Regarding registrar LOCK for

Eric Brunner-Williams in Portland Maine brunner at
Thu Jan 20 00:22:41 UTC 2005

Oki all,

I wasn't going to discuss this because it is potentially confusing,
but as we're ratholing on registrar lock ...


Some 60 plus days after a party acquired a domain, s/he initiated an
"UNLOCK" at the user interface of the operator that had arrainged to
acquire this particular domain. The transaction completed.

The "loosing" registrar showed "unlocked", the "gaining" registrar
saw the "unlocked" and proceeded with a transfer, which failed.

The rrp.unlock() call actually never was made from the registrar
to the registry, due to a transient network event between the operator
network, and the "loosing" registrar network.

The point is that locks aren't what they seem. This is a distributed
system with many points of failure, not completely coherent, and it
does matter from where one looks. Shorter form: error is possible.


The registrant asked me to help. I called the operator. The CSR who
took the call observed the inconsistency and re-issued the rrp.unlock().

Domain unlocked by jrandom-3rd-party in under two minutes. Granted, it
was in an unusual state and the caller (me) knew more than the nice CSR.


Posit a backhoe of unusual size operating near MIT, or that MIT does
business out of Sri Lanka and the State of Nagaland has just dragged
anchor across the SEA-ME-WE-III (again), or any of a dozen other real
life events. 

We'd be chatting about the state in the central registry, not the
failure to trigger a state change at the periphery of the system.


It is possible to run a domain name based network service off of addresses
provisioned by dhcp. It is possible to acquire a contiguous block, and to
hold them for quite a long time. But that doesn't mean that it is sensible
to build a network infrastructure for dynmaically provisioned resources.

The transformation of the dns service from 1990 to the present has created
dynmaic provisioned name resources -- the property absent in 1990, the
"competitive" registrar, is dynamic, and hence so is everything else.

I picked 1990 because Panix is 15 year old.

I think the fundamental issue is that things that ought to be wicked
stable, are in fact not.

Everyone is free to draw their own conclusions, and act as they see
fit, its all just risk management anyway, but if the design respected
this user community, we wouldn't be reading that the correct competitive
registrar can manage the risk.


This is my last note on the subject.


More information about the NANOG mailing list