UPDATE on GoDaddy's New "Selective DNS Blackouts" Policy

By R. Scott Perry on September 2, 2011



After posting the original article about GoDaddy's Selective DNS Blackouts Policy, I finally heard back from their PR department. They made an official statement, from Rich Merdinger, Director, Domain Services:
Go Daddy monitors DNS queries to ensure our customers' information is being accessed properly and not being harvested for unintended uses.

If we suspect that any service is gathering DNS data, we will limit access to that specific source. This is done to maintain our high level of system integrity.

If a company or service has questions about accessing Go Daddy DNS, they can email dns (at) jomax.net.

At first glance, it sounds reasonable. Protect the customers. But how does one access DNS improperly? What unintended uses are there for DNS? What is the problem with gathering DNS data? We're not talking about taking advantage of security flaws, we're talking about DNS lookups. Ones that the DNS RFCs intended, perfomed as described by the RFCs. Those sound like issues that could come up with WHOIS. Oh, wait a minute, Domain Name Wire reported in January, 2011 that the same person at GoDaddy stated:
Go Daddy ... monitors WHOIS data regularly to ensure our customers’ information is being accessed properly and not being harvested for unintended uses.

If we suspect that any service is harvesting WHOIS data, we will limit access to that specific source.

We are not taking the WHOIS information offline, however. Anyone can find the WHOIS information on a domain name registered through Go Daddy by visiting http://whois.GoDaddy.com.

If a company or service has questions about accessing Go Daddy WHOIS information, they can email dns (at) jomax.net.

So yes, it appears that someone at GoDaddy thought if they can block WHOIS, they should block DNS. And didn't bother to check to see if the same situations apply to WHOIS and DNS. The problem, though, is that WHOIS is useful, whereas DNS is mission critical. And they weren't really blocking WHOIS, just forcing people to go to their site to get it, whereas they are completely blocking DNS. And that E-mail address? Well, that was the first one that one of the companies contacted, and there was no response.

Now, I'm waiting to hear back from Go Daddy's PR department as to what possible unintended uses or improper access there may be for DNS, and whether any such thing has ever caused problems for their customers.

This confirms that for whatever reason they won't upgrade their DNS infrastructure to handle the load. "Maintain our high level of system intergrity" may sound to a layman like they want to keep data safe. But what they have done in the past (and are maintaining) is the ability to respond to queries in a reasonable manner (the industry definition of "system integrity"). At least when they do respond!

So the questions still remains as to whether customers will put up with this, and whether other DNS hosting companies will follow.