As auDA Gears Up for .AU 2LD Launch, a Security Breach. But Will 2LDs Be a Damp Squib?

March 24 is a big day for .au domain names. It’s the day auDA is launching second level .au domain names. It comes on the back of a security outage that reportedly saw around 15,000 (out of 3.4 million) .au domain names out for 30 minutes on 22 March. But when it comes to second level domains, what’s the point? It comes on the back of me pondering various websites around the world setup to highlight issues with Russia’s current war against and invasion of Ukraine. Under .au until tomorrow I couldn’t set up a website using a .au domain name to serve as information, for example, unless I was part of an organisation that is an official business. That’s how ridiculous the previous eligibility requirements were for .au.

The security outage, which The Guardian reported impacted more than 15,000 websites including some of the biggest in Australia, lasted from 05:48 to 06:18 UTC on 22 March according to Bill Woodcock.

In a statement auDA said they “worked quickly with the .au registry operator to restore services and resolve the issue for end users in under two hours.”

auDA went on to say “an investigation into the root cause identified a bug in the process that generates the DNSSEC digital signing records. We are aware that end users using one public DNS resolver were impacted.”

But back to second level domains. In December 2015 in its final report, an auDA policy advisory group (Names Policy Panel) of which I was a member recommended “in principle that .au should be opened up to direct registrations.” It was the third Names Policy Panel (the first was when I was serving as an board member in 2007) of which I was a member, and the third time I’d called for second level domain names to be implemented. On the previous two occasions I was in the minority.

Roll on six years and the glacial way in which auDA moves today, they have largely excluded members (now “associate members”) from policy making rather quickly, and we’re on the eve of their introduction.

So after being a fierce advocate of second level domain names for so long, why am I now asking what’s the point? Individuals were effectively long excluded from .au. Sure, there was But despite multiple promotional campaigns by the former registry operator (AusRegistry/Neustar/now GoDaddy Registry) it was ignored. Today there are around 13,000 domain names. A mere blip out of the 3.4 million. Allowing individuals greater opportunity was one of my main issues. Shorter names were a secondary consideration for me but it was also important. More choice I considered a furphy as it was always going to be the case existing registrants would get first choice. The way in which auDA has gone about this though is rather convoluted. There was already a great template for this from InternetNZ but auDA decided to reinvent the wheel.

On the effective exclusion of individuals, back in 2011 the then CEO of the French registry (AFNIC) Mathieu Weill told me allowing individuals to register .fr domain names had seen registrations in France’s ccTLD jump 30% over five years. They made up half of all new .fr registrations and 40% of total registrations at the time. So there was a huge lost opportunity.

But since 2011 social media usage has exploded. The reasons for individuals to register new domain names have largely disappeared. They can now setup pages on Facebook, Instagram, Pinterest, Etsy… the list goes on. Some of these will be blogs, hobbies and interests. Some of these would go on to become viable businesses and these days some may never bother to register a domain name. To register a domain name under any of the .au namespaces (except until today requires a number issued by the tax office for a business.

While I’m happy second level (direct) .au registrations are coming, the glacial way in which auDA has gone about their introduction has meant it’s likely to be a very damp squib.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.