The complete .cd zone (country code for the Democratic Republic of the Congo) is off-line since at least yesterday, because the .cd-registry forgot to renew the .net domain name under which all nameservers for .cd are hosted.

The .cd-registry uses 3 nameservers which seem to be correctly located in independent locations. But all are subdomains of the same domain name And that domain name expired a couple of days ago.

To complicate things even further, it seems the domain name is registered through a reseller of eNom who doesn’t have an active website.

We reached out to both the current registrar and reseller of this domain name to offer assistance with restoring the .cd zone, but are waiting for their response.

The .cd extension has had a somewhat turbulent history lately. The extension was originally run by a Congolese citizen who moved to South Africa and hosted the registry system on the network of a South African university. Because the Congolese government wanted to keep the .cd extension within Congo, in 2017 they kicked out the foreign administrator. Since that time, no new registrations or even updates were possible. Existing domain names however remained active. A message promising those services to be restored any time soon has been on the registry website for at least 4 year since.

The .cd-registry clearly isn’t very good at renewing their most crucial domain name. Last year they had this exact same issue. At that time, they used for their nameservers and let that one expire. The .cd zone then didn’t go down completely, because they also had nameservers under a different domain name which they rented from a large African network provider. But was later re-registered by a white hat hacker who tried to give it back to the .cd-registry. Read more about how Fredrik Nordber Almroth’s “hijacked a top-level domain”

Update: shortly after our post, the .cd-registry renewed the domain name and .cd domain names started working again.

Every 3 months a special ceremony takes place in which new cryptographic “Zone Signing Keys” are being signed, which will be used the next quarter to secure the root DNS zone. These DNSSEC keys are the basis of every DNSSEC-protected domain name. A copy of the “Key Signing Key” required for this, is kept at two secure locations in the US. In order to be able to use it, multiple steps need to be taken during a lengthy ceremony, including the opening of two safes by IANA/ICANN staff. February 12th such a ceremony should have taken place. Since the expected life time of the safes had been reached, IANA had scheduled for them to be replaced. For one of the safes, the expected life time turned out to be extremely accurate: while trying to open it, the lock mechanism refused to cooperate.

Sectigo (formerly known as Comodo) is one of the leading providers for certificates. Such certificates are used to encrypt internet traffic going to websites and mailservers. Sectigo is now recalling almost 6000 certificates, all of which were issued to companies from The Netherlands. The recall action was announced Wednesday. Affected clients have less than one week to install a new certificate. On January 28 the old certificates will be revoked and websites on which the certificate has not been replaced will refuse to load.

Last week over 350.000 .uk domain names have (finally) been claimed by their rightful owner. Over the last 3 weeks combined, there were even well over one million .uk domain names registered. That’s much more than for example the 271.000 .uk names registered during the 52 weeks of 2018.

Almost exactly 5 years ago, direct registrations under .uk were launched. Prior to that time, only registrations under subdomains like or were possible. Owners of a (or,,…) however had their name reserved for them free of charge for the first 5 years. Because of this, most stuck with their domain name and didn’t bother registering (and starting to pay for) the same name under .uk.

The Irish registry IEDR is currently carrying out a public consultation asking if it should loosen its registration rules or not. Currently, in order to register a .ie domain name, you need to proof a link with Ireland and to have a claim on the domain name you want to register. This claim can be a registered trade mark or a company name, which are easy to verify. But it could just as well be something more vague like a type of service you plan to offer in the future. The new plan would be to still require proof of a bond with Ireland, but if you can proof such an Irish link, then you may register any .ie domain name.

Without anybody noticing, the .cd-registry recently became an abandoned ghost registry adrift. For many years, the registry was run by one person who originated from Congo, but is now employed by a South-African university. According to contacts with the Congolese government, they wanted to bring back the management of the .cd domain space to within Congo and the South-African administrator left the ship abandoned before a take-over could be arranged.

The Norwegian registry NORID carried out some small alterations to their terms and conditions. One of which is to also allow the usage of the accented letter ï (i umlaut) in .no domain names. Apparently they only now discovered that this letter is being used in one of the official languages spoken in Norway, exactly 13 years after allowing the usage of accented letters for .no domain names.