Zoom outage caused by accidental 'shutting down' of the zoom.us domain

That seriously devalues MarkMonitor's services. MarkMonitor claims to be a "an ICANN-accredited registrar and recognized industry leader since 1999". The whole point of paying for MarkMonitor is that they're an expensive service for valuable domains and are not allowed to screw up. GoDaddy should not be involved here at all.

To try to convince my employer at the time to drop Zoom, I decided to see how many security vulns I could find in 2-3 hours.<p>Found 12 confirmed bugs in that window using only binwalk and osint.<p>The worst was that I noticed the zoom.us godaddy account password reset email address was the personal gmail account of Eric S Yuan, the CEO.<p>So, I tried to do a password reset on his gmail account. No 2FA, and only needed to answer two reset questions. Hometown, and phone number. Got those from public data and got my reset link, and thus, the ability to control the zoom.us domain name.<p>They were unable to find a single English speaking security team member to explain these bugs to, and it took them 3 months to confirm them and pay me $800 in bug bounties, total, for all 12 bugs.<p>The one bright side is this did convince my employer to drop them.

Godaddy is such an incompetent organisation. Should not be allowed to administer anything of importance.

A few years ago I had a .us TLD. I eventually decided that I probably shouldn&#x27;t be reliant on a country code for my domain, it&#x27;s the same reason why I don&#x27;t use .io<p>I&#x27;m not saying that this couldn&#x27;t have happened with a gTLD But why put your brand at the mercy of a government like that?

This kind of possibility is why Fastmail purchased fastmail.com and migrated away from our old &#x27;fastmail.fm&#x27; domain. .fm was cool, but we ran into a couple of outages on the .fm servers meaning we went offline. No such issues since we&#x27;ve been on .com.

Amazing how many service outages are caused by doing business with GoDaddy.

They need to implement secondary and tertiary domains—with diverse registrars and hosting infrastructure—for the Zoom client’s calling home. Maybe even a fallback anycast ip address for service discovery. Given how much companies like mine pay for service, it’s reasonable to expect that level of engineering foresight. But hindsight will do—let’s get it fixed. #HugOps to all employees working overtime and taking care of this.

Zoom CEO: Hi, we&#x27;d like an SLA credit for the global outage you caused our company.<p>GoDaddy: I am so sorry about that. I can offer you a one-time coupon for $10 off your next purchase or renewal. Would you like me to apply this to your account?<p>---<p>Most companies just hope an apologetic zoom call is enough to retain your business, and most of the time it works. Not enough has been written about the asymmetry of your SLA credits to your revenue impact for a given vendor outage and how that should guide your build vs buy decision framework.

This smells like something happened with MarkMonitor, they accidently flagged zoom.us as brand spoofing and filed copyright complaint with GoDaddy who runs .us TLD. GoDaddy suspended the domain per the complaint.

ThousandEyes analysis of the outage: <a href="https:&#x2F;&#x2F;www.thousandeyes.com&#x2F;blog&#x2F;zoom-outage-analysis-april-16-2025" rel="nofollow">https:&#x2F;&#x2F;www.thousandeyes.com&#x2F;blog&#x2F;zoom-outage-analysis-april...</a>

I was really hoping to find out they were hosting their DNS on GoDaddy. I still want it to be true.

Flush the cache instructions were posted under zoom.us :)<p><a href="https:&#x2F;&#x2F;status.zoom.us&#x2F;incidents&#x2F;pw9r9vnq5rvk" rel="nofollow">https:&#x2F;&#x2F;status.zoom.us&#x2F;incidents&#x2F;pw9r9vnq5rvk</a>

4 hour catastrophic outage because of a shitty domain registrar makes me wonder if zoom will be switching critical services to a different tld sooner or later as a result of this

It’s always DNS!

The domain status on the whois record was &quot;serverHold&quot; earlier in the day

Paradoxically, productivity spiked.

What do relatively large corporations use for their authoritative nameserver? Do they use PowerDNS, knot, bind, or just use the registrar&#x27;s nameservers?

Back in 2008, when my fiancée invited me to visit Catalonia, I was in the market for transatlantic airline tickets. And I&#x27;d never flown internationally before, and I applied and obtained a US Passport, and I figured out with my father how to get a Travelex prepaid debit card with Euros loaded, and my fiancée was prodding me anxiously about buying a ticket, and I eventually threw caution to the wind and flew on an airline called &quot;ZOOM&quot;.<p>Now &quot;ZOOM&quot; was supposedly based in Canada and they were supposedly giving bargain-basement fares to Americans as well, from select origins to select destinations. All I needed to do was to get to Lindbergh Field (San Diego International) and ZOOM Airlines would fly me to London Gatwick. And their aircraft had cute friendly livery with big &quot;ZOOOOOOOOM&quot; lettering on the side. And the price was totally cheap.<p>Well they did their job fine; I landed in Gatwick, took a train to Heathrow, and flew on Iberia into and back out of Barcelona. Unfortunately, before I departed, my father phoned my fiancée to break the news that &quot;ZOOM Airline&quot; was bankrupt, and all their flights were grounded. They had run out of fuel in Scotland, and nobody would top up the tanks. My return ticket from London to San Diego was worthless.<p>So Dad puts me on a British Airways flight and I got home safe. But from August 2008, or before, I have harbored a visceral animosity towards any foreign actors named &quot;ZOOM&quot;.

I remember when Kristen McIntyre owned zoom.com back in the early days as her hobby domain.

Lots of “glad Teams is working at least” commentary today across various meetings. Everyone had a good laugh, as it is usually typical to complaint about the how crappy Teams is. +1 for Teams today

&quot;This block was the result of a communication error between Zoom’s domain registrar, Markmonitor, and GoDaddy Registry, which resulted in GoDaddy Registry mistakenly shutting down zoom.us domain. &quot;

Earlier: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=43709266">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=43709266</a>

Noob here: could this issue have been worked around if you had a personal list of the IP addresses that the domain resolved to?

This wouldn&#x27;t happen if it were distributed or decentralized like pre-MS Skype used to be.

Is it just a coincidence that Spotify and Zoom both had massive outages on the same day?

Would it be safer to hard-code a static IP than a domain?

It should not cause issue as your company should have BCP on this and can switch to other conferencing service.

NoDaddy!

Lol, they use GoDaddy? Aka scammers and racketeers? Aaah .us TLD, too bad they have control over it.

wow

oops rolls eyes

Markmonitor and zoom are both terrible companies so I can&#x27;t feel bad about this

Zoom, a multibillion dollar corporation, uses the shit tier of all companies, _GoDaddy_, for their registrar?<p>What a blunder.

Someone in the Zoom company management forgot to update the billing credit card for that domain, I bet you $1000. Happens all the time with our clients.