Security Experts:

Check Point Fails to Renew Domain Name CheckPoint.Com

Network security firm Check Point made a big mistake this week, forgetting to renew the company’s primary domain name, CheckPoint.Com. When attempting to visit the company’s Web site at 6:55AM ET on Tuesday, my Web browser directed to a splash page for domain registrar Network Solutions. (see screenshot)

Mistakes like this happen frequently, but not often to companies of this size. For a vendor of Check Point’s stature, a leading security firm with a market cap topping $13 Billion, this is simply unacceptable.

CheckPoint.ComWhen a domain name expires, all domain services essentially become null and void, and requests won’t be directed to where they are supposed to, resulting in email failing to be delivered, web sites becoming in accessible, and in the case of software or hardware updates, failure to retrieve those updates from update servers if they were set to update on a domain ending in .checkpoint.com.

As SecurityWeek columnist Ram Mohan wrote back in December 2011, “Domain names are used a trillion times every day. They're part of the plumbing of the Internet and, like regular plumbing, you don't need to worry too much about how it works…it just does. Until it doesn't.”

“Every webmaster's worst nightmare is to discover a website has gone offline because of his own dumb mistake. Forgetting to renew a domain name can be embarrassing (and costly), but it's not the end of the world,” Mohan added.

When a domain expires, they are typically not deleted for 80 days, but in the meantime you lose any services that rely on the domain name.

While the company did say it responded to the issue quickly, depending on where people are located and the DNS servers they are using to resolve domain names, the “outage” could last for hours. Another factor would be what limit Check Point has set as a TTL (Time to Live) for the domain, a setting which tells other DNS servers how often they should check back to get any updated DNS records. A longer TTL, for example, would cause any updates to take longer to propagate across the Internet.

The company appears to have registered the domain now through March 30, 2015. Friendly reminder to domain admins at CheckPoint-- Set an outlook reminder to "Renew Domain Name" on or before March 29, 2015.

According to a statement from the company, action was taken within 23 minutes, but again, depending on TTL settings and where users are located, the refresh time could be, and appears to be taking much longer. The company said it renewed the domain around 1:30PM UK time, but the following morning, the domain still redirects to the Network Solutions home page for me.

According to John Leyden at The Register, the company blamed the issue on Network Solutions sending the renewal notices to the wrong email address.

While Network Solutions may have sent the notice to a different address than CheckPoint wanted them to, it sent notices to what the company had listed in its domain registration. Due to the high volume of spam that comes with being listed as a domain contact, many companies use email addresses that are not often checked as a domain name contact.

At the time of this writing, the DNS resolution for www.checkpoint.com is still directing to Network Solutions, and I'm not alone, a quick search on twitter shows that many users are still experiencing the same issue.

view counter
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.