Microsoft Gives Back Some Domains Seized From No-IP.com


Microsoft has returned control of most of the domains it seized last week from Vitalwerks, a Reno, Nev.-based firm that runs the popular No-IP.com dynamic DNS service, as part of a campaign to shut down cybercriminals.

As of Thursday morning Pacific time, No-IP had regained control of 18 of the 23 domains Microsoft seized after obtaining a temporary restraining order against Vitalwerks from the U.S. District Court of Nevada on June 26.

In seizing the 23 domains, Microsoft was targeting 18,472 subdomains using No-IP's DNS services that it claims cybercriminals have used to launch malware attacks on millions of Windows users. However, its domain seizure rendered the services inaccessible for some 1.8 million No-IP users, including many paying customers, for more than two days, according to Vitalwerks.

Late Wednesday, several No-IP customers reported that their hostnames had begun resolving normally and their websites were back up and running. No-IP spokesperson Natalie Goguen told PCWorld on Wednesday the company had yet to regain control over "no-ip.org," one of its most popular domains.

No-IP couldn't be reached for further comment midday Thursday Pacific time.

Related: Microsoft's No-IP.com Domain Seizure Apparently Causing Outages For Some SonicWall Customers

Microsoft attributed the outages to a technical glitch that it claims to have fixed as of Tuesday morning. But its actions have had widespread consequences for legitimate users of the No-IP dynamic DNS service, which is commonly used by remote workers and to connect VoIP phones and video cameras to the Internet.

SonicWall, the network security vendor Dell acquired in 2012, told CRN some of its firewall customers were affected.

"Dell SonicWall firewalls allow Dynamic DNS configuration with several Dynamic DNS providers. One of the supported providers is no-ip.com and customers who enabled this feature with no-ip.com were affected by the domain takedown," Dmitriy Ayrapetov, director of product management at Dell SonicWall, said in an emailed statement to CRN.

Marc Harrison, president of Silicon East, a Manalapan, N.J.-based SonicWall partner, told CRN earlier this week that hundreds of his customers were affected by the No-IP outage, including apartment buildings and a synagogue that use the service to run security camera systems behind SonicWall firewalls.

Ayrapetov said SonicWall customers can change their firewall configuration to use a different dynamic DNS provider. "They’re also able to configure multiple Dynamic DNS profiles and accounts for redundancy, or obtain a static IP address with their ISP and a dedicated hostname," he said in the email.

Harrison described Ayrapetov's comments as "factually accurate, but not really satisfying." 

"The lesson for solution providers is that we can no longer rely upon public dynamic DNS services in light of Microsoft’s heavy-handed tactics," Harrison told CRN. "So in our case, we are going to move forward with building a private domain DDNS service for our clients."

Microsoft has been vilified by some security experts for its legal actions against No-IP. Yet no one would argue that malware isn’t a huge problem for Microsoft, or that its security reputation hinges on fighting it. And Microsoft has been fighting it -- this was the tenth time its Digital Crimes Unit has used legal means to shut down botnets.

Kaspersky Lab CEO Eugene Kaspersky, in a Thursday blog post, said he can see both sides of the issue.

"On the one hand, blocking popular services that are used by thousands – if not millions – of typical users: it ain’t right," Kaspersky said in the blog post. "On the other hand, closing spawning grounds for malware is right – and noble."