Hundreds of websites with the .ke second-level domain name were unreachable on the morning of January 19. That is a substantial number of sites to prompt a state of panic for any affected business, which is why KeNIC had to respond in time regarding the specifics of what actually happened.
People (discussions were done on KICTANET) who have grasped the technical details of the operations at KeNIC have since outed their version of what transpired prior to the glitch that saw the deletion of over 1000 name-servers. The basis of this story can be traced to the committee in charge of the launch of the country’s second level domains (SLDs). The launch was based on a bidding system that was supposedly hijacked by certain people within KeNIC who wanted to keep valuable domain names for themselves.
The controversy was fuelled by allegations that KeNIC used non-secure hosting services other than those provided by ILance, which offers online auction tools. This decision was arrived at to ease manipulation of figures, an accusation that has not been substantiated, yet. At the same time, it is argued that the bidding platform could not verify the authenticity of bidders via mail. Hundreds of fake users were also added to outbid genuine users, who, supposedly, managed to scoop valuable domain names at the end of the exercise.
According to the piece, out of 1156 domains that were availed for bidding, only 24 were won by genuine users. This is as disturbing as it sounds, which is why the committee was given a heads-up to put everything for General Availability with a first-come-first-served arrangement. This, however, did not stop subsequent manipulations, which were said to be dubious by the unconfirmed report.
The saga was crowned by a hitch in the COCCA registry and Sunrise Module. Simply put, when the institution availed the domains, interested parties realized that they could register key names. Remember, this was made possible by technical issues, and once it was discovered, a planned outage was deployed to make room for the deletion of registered names.
In response to these allegations, KeNIC insists that the auction was done reasonably. A correspondence to winners was done via email.
“When the auction came to a close, KeNIC retrieved details of the respective domain winners from the system, and the committee sent everyone an email communication informing them of the procedure to be followed thereafter. In the event that there is any winner who did not receive the said communication from KeNIC and had included a valid email address, please let us know immediately,” reads a statement from KeNIC.
Only 12 (10.ke, beach.ke, club.ke, dj.ke, industry.ke, kai.ke, laptop.ke, photographer.ke, photography.ke, accounting.ke, payroll.ke and bai.ke) of the 1118 domains that were listed have been paid for according to KeNIC. The rest have since been reserved for a later approval/rejection for interested parties who would want to register them.
Regarding the use of a non-secure channel for the auction, the body responded as follows:
“The domain which was visible to the public is the sub-domain, auction.kenic.or.ke. The parent domain was secured and was not breached at any point.”
How about the failure to contact winners of the bid?
“All the winners in the bid were contacted after the close of the auction. Only 12 of the winners have paid for the domains they won.”
However, it is not known when the correspondence was done after the piece by KICTANET went live.
To whether the outage on January 19 was done on purpose…
“This is not the case. The downtime was because of a bug in the sunrise module of the COCCA registry system. The identification of the bug was assisted by the developer of COCCA.”
What about the list of fake users that allegedly sabotaged the bids?
“KeNIC staff did not have access to the database. The database was secured by the platform provider, Ilance inc. KeNIC has asked IIance Inc. to furnish the IP addresses of the dubious bidders so that the origins may be known.”
That said, anyone can deduce that this story is as complicated as it sounds. While a timely and convenient response has been provided, it is clear that the process was not as seamless as expected. These allegations also add salt to injury in a country where corruption and craftiness is part of our personality, which may make some people skeptical about the explanation thus offered.