The Server Bone Is Connected to the DNS Bone…
Some of you may have noticed that kottke.org was unavailable for more than 36 hours on Thursday and Friday last week. That’s the longest stretch of downtime for the site since… well, probably ever. That sucks and I’m sorry. Here’s (briefly) what happened:
On Thursday morning, my domain registrar (Dotster) locked access to the kottke.org domain after they couldn’t reach me at the email address listed, which was an address from when I registered the domain 20+ years ago that I haven’t used since before Obama was President. Seeing as the business address listed on the account was also 20 years old, verification via documents was not going to work either (and that process was going to take days to unfold). Their first-line support people were confused about how to even proceed โ “this is a very unusual situation…” It was at this point where I started wondering (ok, freaking out) if I was ever going to get my domain name back. How do I prove that I am who I was 20 years ago?1
Eventually โ and I say “eventually” because I missed a voicemail that I thought was one of 3-5 spam voicemails I get every weekday โ I was connected (via Twitter) to Winston Wolf’s team at Dotster, the folks who could actually do something for me. After some back and forth and several verifications, they unlocked the domain and the site came back up on Friday afternoon. And then I collapsed into a puddle of whatever chemicals are released from your body after a massively stressful event.
To be clear, not keeping the information on my domain up-to-date was my fault. (The info on my Dotster account was current though, but not the same thing apparently.) And I appreciate Dotster’s efforts in helping me regain access to my domain and ensuring that no one was trying to social engineer it away from me. But locking access like that to a domain name that’s had a single owner since its initial registration and has been paid for by the same credit card for more than 10 years (and was prepaid until 2022) seems overzealous. The sudden need for domain verification was not triggered by some fishy activity on my account but by an internal Dotster process and keeping the site offline until it was resolved was excessive and I’m still not happy about it. Sure, don’t allow changes or transfers until it’s verified, but turning off a domain that’s paid for and been happily humming along without changes for literal decades is just not right.
Ok. Anyway, that’s what happened. All my information is now updated so it shouldn’t happen again. *fingers crossed* I’d like to thank Mike at Dotster, Greg Knauss (kottke.org’s tech godfather), and the fantastically speedy support folks at Arcustech for their help in diagnosing and fixing the problem. I also want to apologize to everyone who financially supports the site through a membership. Guaranteed uptime for the site was not explicitly part of the arrangement, but I still take any outages seriously. Part of what I imagine the appeal of the site to be is that it’s always here, with URLs that don’t change and a regular publishing schedule, year after year. As of Friday afternoon, we’re on a new uptime streak that will hopefully last a long while.
-jason
A reader called this “the ‘never step in the same river twice’ security conundrum”. Love a Heraclitus reference.โฉ
Stay Connected