a day ago
        3 more

        If you password reset my personal Gmail account I will sic the FBI on your tail without a second thought. Not cool.

        • hunter2_ 21 hours ago

          The story says that the password reset link was received, which proves the vulnerability without actually denying service, causing loss, etc. As an analogy, the attacker found a key to a door but did not proceed to open the door.

          It doesn't say the password reset link was used to change the password, which would deprive the account owner access and grant unauthorized access which of course would be illegal.

18172828286177 3 days ago

Godaddy is such an incompetent organisation. Should not be allowed to administer anything of importance.

  • nom 3 days ago

    It's easy to blame GoDaddy, but 'miscommunication' takes two.

    You pay Markmonitor a shitload of money to make sure this doesn't happen. They should have dedicated people at GoDaddy and direct communication channels.

    This is a significant fuckup on Markmonitor's part, even if GoDaddy did something different than was requested from them.

    • Hobadee 2 days ago

      I can guarantee you that miscommunication doesn't always require 2 people.

      Source: Have been OH SO EVER PRECISCE AND EXACT in my communication with certain idiots, and they still screw it up. Several instances of "put this here carefully", only to return and find it all the way across the room upside-down and broken, come to mind.

    • subscribed 2 days ago

      Mark Monitor have correctly asked for `serverUpdateProhibited`, GoDaddy changed the code to `serverHold` instead.

      I don't know why you're trying to spin it as Mark Monitor fault.

      • gavinsyancey 2 days ago

        Where are you getting that from? I don't see that info anywhere on the linked page. Is there more information published elsewhere, or do you have insider knowledge?

  • hinkley 2 days ago

    Who knew a company who ran ads with women dressed like Hooters waitresses would turn out to be a fucking clowncar. I mean what are the odds?

ajdude 3 days ago

A few years ago I had a .us TLD. I eventually decided that I probably shouldn't be reliant on a country code for my domain, it's the same reason why I don't use .io

I'm not saying that this couldn't have happened with a gTLD But why put your brand at the mercy of a government like that?

  • lucb1e 3 days ago

    What TLD is not subject to a country's laws? .aq? .su?

    Edit: .eu might be an even better candidate for this requirement, but you can ask British former domain owners how that worked out

    gTLDs just subject you to an additional layer of incompetence, namely from the company running it. The government where they're located can still come knocking. It's also not like e.g. .nl is run by the Dutch government officials, it's a nonprofit started by some people in the 80s iirc

    • belorn 3 days ago

      gTLDs are regulated by ICANN. As much as an organization can achieve to be a global multistakeholder group, at least the intention is to be global.

      ICANN have a mostly hand-off approach to ccTDLs. The intention is that each country decide on their own regulations and management when it comes to their country code specific domains.

      .nl is a very special case, and it is true that the Dutch government was not involved. .nl was the first country code TLD created outside of the US, when the domain system still was part of ARPANET and operated by the United States Department of Defense. .nl was then transferred to a foundation 10 years later, and that's where ownership now resides.

      ccTLDs are somewhat of a mess. Many are created in universities, then transferred to a company or foundation. Others were sold to companies from the start. In some cases, government have sold their ccTLD to other countries.

      .se for example was created in a Swedish university, and then later the government took possession of it (or the university gave it to them, can't really say). Now there are laws that explicitly defines how it should be used and governed, which then a non-profit foundation manage the implementation.

      • immibis 2 days ago
        2 more

        IIRC one of the Balkan countries physically stole the DNS servers of another one's ccTLD.

        • Macha 2 days ago

          After the breakup of Yugoslavia in 1992 there was a dispute between Slovenia and FYR Serbia and Montenegro over the .yu domain that lasted until 1994 when Jon Postel intervened.

          As you might notice from the dates and names, this was very early in the history of TLDs.

    • agwa 3 days ago

      > gTLDs just subject you to an additional layer of incompetence, namely from the company running it.

      ccTLDs also have to be run by some organization, which is often a private company. Maybe the country's oversight over this organization is better than ICANN's oversight over gTLD operators. Maybe it's not. Historically, the worst technical incidents have occurred at ccTLDs.

    • numpad0 3 days ago

      Presumably the idea is that fabricating a legal offense to shut down a ccTLD would be easier than it would be for regular TLDs.

      I don't know if that's actually the case, I've heard some shady sites are using .su(Soviet Union) to avoid judicial actions.

      • lucb1e 3 days ago

        Wait, we're talking about buying domain names right? Not about buying countries in order to own a ccTLD rather than a 'regular' TLD

        So then you don't have to produce an offence that takes the TLD down (whichever kind) but one that makes a judge within the country that the TLD operator operates in approve a takedown notice for your domain name or even get the TLD operator to cooperate voluntarily

    • bongodongobob 3 days ago

      It's the specific country being referenced, I think.

      • swores 3 days ago

        They wrote that they were talking about country code TLDs vs not, not about US vs. other countries. (Which is what I would've said too, it's a more general point than thinking about anything specific to one country.)

        Ironically that one country happens to be the one that also controls gTLDs like .com, as others have pointed out, so arguably .us is the one ccTLD that isn't any more or less likely to be reliable.

  • omcnoe 3 days ago

    Zoom are already at the mercy of the government by virtue of being incorporated in the US, and having the majority of their staff there. "Generic" TLD's like .com come under US purview also anyway.

    • deepsun 3 days ago

      .us is more special, e.g. the owner should be a US entity, and must be public (Private Domain functionality is disabled for .us).

  • jsheard 3 days ago

    > it's the same reason why I don't use .io

    Dodged a bullet there given that .io is at risk of being discontinued altogether. It hasn't been decided yet, but better to not have that dangling over your head.

    • xp84 3 days ago

      You can bet it wouldn't be actually discontinued, but you can bet when/if the UK gives away the island to Mauritius or whatever, they'll lease the rights to the highest bidder, and those people will be free to extort everyone with a valuable .io domain.

    • ryan29 2 days ago

      It's going to be interesting to see what they do. One of the core arguments when claiming the domain industry enjoys a competitive market is that switching costs are bearable and that switching TLDs is an option if registries increase prices too much.

      So ICANN has a non-trivial choice to make. Either they maintain the position that switching costs are bearable and let .io disappear, or they admit that TLD switching is impossible and save .io, which will make it hard to argue the threat of (registrants) TLD switching keeps the industry competitive.

      • immibis 2 days ago

        Fortunately, ICANN is based in America, where there's no law that markets have to be fair or that you can't lie.

    • eli 3 days ago

      I don't think that's a real risk

      • jsheard 3 days ago
        13 more

        It wouldn't be the first time a ccTLD has been retired after its country ceased to be, though it would be the most disruptive given how popular it is, hence the uncertainty as to what they'll do this time.

        • sgarland 3 days ago
          7 more

          If I were Mauritius, I would be hitting tech companies left and right to secure a permanent income stream.

          You guys want to kick indigenous people off their land for military bases? Enjoy your new bill for .io domains.

          • barry-cotter 3 days ago
            5 more

            The Chagossians are not by any meaningful standards indigenous. The land was uninhabited when George Washington was rebelling against the British. If the Chagossians are indigenous so are old stock white Americans.

            And Mauritius have treated the Chagossians like dirt for decades, with no signs of that changing.

            None of this is to deny the Chagossians were extremely ill treated by the British, but the idea that the Mauritanians have any interest in the welfare of the Chagossians is ridiculous.

            • Y_Y 3 days ago
              3 more

              I have some sympathy for your position, but I'll add that the prevailing moral opinion seems to be "whoever got there first is the rightful owner". Of course you have to allow for armchair ethnologists not being particularly good at distinguishing between similar groups and later revisionism.

              A lot of Pacific islands territories have complicated histories like this (e.g. Hawaii, New Zealand), but the focus usually ends up on whatever bastards most recently took over from the previous bastards (relative levels of bastardy notwithstanding).

              • Sunspark 2 days ago
                2 more

                Absolutely. For example, the Maoris are not the original indigenous. What happened to them you may ask? They became literal dinner for the Maoris. This has happened elsewhere too. True original indigenous are rare.

                The thing with the island of Diego Garcia is quite strange and I strongly suspect there is corruption involved. The UK wishes to divest itself? Instead of holding an auction where the rest of the planet can bid on purchasing the territory, the UK decided that Mauritius would take it (who doesn't really want it) and to entice them, the UK is going to PAY Mauritius to take the territory and leave the base alone. The amount is £90 million annually, adjusted for inflation for 99 years.

                This is a lot of money, why not just NOT turn it over and not have to give away £90 million a year for a century? So, it begs the question.. is someone from the UK side benefiting from this no-bid deal?

                Give the island to me, and I won't charge the UK to have the base.

                • chris1993 a day ago

                  Māori were the first settlers of NZ. There’s no record of any earlier population being “dinner” for anyone.

          • bigstrat2003 3 days ago

            Hopefully that doesn't happen as not everyone who uses a .io is a tech company. I've been using a .io domain for my personal email for something like a decade now, when I just thought "oh that's a cool TLD" and had no idea it was even a country TLD. I don't much relish the idea of getting soaked for money to stick it to the man when I haven't done anything morally wrong.

        • apitman 3 days ago
          4 more

          Whatever happens is going to set some really important precedent for sure.

          • TheDong 3 days ago
            3 more

            I think '.su' is already that precedent, since it had many active domains, recently had active registration, and ICANN has announced plans to phase it out.

            https://en.wikipedia.org/wiki/.su

            See also '.yu' and friends, which have already been deleted.

            • ascorbic 3 days ago

              The fact that the country ceased to exist a year after .su was created and yet the TLD still exists 34 years later is probably precedent for the opposite.

            • apitman 2 days ago

              How many domains are we talking though, and how many .io are there? Genuine question since I have no idea.

        • seszett 3 days ago

          That territory is not going to "cease to be", it's just going to change hands. The uncertainty was entirely created as an easy way to get views.

    • j45 3 days ago

      This news to me, thanks for sharing.

  • SkyeCA 3 days ago

    > But why put your brand at the mercy of a government like that?

    I tend to trust my government (Canada) and I appreciate that WHOIS information is hidden by default for .ca domains. I live here and always will so it seems fit to use the national TLD for representing myself and my work.

    • varun_ch 3 days ago

      same here with .ch! I trust Switzerland’s stability way more than I’d trust any business or country. I’m not actually sure if there’s any ccTLD more trustworthy. (yes I know that the TLD is ‘managed’ by a private company but still)

    • tephra 3 days ago

      IIRC CIRA who is the delegated ccTLD manager of .ca is not a government entity (this is quite common in the ccTLD space actually, a lot of ccTLD are being managed by foundations or non-profits).

      • wlonkly 2 days ago

        They're not, they're a (refreshingly transparent) non-profit -- but the government has the ability to reassign management of .ca to another organization as they wish.

  • VWWHFSfQ 3 days ago

    > But why put your brand at the mercy of a government like that?

    Literally every single TLD is administered by a government.

    .com itself is under jurisdiction of USA and operated by Verisign

    • ryan29 2 days ago

      > .com itself is under jurisdiction of USA and operated by Verisign

      Barely. The NTIA gave up all their leverage over .com in 2018. The only thing the US can do at this point is let the cooperative agreement auto-renew to limit price increases.

      I wouldn't be surprised if the US withdrew from the agreement altogether at this point. Then .com would fall under the joint control of ICANN and Verisign.

    • AStonesThrow 3 days ago

      > Literally every single TLD is administered by a government.

      False. I’m not sure what you’re trying to assert, but governments don’t necessarily need to control/admin gTLDs, and as far as ccTLDs go, they’re under jurisdiction of the corresponding nation, usually, but they’re going to be “administered” by a tech company that holds a contract.

      Anyway, “.com” does indeed answer to U.S. jurisdiction, despite being technically a gTLD, but registrations are not restricted to US-based entities. The main things that keep “.com” associated with the USA include the history/legacy of this quintessential “original” domain, as well as a general support from major countries that provide a “second-level” commercial domain, such as “.co.uk”.

      https://en.wikipedia.org/wiki/.com

      • nottorp 3 days ago

        > “.com” does indeed answer to U.S. jurisdiction

        ... which is a problem lately ... and may have been even in the past for some niches ...

brongondwana 2 days ago

This kind of possibility is why Fastmail purchased fastmail.com and migrated away from our old 'fastmail.fm' domain. .fm was cool, but we ran into a couple of outages on the .fm servers meaning we went offline. No such issues since we've been on .com.

LeoPanthera 3 days ago

Amazing how many service outages are caused by doing business with GoDaddy.

  • toast0 3 days ago

    Sure, but probably when zoom got the zoom.us domain, Neustar was running the .us registry. Godaddy acquired Neustar's registry business in 2020 when everyone was busy looking at other things.

  • lucb1e 3 days ago

    Also after dividing the number of outages by the number of customers?

    I'm not a customer (wouldn't buy my domain overseas) and have no solid opinion on GoDaddy besides that I hate the name. I hear the horror stories also. I'm just wondering if this is a knee-jerk reaction

    • hypercube33 3 days ago

      I've used about 12 registrar's and dns providers and they are trash top to bottom - literally the worst and most difficult to do everything from basic setup to how they do things just plain weird compared to other hosting providers. They also aren't the cheapest option so other than brand recognition I don't get why people use them.

      • kstrauser 3 days ago

        Let’s not get carried away.

        Network Solutions still exists.

    • skylerwiernik 3 days ago

      I bought my first domain from GoDaddy in high school. I remember them having the slowest dns portal in the world, and having to call support at least once about something they screwed up. Don't really remember the details, but I remember them causing problems and losing my business within a year. I've used at least 3 other registers since then and never had a single problem.

    • hinkley 2 days ago

      Here's something you all need to learn about site (or for that matter, tool) reliability:

      Nobody gives a shit about how many good outcomes between incidents there are. They care about how many good hours happen between incidents, and they care how big the incidents are.

      So if you make a tool that your coworkers use 5 times as much as the old process, that tool better make things at least 6x more stable or people will start talking about how the process fails 'all the time'.

      "all the time", as near as I've been able to figure out, after people have been yelling at me, my team, or a team I'm privy to, is not "every day". No, all the time just means that it happens every couple of weeks and one time happened twice in one day, twice in consecutive days, or with two customers in rapid succession. Usually the day they're screaming about.

      So if you're doing that thing every day all day long, where you used to do it rarely, but you made some progress on making it more frequent, nobody cares that it's every 100th run that fails, when it used to be every 10th. They just see the drama has gotten more frequent (and nowhere near as frequent as their narrative says, but you've already lost that argument)

jetsnoc 3 days ago

They need to implement secondary and tertiary domains—with diverse registrars and hosting infrastructure—for the Zoom client’s calling home. Maybe even a fallback anycast ip address for service discovery. Given how much companies like mine pay for service, it’s reasonable to expect that level of engineering foresight. But hindsight will do—let’s get it fixed. #HugOps to all employees working overtime and taking care of this.

  • macintux 2 days ago

    It certainly was frustrating that the status host was also in the zoom.us domain.

film42 3 days ago

Zoom CEO: Hi, we'd like an SLA credit for the global outage you caused our company.

GoDaddy: I am so sorry about that. I can offer you a one-time coupon for $10 off your next purchase or renewal. Would you like me to apply this to your account?

---

Most companies just hope an apologetic zoom call is enough to retain your business, and most of the time it works. Not enough has been written about the asymmetry of your SLA credits to your revenue impact for a given vendor outage and how that should guide your build vs buy decision framework.

  • mikeocool 3 days ago

    You probably don’t want to optimize for the SLA credit making up for a significant part of your lost revenue — because that would mean when things are operating normally, you don’t have much of a profit margin.

    SLA’s are generally more helpful for getting out of long term contracts with unreliable vendors than actually making up for revenue lost during an outage.

    • kevincox 3 days ago

      SLA credits are an incentive for the service provider not making up for lost revenue from the outage.

      If you have 100% SLA credit under 99% availability you can't aford to be less than 99% available and I know that your SLA means something to you, not just an aspirational bullet point.

  • Geezus_42 3 days ago

    Why would you use godaddy for a service as large as Zoom? They have been garbage for years. The way they locked out their ACME api for anyone but top tear clients sealed the deal for me. I would never trust them.

    • signal11 3 days ago

      From the linked article

      > This block was the result of a communication error between Zoom’s domain registrar, Markmonitor, and GoDaddy Registry, which resulted in GoDaddy Registry mistakenly shutting down zoom.us domain.

      Markmonitor is used by some fairly large corps and web properties. It’ll be interesting to find out exactly what this miscommunication was.

    • 0x0000000 3 days ago

      They don't use Godaddy directly. Godaddy is the registry for .us. Zoom's registrar is MarkMonitor, who appear to be at fault for this outage.

      • subscribed 2 days ago
        2 more

        No, Mark Monitor have requested the correct change (EPP status code `ServerUpdateProhibited), GoDaddy messed it up.

        (I'm not affiliated with either, but happen to know the technical details of the outage)

        • SahAssar 2 days ago

          Could you let us know how you know the technical details? Is there some public info the rest of us haven't been clued into?

      • sgarland 3 days ago
        18 more

        Never heard of MarkMonitor before. Not a great start.

        I had Google Domains for years, until they abruptly and bizarrely abandoned it, then I left for Porkbun. Never had a problem with either of them. I get yearly auto-renewal notices. Everything works, and it’s very boring, which is precisely what I want from a registrar.

        • Moto7451 3 days ago
          5 more

          I worked at a company that used MM and was involved in some of the domain work.

          One of the really nice things about the service is they handle a lot of the general business continuity and security stuff that can really suck with traditional registrars. One of their main lines of work is they’ll work with you to resolve tld-squatting and typo-squatting by working directly with the registrars.

          Even before an infinite number of vanity or scammy tlds started showing up it would be pretty difficult to find <your-growing-unicorn-startup>.biz to add to your portfolio of domains since the owner may just have forgotten to update their email in their registrar and were coasting on a 10 year registration. Maybe the squat was intentional and it’s now a 1:1 replica of your homepage with a phishing or other credit card scam going. Stuff like that really sucks to do yourself while handling your other responsibilities. MM was pretty successful at getting in touch with the owners in the first place and having the registrar yank and transfer in the latter case. YMMV of course.

          Once a lot of tlds started showing up, and especially the porn related ones, they worked with the new registrars directly (like GoDaddy in the .us case here) in the “sunrise period” to make sure something like google.xxx doesn’t become a front page article about an actual porn site (in case you’re wondering, that one doesn’t go anywhere at all). Your other options are to work directly with each registrar or ICANN.

          • throwanem 3 days ago
            3 more

            Oh, I didn't know they'd been around since '99. They called me on behalf of a Hollywood titan about one of my hobby domains, which happened to partially coincide at a dictionary word with one of their client's trademarks, some time around 2006. I don't recall that the approximate paralegal I spoke with actually identified the company; I never forgot the call, but hadn't thought to check who manages the studio's own domain. Go figure.

            I found them surprisingly easy to deal with, and happy to have me on record that my toy domain had nothing to do with either their client or any money. I assumed as long as that remained the case I would never hear from them again, and for the decade or so longer I kept the domain, that was exactly how things went.

            • prmoustache 2 days ago
              2 more

              I may be wrong but I think I saw MarkMonitor changing hands a year or two ago so the MarkMonitor of today might not be at the same level and quality of service as before.

              • throwanem 2 days ago

                Yeah, in 2022 acquired by some kind of sketchy rollup of lots of legacy/web-1.0 firms or what remained of them, it looks like.

                Oh, well. It's been a long time since I was so naïve as not to do a quick informal trademark/brand search before I register a new domain, so I don't really expect to hear from them again any time soon, either.

          • sidewndr46 2 days ago

            I'd argue the ability of a private company to exert control over all TLDs on the behalf of their clients is indicative of a problem in the domain registrar system. Not a "service"

        • dewey 3 days ago
          11 more

          That’s because you are maybe not in the market for MarkMonitor. If you check the whois for any global brands chances are they are held by MarkMonitor. Just like you don’t use EY as your tax advisor.

          • sgarland 3 days ago
            10 more

            Genuinely, I don’t understand how anything other than uptime matters for a domain registrar.

            What services are they offering that makes them attractive to corporations?

            • slyall 3 days ago

              The are supposed to also filter things like complaints. If somebody complains I'm sending spam and I only pay $20/year then my registrar might lock my domain and then I have to work to get it back online.

              Mark Monitor will apply a lot more filtering to complaints.

              Ironically this is allegedly what happened in this case, a complaint about the domain got it taken offline.

            • reilly3000 3 days ago
              5 more

              They generally do full service brand monitoring to protect IP and maintain continuity. You would outsource monitoring for trademark infringement to them, and be certain that domain renewals are done perfectly for a portfolio of high value domains.

              • lolinder 3 days ago
                4 more

                Which is why this outage is so weird: the entire point of paying MarkMonitor is ensuring that absolutely nothing goes wrong with a very fraught process, and they seem to have just taken down one of the biggest brands they support.

                • throwanem 3 days ago
                  3 more

                  Precisely. You pay a company like this the nosebleed-inducing fees they charge so that this exact event never happens. That assurance, and not the mechanics of domain registration or canned web searches or whatever else, is their product.

                  It's like, as I'm sure I'm paraphrasing from something I read God alone knows how many years ago, if your publicist lets you walk into a press event with a giant blob of snot hanging out of your nose. There surely is a reason why that error occurred, and it probably is at least a pretty good reason. But no one is very surprised to see the intro invite from your new publicist.

                  It isn't a relationship you blow up on a whim, but Zoom that can't route call traffic is Zoom that's not generating revenue, and while the reputational impact is negligible if it happens once, it had really better happen only once. Zoom is the incumbent; no one remembers they were revolutionary once, now everyone only notices the parts they don't like. (Being a skilled but politically naïve sysadmin is much the same.)

                  Basically, this is why Ma Bell - which had about the only stronger possible "uptime" expectation, in that no one uses Zoom for 911 - was so uptight you couldn't even plug in a modem until about five minutes before divestiture, and specified everything down to the number of turns in the splices their technicians made. There was a fad among programmers, when I was a child, to consider such practices stodgy.

            • toast0 3 days ago

              Like others said, uptime for a registrar barely matters. For an important domain, I don't want anything to change, and if the registrar is down, nothing will change, so that's good.

              What MarkMonitor can provide is things like facilitating RegistryLock, which makes it even harder for changes to be made. And account reps that know what's going on. I hate working with account reps, but if they're knowledgable and easy to work with, it's ok.

              They do some trademark monitoring (thus the name), if you want to get your own related app taken down from Google Play :p (I'm not bitter, it was amusing). And presence services if you need to hold a domain in a weird location that wants a presence, they can probably arrange it, which is handy at times.

              I'd love to know more details on this incident, MarkMonitor had a bulletproof reputation as a registrar that won't fuck up. Godaddy doesn't, but then I didn't realize they had taken over the contract for .us

            • kryptiskt 3 days ago

              They can offer humans in the loop, and those cost a lot. Like, a real live human will contact you and ask if you really want to transfer microsoft.com to Shady Shell Company (Bermuda) Ltd. Porkbun's pricing model is less attractive when your domains are worth billions to you.

            • BrandoElFollito 3 days ago

              Why would uptime matter that much for a registrar?

              (As opposed to a DNS server, including root servers - and even then DNS has provisions for downtime, not to mention redundancy in configurations)

        • the-rc 3 days ago

          MarkMonitor has been around forever. It's used by many of the largest companies. I remember quite a few Google outages that could be tracked down to MM issues.

    • Geezus_42 3 days ago

      I just remembered, they also can't do DKIM correctly. What good is a DNS provider that can't follow standards?

    • technion 3 days ago

      Companies as big as zoom are still perfectly capable of having a high level VIP decide "we're going to use GoDaddy because I saw their Superbowl ad".

  • pavelstoev 3 days ago

    Can’t have an apologetic zoom call when zoom is down …

  • crazygringo 2 days ago

    If there were symmetry, then renewing the domain would cost millions instead of $20 or whatever it is, to cover the payouts. Is that what you want?

    If it is, you can buy custom insurance for the event from an insurance company, and pay the same kind of yearly fee.

    And remember that with build vs buy, what you build will often be worse than what you buy, because at least what you buy is getting bugs fixed from bug reports across the world from other customers. An internal tool will rarely be as stress-tested and battle-hardened as what you can buy.

  • chazeon 3 days ago

    I remember crowdstrike outage offers starbucks coupons? that’s way to go.

stackskipton 3 days ago

This smells like something happened with MarkMonitor, they accidently flagged zoom.us as brand spoofing and filed copyright complaint with GoDaddy who runs .us TLD. GoDaddy suspended the domain per the complaint.

  • lolinder 3 days ago

    It's possible, but MarkMonitor is Zoom's registrar, so there are plenty of other ways for a miscommunication between MarkMonitor and GoDaddy to cause this. Copyright complaints would be a more reasonable theory if MarkMonitor were mentioned and didn't have any other involvement.

    • stackskipton 3 days ago

      I guess but if MarkMonitor accidently suspended it, it would be ClientHold but it was widely reported it was showing as ServerHold.

      ServerHold is used with Registry (GoDaddy in this case) is disabling vs ClientHold is when registrar is pulling the plug (MarkMonitor)

      So what would have MarkMonitor said to GoDaddy to cause them to ServerHold a domain?

      • altairprime 3 days ago

        At one point on a trip to Hawaii I was detained in my room by hotel security for fifteen minutes after requesting a room key to replace the one I lost.

        It turns out that they had typo’d 12 into the request type field instead of 1, and type 12 was “Covid lockdown protocol with security enforcement” leftover from 2020 and latent in their systems.

        Depending on MarkMonitor have chosen to integrate with each other to handle the sort of trademark management that is MarkMonitor’s premium offering, either or both parties could have simply been off-by-one or typo’d in a transaction to cause this. It’s absolutely plausible to create a confusing nightmare outcome with a one-byte error. (And we’re having quite incredible cosmic rays today, so I hope they’re using ECC RAM!)

      • thayne 3 days ago
        3 more

        Possibly MarkMoniter failed to renew the domain on time? Or there was a miscommunication around payment that led to the domain expiring?

        • selcuka 3 days ago

          Renewal date is April 24, so unlikely. Even if it expired this year they would still have a week to renew.

  • layman51 3 days ago

    I don’t know if I’m misremembering, but I remember getting automated service emails about how Zoom.us will be a deprecated domain in favor of Zoom.com

    When this outage happened, I assumed that they finally “made the switch” over but something went wrong.

    Something I heard is that there was a Twitter account @zoom_us that was also deleted today.

  • Alupis 3 days ago

    If this is the case, then it seems to be a very clear-cut example as-to why we should reject these sort of automated "take downs". They can and are abused, including copyright violations on Github, YouTube, etc.

    Since when did we accept, as a society, guilty until proven innocent? I recognize GoDaddy is not the government - but this is unacceptable. A human spending 3 seconds looking at the domain would understand it's a false-positive and should not be removed.

    • selcuka 3 days ago

      > Since when did we accept, as a society, guilty until proven innocent?

      At least since the Digital Millennium Copyright Act.

kemals 3 days ago

ThousandEyes analysis of the outage: https://www.thousandeyes.com/blog/zoom-outage-analysis-april...

  • gwbas1c 2 days ago

    The article lists a lot of facts, but it doesn't actually explain what happened.

    IE, it explains what DNS is, but it doesn't explain why the outage happened. Instead, it merely gives a timeline with a lot of context that's useful for someone who's still learning about what DNS is and how it works.

  • bo1024 3 days ago

    Thanks, this is really helpful. I had not even realized that every DNS query for .us (for example) goes through a single root registry before going to the actual nameservers.

    • hanikesn 3 days ago

      It's usually cached

be_erik 3 days ago

I was really hoping to find out they were hosting their DNS on GoDaddy. I still want it to be true.

  • johncolanduoni 3 days ago

    If only it were so, then they would have kind of deserved it. TIL GoDaddy wormed it’s way into administering the .us TLD on behalf of the federal government.

    • jsheard 3 days ago

      That makes two reasons to avoid .us domains, the other being that you're not allowed to redact the WHOIS information on those.

    • riffic 3 days ago

      wormed it is

    • oefrha 3 days ago

      [flagged]

  • johnklos 2 days ago

    GoDaddy is the registrar. They (Zoom) host their DNS using Amazon.

rajeshvar 3 days ago

Flush the cache instructions were posted under zoom.us :)

https://status.zoom.us/incidents/pw9r9vnq5rvk

  • gblargg 3 days ago

    I thought it was funny that they posted information about the outage on the same domain that had the outage.

    • agos 3 days ago

      having a status page on the same domain seems... unfortunate. Other big players have it right, see githubstatus.com

      • kevincox 3 days ago

        But please also make status.github.com redirect there or I won't know how to find it.

ro_bit 3 days ago

4 hour catastrophic outage because of a shitty domain registrar makes me wonder if zoom will be switching critical services to a different tld sooner or later as a result of this

  • Symbiote 3 days ago

    Maybe they will use multiple domains.

    See for example that AWS Route53 uses com, org, net and uk domains for the nameservers.

master_crab 3 days ago

It’s always DNS!

  • imglorp 3 days ago 

        It’s not DNS
    There’s no way it’s DNS
    It was DNS
RVRX 3 days ago

The domain status on the whois record was "serverHold" earlier in the day

AStonesThrow 2 days ago

Back in 2008, when my fiancée invited me to visit Catalonia, I was in the market for transatlantic airline tickets. And I'd never flown internationally before, and I applied and obtained a US Passport, and I figured out with my father how to get a Travelex prepaid debit card with Euros loaded, and my fiancée was prodding me anxiously about buying a ticket, and I eventually threw caution to the wind and flew on an airline called "ZOOM".

Now "ZOOM" was supposedly based in Canada and they were supposedly giving bargain-basement fares to Americans as well, from select origins to select destinations. All I needed to do was to get to Lindbergh Field (San Diego International) and ZOOM Airlines would fly me to London Gatwick. And their aircraft had cute friendly livery with big "ZOOOOOOOOM" lettering on the side. And the price was totally cheap.

Well they did their job fine; I landed in Gatwick, took a train to Heathrow, and flew on Iberia into and back out of Barcelona. Unfortunately, before I departed, my father phoned my fiancée to break the news that "ZOOM Airline" was bankrupt, and all their flights were grounded. They had run out of fuel in Scotland, and nobody would top up the tanks. My return ticket from London to San Diego was worthless.

So Dad puts me on a British Airways flight and I got home safe. But from August 2008, or before, I have harbored a visceral animosity towards any foreign actors named "ZOOM".

bongodongobob 3 days ago

Paradoxically, productivity spiked.

udev4096 3 days ago

What do relatively large corporations use for their authoritative nameserver? Do they use PowerDNS, knot, bind, or just use the registrar's nameservers?

  • jedberg 3 days ago

    Google runs their own, Facebook runs their own, Amazon used AWS, Microsoft uses Azure. Netflix uses AWS.

    Most likely all are running some version of Bind, or something custom.

    • bc569a80a344f9c 3 days ago

      And if you’re wondering about the hidden authoritative servers (that the company uses to generate and administer the zones then synced to a global DNS provider such as the ones you listed) two rather popular products for companies that aren’t also cloud providers are Infoblox and BlueCat.

fortran77 3 days ago

I remember when Kristen McIntyre owned zoom.com back in the early days as her hobby domain.

financetechbro 3 days ago

Lots of “glad Teams is working at least” commentary today across various meetings. Everyone had a good laugh, as it is usually typical to complaint about the how crappy Teams is. +1 for Teams today

gameshot911 2 days ago

Noob here: could this issue have been worked around if you had a personal list of the IP addresses that the domain resolved to?

  • natebc 2 days ago

    Most DNS issues can, yes. Your hosts file is going to be thick though, and a pain to keep up to date ;P

    • blueflow 2 days ago

      > Your hosts file is going to be thick though, and a pain to keep up to date

      I'm guessing you already know, but for the others: This is precisely what the DNS protocol was created for.

RVRX 3 days ago

"This block was the result of a communication error between Zoom’s domain registrar, Markmonitor, and GoDaddy Registry, which resulted in GoDaddy Registry mistakenly shutting down zoom.us domain. "

  • LinuxBender 3 days ago

    Something is fishy about this. A communication error would not result in a domain being placed on hold. On hold is usually the result of a legal order or in the case of the .us TLD a nexus compliance violation. I've transferred thousands of domains from assorted dodgy registrars into MarkMonitor and can not even imagine a scenario where a miscommunication results in a domain being placed on hold.

    • jltsiren 3 days ago

      Correctness doesn't scale. If something has six nines of reliability, you'll probably never see the one-in-million outlier yourself. But if the other side deals with a million requests a month, they are a common occurrence.

      • LinuxBender 3 days ago

        Yeah I'm not saying errors don't happen. I've been called into gazillions of them including many that "should not happen". Those make for the best root cause analysis and after action reports.

        Rather this does not sound like a communication error unless they are leaving out a lot of critical details and context or the domain management interface has been de-frictioned and dumbed down too much.

    • pigbearpig 3 days ago

      Could it have been something as simple as "hey, zoonn.us is violating Zoom's copyright, please block it" and then someone typos "zoom.us".

    • gjsman-1000 3 days ago

      Nah, weird stuff that “shouldn’t” happen almost always happens more often than things that “should” happen.

      • LinuxBender 3 days ago

        I hear ya but this would more than likely be something like a really sloppy human error such as following the wrong process vs. a miscommunication otherwise I would expect these outages to be much more frequent. I do remember when a fat-finger at UUNET took out most of the internet long ago but that was a human error and is a bit harder to have the same impact today.

        To me a communication error implies someone followed erroneous instructions without asking the obvious, " ... but isn't this a big business that is still live and why don't I have a legal order in my hand?" In fairness this did happen recently with he.net because a sub-domain was reported but it was done intentionally even if they failed to do even basic due diligence. After Covid I would expect most people would know zoom.us would be in use by a lot of people whereas only specific groups of people would know what he.net is.

        I am curious if the process has changed due to laziness and now registrars can just select any number of domains and click a button to place them on hold without management or executive approval. If so that should be in some audit trail and should require confirmation and approval by a senior leader.

      • root_axis 3 days ago
        4 more

        What? Weird stuff happens less by definition.

        • bombcar 3 days ago
          3 more

          Not necessarily. The default could happen 49% of the time, and everything else happens way less than 1%, but is weird.

          So 51% of the time it’s weird, but not the same weird.

          • LinuxBender 3 days ago

            Every place I've been we measured such weirdness outside of the 95'th and 99'th percentile. Anything out of common occurrence beyond the 99'th could be weird or interesting or fascinating. I still wish I could share the incident of a single NIC on a single server taking down an entire data-center, that was both weird and fascinating.

          • root_axis 3 days ago

            If there is a "default" then "everything else" is not weird. The conclusion is "this thing doesn't work most of the time so it wouldn't be weird if it doesn't".

    • Spooky23 3 days ago

      [flagged]

      • eli 3 days ago
        3 more

        Isn't the stated reason, a miscommunication with the registrar, far far more likely?

        • Spooky23 3 days ago
          2 more

          In normal times, absolutely. These aren’t normal times.

          • varenc 3 days ago

            What's the escalation theory here mean? The US shut it down to damage a company it doesn't like? And 2-4 hours is meaningful? or China did it? Maybe it was shutdown and used as negotiating leverage and brought back when some agreement was reached?

            GoDaddy's involvement really makes me believe that it's a genuine screw up.

      • x0x0 3 days ago

        Well, Zoom also lied about their encryption (or, perhaps more charitably, described it in a misleading way. nah, they just lied) and was directing traffic through chinese servers with no reason for doing it -- it was occurring when all meeting participants and the company paying for the zoom account were outside China -- besides enabling spying.

  • gkanai 3 days ago

    Companies pay MarkMonitor to NOT make these mistakes. So... GoDaddy failed?

    • eli 3 days ago

      Or... they did make a mistake. It happens to the best of us.

    • devrand 3 days ago

      Yeah I don't understand this. MarkMonitor themselves are a registry, so is the potentially a mistake in migrating from GoDaddy to MarkMonitor?

      • jsheard 3 days ago
        3 more

        GoDaddy operates the .us TLD, so Zoom registered the domain through Markmonitor, who acquired it from GoDaddy, who shit the bed and broke everything.

        • devrand 3 days ago
          2 more

          ah-ha! Didn't consider that GoDaddy operates the TLD (in my mind I assumed it was just Verisign). Thank you for pointing that out.

          • jsheard 3 days ago

            It used to be operated by Neustar, but GoDaddy bought out their domains business in 2020.

      • electroly 3 days ago

        MarkMonitor is a registrar (one of many). GoDaddy Registry is the .us registry operator (the only one); they actually operate the TLD on behalf of the government. In this capacity they are not operating as another registrar, but as the TLD operator.

      • timewizard 3 days ago

        "It would be amiss not to start without a reference to AI, as 2024 saw the movements toward legal definitions and prohibited AI practices with the EU’s AI Act. 2024 also saw more innovative integration of AI into registrars’ service offerings, from “chatbots” to registration process flow to domain name generators. We also witnessed the rise of LLM (or Large Language Models) being used in Brand Protection Services and the identification of abusive registrations. This trend will definitely be increasing in 2025."

        https://www.markmonitor.com/blog/2024-markmonitor-year-in-re...

  • bo1024 3 days ago

    What does “shutting down” the domain even mean? Has to be a DNS thing, right?

    • colechristensen 3 days ago

      It's translated through several layers of people who don't know anything.

      Their domain expired because at some level people made some pretty boneheaded mistakes.

      Whomever their actual registrar actually was (GoDaddy it seems) stopped pointing the zoom.us nameserver record (NS) at AWS Route 53 which Zoom obviously uses.

          % dig +short zoom.us NS
    ns-387.awsdns-48.com.
    ns-1137.awsdns-14.org.
    ns-1772.awsdns-29.co.uk.
    ns-888.awsdns-47.net.
      • manquer 3 days ago

        GoDaddy is the root registry for all .us ccTLD, MarkMonitor is the actual registar Zoom is working with. The issue seems to be more how GoDaddy assigned to the domain to MarkMonitor not something Zoom itself likely controls (such as NS records)

        .us (and other many TLDs) uses EPP to communicate between registars (MarkMonitor here) and Registry (GoDaddy). It is probably an admin error rather than code[1], some manual approval or other human review workflow for high value domain and someone clicked/filled in the wrong value at GoDaddy or MarkMonitor would be my first guess.

        [1] would have been observed and fixed long before today, transfers happen all the time after all

      • eli 3 days ago

        It didn't expire

Galatians4_16 2 days ago

This wouldn't happen if it were distributed or decentralized like pre-MS Skype used to be.

chrisweekly 3 days ago

Is it just a coincidence that Spotify and Zoom both had massive outages on the same day?

wodenokoto 3 days ago

Would it be safer to hard-code a static IP than a domain?

  • Koffiepoeder 3 days ago

    Ip's can (easily) be hijacked by nefarious BGP requests and offer no easy SSL. You could maybe add cert pinning to fix that, but it's quite inflexible.

    Another added bonus of domains is the potential for subdomains to be used. This could be usful for many purposes: as load balancing/pooling mechanism (fictive example us4.zoom.us) and for compartmentalisation (api.zoom.us).

iqandjoke 3 days ago

It should not cause issue as your company should have BCP on this and can switch to other conferencing service.

Fokamul 3 days ago

Lol, they use GoDaddy? Aka scammers and racketeers? Aaah .us TLD, too bad they have control over it.

megamike 3 days ago

oops rolls eyes

autoexec 3 days ago

Markmonitor and zoom are both terrible companies so I can't feel bad about this

xyst 3 days ago

Zoom, a multibillion dollar corporation, uses the shit tier of all companies, _GoDaddy_, for their registrar?

What a blunder.

  • londons_explore 3 days ago

    GoDaddy runs the .us TLD. You cannot avoid them if you want that TLD

    • Geezus_42 3 days ago

      You can avoid them by not using the .us TLD.

      • stock_toaster 3 days ago

        And the 5 years or so since Godaddy bought .us should have been long enough to migrate to another name.

  • lucb1e 3 days ago

    That's not the registrar, that's the registry

system2 3 days ago

Someone in the Zoom company management forgot to update the billing credit card for that domain, I bet you $1000. Happens all the time with our clients.

  • adrr 3 days ago

    They don’t use normal registrations. Anyone with any size is using MarkMonitor and do monthly billing and have a dedicated person. No credit cards.

  • jeffbee 3 days ago

    The entire point of MarkMonitor is that won't happen.

    • dontdoxxme 3 days ago

      Except while it probably wasn’t a credit card expiry it did result in the domain being suspended. Looks pretty bad for MarkMonitor. They didn’t do the “monitor” part of their name.

    • system2 3 days ago

      Well then, someone at MarkMonitor forgot to update the credit card, then. hehe

    • londons_explore 3 days ago

      I wonder how long mark monitor would keep renewing the domain without payment...

  • nulbyte 3 days ago

    I don't think the domain was up for renewal this year. Even if it were, it wouldn't expire until the 23rd.