[sf-lug] Good domain name registrar

[Rick Moen]

Quoting Jim Stockford (jim at well.com):

> In the case of small businesses, I've seen insurmountable problems
> with the owners of a businesses locked out from managing their own DNS
> because employees did the original registration and named themselves
> as the trusted person for the account.

Let's talk about this concept 'trusted person for the account', and
flesh it out.

A domain registration involves four role contacts, which can be the same
person or different people:

Registrant (domain owner)
Technical Contact
Administrative Contact
Billing Contact

The Registrant is considered to have trump authority over everyone else.
Often, the Registrant is stated to be a corporate entity or some office
or officer of a corporation implied to be able to speak for the entity.
Here for example is the Registrant block for google.com from that
domain's public whois entry:

Registry Registrant ID: 
Registrant Name: Dns Admin
Registrant Organization: Google Inc.
Registrant Street: Please contact contact-admin at google.com, 1600 Amphitheatre Parkway
Registrant City: Mountain View
Registrant State/Province: CA
Registrant Postal Code: 94043
Registrant Country: US
Registrant Phone: +1.6502530000
Registrant Phone Ext: 
Registrant Fax: +1.6506188571
Registrant Fax Ext: 
Registrant Email: dns-admin at google.com
Registry Admin ID: 


Because registrars don't want to be caught in the middle of
organisational warfare, they tend to have policies saying 'In the event
of dispute, we will regard as authoritative a written, signed, dated
paper letter on corporate letterhead from someone who believably claims
to speak for the corporate executive suite' (or words that effect,
possibly with notarising of the letter, etc.).

However, under normal circumstances (ones not approaching lawsuit on
account of dissention), almost all customer interaction with the
registrar is the customer logging into the registrar's Web interface
using previously arranged username/password credentials, and therefore
whoever has a username/password for the Registrant role is considered --
to a first approximation absent someone sending letterhead -- to wield
the authority of Registant.

For significant domain changes, such as a request to move the domain to
a new registrar, or a request to reassign the Registant role to some
new name, it is common (I won't say universal) for registrars to have
automatic notification of all four roles, and 24-48 hours for any of the
roles to raise an objection and block the significant domain change.

The exact nature of all of these arrangements differ between registrars,
but the above is fairly typical.


> The employees leave and some months (or years) later the owners want
> to make a change and can't because the registrar won't trust them and
> they can't find the original employees who are the only ones who can
> authorize changes.

Someone needs to believably be able to speak for the Registrant.
This assumes that the Registrant was defined in a sane fashion.
See google.com example, above, for one that strikes me as fairly 
reasonable.  Also, you will note that the Registrant for domain
svlug.org is defined as 'President, SVLUG'.  Even though SVLUG 
no longer has Presidents, in the event of the principal volunteers
needing to send a directive to Joker.com (registrar), we would 
re-activate the 'president at svlug.org' outgoing e-mail account and 
send the directives from there.  In the event of dispute beyond that, we
would create letterhead for the group, and send a notarised letter.

Registrars follow the logic of pretty much any organisation:  They want
their asses covered on whatever course of action they take.  They would
thus accept whatever directive is claimed to speak for Google, Inc. or
for SVLUG that they feel confident they'd be able to justify in a
lawsuit as satifying the implied warranty of good-faith effort and fair
dealing on their part.

In no case should it be necessary to 'find the original employees who
are the only ones who can authorize changes'.  Registrars have decades
of experience dealing with organisations in which employees come and go.
If you as a customer perceive the registrar as refusing to deal with you
unless 'the original employees who are the only ones who can authorize
changes' get re-involved, then you are missing something and/or not
doing something right.


> I believe that the owners must ensure that their names are at the
> highest level of trust for the domain name registry account.

I don't know what this sentence means, Jim.