A single kill switch for 90% of the top ten websites
There are hundreds of domain name registrars you can choose to register your website domain name with. EG: Gandi, Namecheap, Godaddy to name a few popular ones. However, we recently had a couple of clients who use markmonitor as their domain name registrar. Looking around on markmonitor website and searching through the whois records revealed something rather surprising.
All of Google, Gmail, Youtube, Blogger, Yahoo, Flickr, Microsoft, MSN, Bing, Baidu, Ebay and even Facebook use markmonitor as their domain registrar. Further whois queries shows that 9 out of the top 10 websites by traffic use markmonitor as their domain registrar. This was also the same case with websites of HSBC, Bank of America, UBS and pharmaceuticals like Pfizer, Novartis, Merck and so on. The list of popular domains registered by markmonitor goes on and on.
To be clear, markmonitor do not have traffic flowing through them as all companies listed above run their own authoritative DNS servers.
EG with Whois of Google.com the name servers are ns3.google.com, ns2.google.com, ns1.google.com, ns4.google.com and all these servers are controlled by Google.
In theory markmonitor could change nameserver records to another server and take over any of these websites. Potentially a rogue markmonitor employee or hackers could also change the nameserver records of these top websites on the internet. However, I would assume that most of these nameserver queries are cached by different ISPs for a long time and someone could jump in and fix the issue before it affects a lot of users.
In summary, it is surprising that Facebook, Google, Microsoft, Yahoo, Ebay all use the same registrar. These sites and many more under markmonitor account for significant traffic on the internet. Potentially creating a single kill switch for bulk of the internets. Does anyone know of a suitable alternative to markmonitor? Is there a solid safeguard against external parties changing these nameserver records?