FW: STARTS in 5 MINUTES REMINDER! Meeting invitation: At-Large Consolidated Policy Working Group (CPWG) Call on Wednesday, 16 April 2025 at 19:00 UTC
Dear All, The next At-Large Consolidated Policy Working Group (CPWG) Call has been scheduled for Wednesday, 16 April 2025 at 19:00 UTC for 90 mins, For other times: https://tinyurl.com/5e9vhzyy The agenda (to be updated) and call details can be found at: https://icann-community.atlassian.net/wiki/x/AYCTD Zoom Room: https://icann.zoom.us/j/765717566?pwd=UTJCdWRSZVdJNEhOYW02OVBqQVQ1Zz09 / Passcode: #CPWG2345* Real time transcription (RTT) available at (subject to availability): https://www.streamtext.net/player?event=ICANN At-Large Consolidated Policy Working Group (CPWG) Wiki Space: https://community.icann.org/x/jYDpB If you require a dial-out please contact At-Large staff at: staff@atlarge.icann.org<mailto:staff@atlarge.icann.org> Thank you. Kind Regards, At-Large Staff ICANN Policy Staff in support of the At-Large Community Website: atlarge.icann.org<https://atlarge.icann.org/> Facebook: facebook.com/icann<https://www.facebook.com/icannatlarge>atlarge<https://www.facebook.com/icannatlarge> Twitter: @<https://twitter.com/ICANNAtLarge>ICANNAtLarge<https://twitter.com/ICANNAtLarge>
Is anyone else having trouble accessing the Zoom room via the link provided? From: ICANN At-Large Staff via CPWG <cpwg@icann.org> Date: Wednesday, April 16, 2025 at 2:55 PM To: cpwg@icann.org <cpwg@icann.org> Subject: [CPWG] FW: STARTS in 5 MINUTES REMINDER! Meeting invitation: At-Large Consolidated Policy Working Group (CPWG) Call on Wednesday, 16 April 2025 at 19:00 UTC Dear All, The next At-Large Consolidated Policy Working Group (CPWG) Call has been scheduled for Wednesday, 16 April 2025 at 19:00 UTC for 90 mins, For other times: https://tinyurl.com/5e9vhzyy The agenda (to be updated) and call details can be found at: https://icann-community.atlassian.net/wiki/x/AYCTD Zoom Room: https://icann.zoom.us/j/765717566?pwd=UTJCdWRSZVdJNEhOYW02OVBqQVQ1Zz09 / Passcode: #CPWG2345* Real time transcription (RTT) available at (subject to availability): https://www.streamtext.net/player?event=ICANN At-Large Consolidated Policy Working Group (CPWG) Wiki Space: https://community.icann.org/x/jYDpB If you require a dial-out please contact At-Large staff at: staff@atlarge.icann.org<mailto:staff@atlarge.icann.org> Thank you. Kind Regards, At-Large Staff ICANN Policy Staff in support of the At-Large Community Website: atlarge.icann.org<https://atlarge.icann.org/> Facebook: facebook.com/icann<https://www.facebook.com/icannatlarge>atlarge<https://www.facebook.com/icannatlarge> Twitter: @<https://twitter.com/ICANNAtLarge>ICANNAtLarge<https://twitter.com/ICANNAtLarge>
On Wed, Apr 16, 2025 at 07:03:06PM +0000, mike palage.com via CPWG wrote:
Is anyone else having trouble accessing the Zoom room via the link provided?
zoom.us is not longer a registered domain name in the us TLD.
On Wed, Apr 16, 2025 at 10:25:54PM +0200, Lutz Donnerhacke via CPWG wrote:
On Wed, Apr 16, 2025 at 07:03:06PM +0000, mike palage.com via CPWG wrote:
Is anyone else having trouble accessing the Zoom room via the link provided?
zoom.us is not longer a registered domain name in the us TLD.
There are strong evidence (screenshot of the whois record), that somebody updated the registry (godaddy) entry for zoom.us to stop serving the domain name (server hold) at 18:25 UTC. The rest is distributed DNS caching. There is no evidence for criminal activities or DDoS ...
On 16/04/2025 21:50, Lutz Donnerhacke via CPWG wrote:
On Wed, Apr 16, 2025 at 10:25:54PM +0200, Lutz Donnerhacke via CPWG wrote:
On Wed, Apr 16, 2025 at 07:03:06PM +0000, mike palage.com via CPWG wrote:
Is anyone else having trouble accessing the Zoom room via the link provided?
zoom.us is not longer a registered domain name in the us TLD.
There are strong evidence (screenshot of the whois record), that somebody updated the registry (godaddy) entry for zoom.us to stop serving the domain name (server hold) at 18:25 UTC.
The rest is distributed DNS caching. There is no evidence for criminal activities or DDoS ... _______________________________________________ CPWG mailing list -- cpwg@icann.org To unsubscribe send an email to cpwg-leave@icann.org
It is back in the .US zone now. Most recent WHOIS check: Domain Name: zoom.us Registry Domain ID: D1813391-US Registrar WHOIS Server: whois.markmonitor.com Registrar URL: www.markmonitor.com Updated Date: 2025-04-16T20:12:49Z Creation Date: 2002-04-24T15:03:39Z Registry Expiry Date: 2027-04-23T23:59:59Z Registrar: MarkMonitor, Inc. Registrar IANA ID: 292 Registrar Abuse Contact Email: registry.admin@markmonitor.com Registrar Abuse Contact Phone: +1.2083895740 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientUpdateProhi Previous WHOIS check: Domain Name: zoom.us Registry Domain ID: D1813391-US Registrar WHOIS Server: whois.markmonitor.com Registrar URL: www.markmonitor.com Updated Date: 2025-04-16T18:25:44Z Creation Date: 2002-04-24T15:03:39Z Registry Expiry Date: 2027-04-23T23:59:59Z Registrar: MarkMonitor, Inc. Registrar IANA ID: 292 Registrar Abuse Contact Email: registry.admin@markmonitor.com Registrar Abuse Contact Phone: +1.2083895740 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: serverHold https://icann.org/epp#serverHold Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Registry Registrant ID: C4F4692A1DCD04CC0B9B57813CA0C74CD-NSR Regards...jmcc -- ********************************************************** John McCormac * e-mail: jmcc@hosterstats.com MC2 * web: http://www.hosterstats.com/ 22 Viewmount * Domain Registrations Statistics Waterford * Domnomics - the business of domain names Ireland * https://amzn.to/2OPtEIO IE * Skype: hosterstats.com ********************************************************** -- This email has been checked for viruses by Avast antivirus software. www.avast.com
https://status.zoom.us/incidents/pw9r9vnq5rvk <https://status.zoom.us/incidents/pw9r9vnq5rvk?irclickid=U4aVPPxIbxycR2U3i3QP...> “ On April 16, between 2:25 P.M. ET and 4:12 P.M. ET, the domain zoom.us was not available due to a server block by GoDaddy Registry. This block was the result of a communication error between Zoom’s domain registrar, Markmonitor, and GoDaddy Registry, which resulted in GoDaddy Registry mistakenly shutting down zoom.us domain. Zoom, Markmonitor and GoDaddy worked quickly to identify and remove the block, which restored service to the domain zoom.us. There was no product, security or network failure at Zoom during the outage. GoDaddy and Markmonitor are working together to prevent this from happening again.” On Wed, 16 Apr 2025 at 5:04 PM, John McCormac via CPWG <cpwg@icann.org> wrote:
On 16/04/2025 21:50, Lutz Donnerhacke via CPWG wrote:
On Wed, Apr 16, 2025 at 10:25:54PM +0200, Lutz Donnerhacke via CPWG wrote:
On Wed, Apr 16, 2025 at 07:03:06PM +0000, mike palage.com via CPWG wrote:
Is anyone else having trouble accessing the Zoom room via the link provided?
zoom.us is not longer a registered domain name in the us TLD.
There are strong evidence (screenshot of the whois record), that somebody updated the registry (godaddy) entry for zoom.us to stop serving the domain name (server hold) at 18:25 UTC.
The rest is distributed DNS caching. There is no evidence for criminal activities or DDoS ... _______________________________________________ CPWG mailing list -- cpwg@icann.org To unsubscribe send an email to cpwg-leave@icann.org
It is back in the .US zone now.
Most recent WHOIS check:
Domain Name: zoom.us Registry Domain ID: D1813391-US Registrar WHOIS Server: whois.markmonitor.com Registrar URL: www.markmonitor.com Updated Date: 2025-04-16T20:12:49Z Creation Date: 2002-04-24T15:03:39Z Registry Expiry Date: 2027-04-23T23:59:59Z Registrar: MarkMonitor, Inc. Registrar IANA ID: 292 Registrar Abuse Contact Email: registry.admin@markmonitor.com Registrar Abuse Contact Phone: +1.2083895740 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: clientUpdateProhi
Previous WHOIS check:
Domain Name: zoom.us Registry Domain ID: D1813391-US Registrar WHOIS Server: whois.markmonitor.com Registrar URL: www.markmonitor.com Updated Date: 2025-04-16T18:25:44Z Creation Date: 2002-04-24T15:03:39Z Registry Expiry Date: 2027-04-23T23:59:59Z Registrar: MarkMonitor, Inc. Registrar IANA ID: 292 Registrar Abuse Contact Email: registry.admin@markmonitor.com Registrar Abuse Contact Phone: +1.2083895740 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited Domain Status: serverHold https://icann.org/epp#serverHold Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited Registry Registrant ID: C4F4692A1DCD04CC0B9B57813CA0C74CD-NSR
Regards...jmcc -- ********************************************************** John McCormac * e-mail: jmcc@hosterstats.com MC2 * web: http://www.hosterstats.com/ 22 Viewmount * Domain Registrations Statistics Waterford * Domnomics - the business of domain names Ireland * https://amzn.to/2OPtEIO IE * Skype: hosterstats.com **********************************************************
-- This email has been checked for viruses by Avast antivirus software. www.avast.com _______________________________________________ CPWG mailing list -- cpwg@icann.org To unsubscribe send an email to cpwg-leave@icann.org
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
Perhaps the silver lining here, if there is one, from the outage situation is to demonstrate a very real world and publicly visible case as to how these hold functions work. The public can suffer in situations of its misuse.... vis-a-vis 'friendly fire' consequences of inelegance in takedowns when directed. This is exactly why registries and registrars push back on ensuring we apply some due process like asking for evidentiary support when receiving abuse reports or push back a little before we use serverHold or clientHold on a domain name and ask for evidence. Those statuses remove the authoritative nameservers from the TLD zone and cause resolution to fast fail. -Jothan On Wed, Apr 16, 2025 at 1:51 PM Lutz Donnerhacke via CPWG <cpwg@icann.org> wrote:
On Wed, Apr 16, 2025 at 10:25:54PM +0200, Lutz Donnerhacke via CPWG wrote:
On Wed, Apr 16, 2025 at 07:03:06PM +0000, mike palage.com via CPWG wrote:
Is anyone else having trouble accessing the Zoom room via the link provided?
zoom.us is not longer a registered domain name in the us TLD.
There are strong evidence (screenshot of the whois record), that somebody updated the registry (godaddy) entry for zoom.us to stop serving the domain name (server hold) at 18:25 UTC.
The rest is distributed DNS caching. There is no evidence for criminal activities or DDoS ... _______________________________________________ CPWG mailing list -- cpwg@icann.org To unsubscribe send an email to cpwg-leave@icann.org
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
Jothan, It is always interesting how people can examine the same set of facts and come away with a different perspective. My thoughts after finding out the complete set of facts, as opposed to speculating while trying to figure out why I was unable to access the CPWG call, is as follows: 1. I am glad that Article 21 of NIS 2.0 recognizes the vital importance of supply chain security for essential entities. While I hope we learn more about the miscommunication between MarkMonitor and GoDaddy, there was clearly a breakdown in the supply chain that should have been prevented. 2. Next, I thought back to the origins of WHOIS data in allowing people to contact a network operator when there was a technical issue. While this Zoom outage was heard around the world almost instantaneously. What if this “miscommunication” impacted a small SME like the ones that Jothan and I operate. It would be nice for someone to be able to contact that business owner to get them back online. 3. I was glad that the NIS 2.0 Cooperation Group guidance properly raised the bar in recommending the syntactical and operational use of email AND telephone. The default business practice for most ICANN contracting parties is to verify ONLY the email operationally. In this case with the domain name being removed from the zone file, it would have likely impacted the sending or receiving of email to that domain. Therefore, this is an excellent use case for having MULTIPLE verified means of communicating with a Registrant in the event of an issue with their domain name. No single point of failure regarding “contactability.” Best regards, Michael From: Jothan Frakes via CPWG <cpwg@icann.org> Date: Friday, April 18, 2025 at 11:42 AM To: cpwg@icann.org <cpwg@icann.org> Subject: [CPWG] Re: Zoom outage Perhaps the silver lining here, if there is one, from the outage situation is to demonstrate a very real world and publicly visible case as to how these hold functions work. The public can suffer in situations of its misuse.... vis-a-vis 'friendly fire' consequences of inelegance in takedowns when directed. This is exactly why registries and registrars push back on ensuring we apply some due process like asking for evidentiary support when receiving abuse reports or push back a little before we use serverHold or clientHold on a domain name and ask for evidence. Those statuses remove the authoritative nameservers from the TLD zone and cause resolution to fast fail. -Jothan On Wed, Apr 16, 2025 at 1:51 PM Lutz Donnerhacke via CPWG <cpwg@icann.org<mailto:cpwg@icann.org>> wrote: On Wed, Apr 16, 2025 at 10:25:54PM +0200, Lutz Donnerhacke via CPWG wrote:
On Wed, Apr 16, 2025 at 07:03:06PM +0000, mike palage.com<http://palage.com> via CPWG wrote:
Is anyone else having trouble accessing the Zoom room via the link provided?
zoom.us<http://zoom.us> is not longer a registered domain name in the us TLD.
There are strong evidence (screenshot of the whois record), that somebody updated the registry (godaddy) entry for zoom.us<http://zoom.us> to stop serving the domain name (server hold) at 18:25 UTC. The rest is distributed DNS caching. There is no evidence for criminal activities or DDoS ... _______________________________________________ CPWG mailing list -- cpwg@icann.org<mailto:cpwg@icann.org> To unsubscribe send an email to cpwg-leave@icann.org<mailto:cpwg-leave@icann.org> _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
Good points This was not really an NIS2 thing, but rather it was about the disruption and inelegance of serverHold. My point was to allow for the situation of disruption to show some context about why we as CPH push back for evidence and triple check things before we wield it (or its equivalent, clientHold if we're a Registrar) because it has high impact and low precision with great potential to cause outages. We're not just being recalcitrant or uncharitable with the pushback. On Fri, Apr 18, 2025 at 9:56 AM michael palage.com <michael@palage.com> wrote:
Jothan,
It is always interesting how people can examine the same set of facts and come away with a different perspective.
My thoughts after finding out the complete set of facts, as opposed to speculating while trying to figure out why I was unable to access the CPWG call, is as follows:
1. I am glad that Article 21 of NIS 2.0 recognizes the vital importance of supply chain security for essential entities. While I hope we learn more about the miscommunication between MarkMonitor and GoDaddy, there was clearly a breakdown in the supply chain that should have been prevented. 2. Next, I thought back to the origins of WHOIS data in allowing people to contact a network operator when there was a technical issue. While this Zoom outage was heard around the world almost instantaneously. What if this “miscommunication” impacted a small SME like the ones that Jothan and I operate. It would be nice for someone to be able to contact that business owner to get them back online. 3. I was glad that the NIS 2.0 Cooperation Group guidance properly raised the bar in recommending the syntactical and operational use of email AND telephone. The default business practice for most ICANN contracting parties is to verify ONLY the email operationally. In this case with the domain name being removed from the zone file, it would have likely impacted the sending or receiving of email to that domain. Therefore, this is an excellent use case for having MULTIPLE verified means of communicating with a Registrant in the event of an issue with their domain name. No single point of failure regarding “contactability.”
Best regards,
Michael
*From: *Jothan Frakes via CPWG <cpwg@icann.org> *Date: *Friday, April 18, 2025 at 11:42 AM *To: *cpwg@icann.org <cpwg@icann.org> *Subject: *[CPWG] Re: Zoom outage
Perhaps the silver lining here, if there is one, from the outage situation is to demonstrate a very real world and publicly visible case as to how these hold functions work.
The public can suffer in situations of its misuse.... vis-a-vis 'friendly fire' consequences of inelegance in takedowns when directed.
This is exactly why registries and registrars push back on ensuring we apply some due process like asking for evidentiary support when receiving abuse reports or push back a little before we use serverHold or clientHold on a domain name and ask for evidence. Those statuses remove the authoritative nameservers from the TLD zone and cause resolution to fast fail.
-Jothan
On Wed, Apr 16, 2025 at 1:51 PM Lutz Donnerhacke via CPWG <cpwg@icann.org> wrote:
On Wed, Apr 16, 2025 at 10:25:54PM +0200, Lutz Donnerhacke via CPWG wrote:
On Wed, Apr 16, 2025 at 07:03:06PM +0000, mike palage.com via CPWG wrote:
Is anyone else having trouble accessing the Zoom room via the link provided?
zoom.us is not longer a registered domain name in the us TLD.
There are strong evidence (screenshot of the whois record), that somebody updated the registry (godaddy) entry for zoom.us to stop serving the domain name (server hold) at 18:25 UTC.
The rest is distributed DNS caching. There is no evidence for criminal activities or DDoS ... _______________________________________________ CPWG mailing list -- cpwg@icann.org To unsubscribe send an email to cpwg-leave@icann.org
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
participants (7)
-
Dev Anand Teelucksingh -
ICANN At-Large Staff -
John McCormac -
Jothan Frakes -
Lutz Donnerhacke -
michael palage.com -
mike palage.com