[BALUG-Admin] So, joker.com, then?

Rick Moen rick@linuxmafia.com
Fri May 31 06:38:53 UTC 2024 

On Mastodon, I'm @unixmercenary@infosec.exchange.

As such, I just tooted this
(https://infosec.exchange/@unixmercenary/112534258603738688 ):


 may be seeking a new #DNSregistrar.  Once upon a time, there was a
highly clueful one named ideegeo Group, Ltd. d/b/a IWantMyName.com in
Wellington, NZ, technically a retail reseller for large German registrar
1API.  

Early on, their staff efficiently and quickly fixed an odd problem,
where my two domains were suddenly private WHOIS against my wishes:  The
tech found that 1API had unilaterally toggled everyone private to
quickly comply with GDPR rollout -- and intervened to revert that on my
domains.

Roll forward to 2019.  British multinational CentralNic Group PLC
acquired ideegeo Group Ltd., and shut down the NZ operation.  

Uh-oh.

About a year later, I saw that my domains were suddenly private WHOIS
again, saw still nothing in the customer WebUI to adjust that, and
opened another ticket, referencing the first one, speculating 1API might
have done it again, and asking the same fix.

A tech from the new lot immediately closed the ticket with the
explanation that the operator of the .com and .net TLDs had imposed
private WHOIS on all domains, and therefore IWantMyName was powerless to
help me.

I almost accepted this pile of bullhockey, but then thought to
cross-check, among others, domains 1API.net and IWantMyName.com -- whose
public WHOIS data immediately disproved the nonsense claim.  I reopened
the ticket, pointing out their claim is provably wrong, and reiterating
my request.

The tech closed the ticket again with the comment that he'd repeated
what the technical staff told him -- not commenting on the fact that it
was provably false.

I escalated this matter to corporate staff in London, saying that
gaslighting customers is uncool, that I could easily take business
elsewhere, and that I'd be deciding that in a couple of days.  A senior
tech in London reopened the case, told me he' fix things, did so,
explained that first-level techs had relied on bad information, and
observed (justly) that few customers wished to eschew private WHOIS.  As
resolution occurred before my deadline, I stayed.

Yesterday, after verifying that IWantMyName.com's customer WebUI still
doesn't permit early renewal, I opened a new ticket saying "Please
manually extend by two years each of my domains linuxmafia.com and
unixmercenary.net, please charge my credit card of record number NNNN
for the US $95.26 entailed, and please do that now."

I got back a response saying:

"We currently only register and renew domains automatically for one year
at a time.

We've found that longer registration periods lead to a higher chance of
customers losing or forgetting their account details or missing
notifications and ultimately letting their domains expire due to
outdated contact information for expired credit card details.

The annual notifications serve as a reminder of sorts to keep everything
up to date. Or, if something unexpected happens and the domain is no
longer needed, it can be cancelled with no time/money lost.

If you have any other questions, just let us know."

I waited a day, then wrote back saying I'd seen no action on my request.
The tech referred me to the above statement.

I wrote back:

"That was not even anywhere near an answer to my request.

I didn't ask about automatic renewal policy.  I requested manual
processing of two-year extension, now, for each of my two domains,
charging the appropriate fees totalling US $95.26 to my credit card of
record.

Please do that now.

I will continue to escalate this matter, if it is not addressed."

This is in  "You had one job" territory, nicht wahr?   Any fellow Ops
people with clueful-registrar suggestions?  Needing to escalate routine
requests has gotten old.

For the record, for good and compelling reasons, I keep domains a long
way from expiration, run a weekly cron job executing d-check
(http://linuxmafia.com/pub/linux/network/) to watch whois for upcoming
renewal dates, and renew well in advance of need.  

Likewise, I insist on public WHOIS so it can fulfil its design role of
permitting contact, by anyone observing a problem or other matter
needing attention,  to the Administrative, Technical, and Registrant
contacts as appropriate.

"You'll be doxed", someone says says?  Funny, that:  Maybe they might
use the real street address, real telephone number, real e-mail address,
and "ICBM address" (latitude, longitude, and altitude of my favourite
chair) on my personal Web page, instead.

More information about the BALUG-Admin mailing list