National Australia Bank (NAB), the banking group that owns Clydesdale and Yorkshire banks in the UK, forgot to renew the domain name on its DNS servers, which took out online banking services for customers this weekend.
Computerworld UK can reveal that although the banks remembered to renew their UK domain names a month ago, the banking group didn’t renew its DNS domain name until after all services were knocked offline.
Nominet confirmed that cbonline.co.uk and ybonline.co.uk – the domain names for Clydesdale and Yorkshire banks – received a request for renewal on June 27 this year, which is reflected in the ‘last updated’ date in the below images:
Two years is the default registration period for domain names and these are now secured for Clydesdale and Yorkshire banks until July 26, 2015.
However, Easyspace, the company that the UK domain names for the banks are registered with, told Computerworld UK that the problem arose because NAB forgot to renew the domain name for its overarching DNS server – nabgroup.com.
Another insider working for NAB, who wishes to remain anonymous, also confirmed that the group forgot to renew the domain.
“Cbonline.co.uk is registered with Easyspace, along with several others, but the domain on their DNS servers, which is nabgroup.com, is managed directly by the NAB Group – that’s the domain name they didn’t renew in time,” and Easyspace spokesperson told Computerworld UK.
“So basically it meant that all their other domains that are managed through their DNS, suddenly went offline. Ns1. nabgroup.com controls their online presence and networks - by not renewing that domain on time, all the other domains that they have globally from various providers that are routed through it will have gone offline.”
The image below confirms that the domain name for nabgroup.com, and as a result ns1.nabgroup.com, was last updated on July 28 this year – when customers weren’t able to access online services:
This domain name is also now secured until July 26, 2015.
Computerworld UK asked Clydesdale and Yorkshire banks if they were aware of a domain name problem and if this was the cause of the downtime, but was told that it was sticking to its previous statements and didn’t have any further information.
Clive Longbottom, industry analyst and founder of analyst house Quocirca, told Computerworld UK that the banks should really be taking advantage of auto-renewal offerings and are lucky that other companies didn’t secure their domain names in the downtime.
“From the information available, it does sound like this could be the case – with DNS pointing to unknown addresses, it looks like the domains had been taken down. That the banks say that it is down to the ISPs, and once their servers have been put right, all will be well, looks like the standard 24-48 roll out required to update all global DNS servers worldwide,” he said.
Yesterday the banks said that any users still not able to get access to the banks online services, was down to ISPs needing to update their systems.
Longbottom added: “Why large organisations cannot get domain registrations sorted is beyond me. For the costs concerned, auto-renewal is the safest bet. That many still seem to think that this is something they need to review through purchasing on a yearly basis just puts the capacity for such issues to happen to a high degree. For those who may have signed up for 3 or 5 years, no-one is going to remember that it is coming up for time to renew.
“The lucky thing for both banks is that the domains concerned weren’t picked up by someone else as soon as they became available – that could have held them up for a long time going through the courts to prove that the new owner was cybersquatting, or cost a king’s ransom in paying them off to get the domain back again in short order.”
Longbottom also believes that NAB, Yorkshire and Clydesdale should be open about the problems and not pass the buck on to ISPs.
“The other worrying thing is the lack of an open explanation to their customers. Wording things to make it sound like it is other ISP’s problems is a little disingenuous: a more open apology would be more welcome, I would have thought,” he said.
“Ah, well – just another banking story that shows that they really aren’t very good with technology (or with customers).”