That would be fully compliant with the DNS spec. (I run such a service, test 2+2.op.dyn.bortzmeyer.fr/TXT or paris.now.weather.dyn.bortzmeyer.fr/TXT.)

What makes you tell it looks like DNS poisoning? It if were DNS poisoning, some resolvers would have been poisoned but not all, while, here, everybody saw the attacker's IP address. http://www.bortzmeyer.org/observations-wikileaks.html

You may be right - I was basing that information off statements that it was only some users seeing the attack. I wasn't aware of a historic data source that could show otherwise.

Your analysis looks pretty good but I disagree that DNSSEC would have stopped the attack, because many users don't use validating resolvers.

No, nothing indicates it was a poisoning attack. Please check the facts. http://www.bortzmeyer.org/observations-wikileaks.html

EuroDNS is a registrar. Are you sure you are not mixing registry and registrar ?

I certainly hope there is no foreign law forcing how a sovereign country must manage its domain names.

Since it is a ccTLD, it is a nepalese internal matter and I don't see why ICANN should be involved at all. Ask local authorities, write to the governement, raise the issue in the local Internet community, etc.

I would suggest however that you reach out to the ccNSO (Country Code Names Supporting Organisation); they are the body within ICANN that handles ccTLDs. The ccNSO can't force them to behave but they can strongly suggest they pull their finger out. http://ccnso.icann.org/

If Mercantile are also registrars for gTLDs as well then you talk to the Registrar Compliance Program staff and see if they can nudge them. There is a form that you can use on this page to register complaints about ccTLD registrars; http://www.icann.org/en/resources/compliance/complaints

The links you provided are really useful. Thanks. Mercantile is a private company and its ccTLD and gTLD sections work independently. I winder how it got authority of choosing extensions and registering without a minimum required service quality. Is there any possibility that ICANN revokes the authority from Mercantile and find an alternative?

If Mercantile run the SRS (Shared Registry Service) for .np, then that is a choice of the state of Nepal not ICANN. The government of Nepal appoints a registry (typically a company, sometimes a university or communications arm of the government), and in the case of smaller countries the registry appoints a technical provider to run the technology side of the registry; i.e. the SRS.

Another point to consider is that the policy of having to show up in person may be a policy dictated by the government and/or the registry, not necessarily the SRS provider or the registrar.

You have clearly never been to Nepal. I've lived there for over three years. Any position that has any form of power will be abused. Nothing happens when you go through the painstakingly complex process of doing things by the book for one reason: you are being blackmailed. You either have to know somebody or pay the price - which can of course be quite steep if there's a monopoly situation as we have here. Ke garne

Thanks for the response. I was wondering if there is any policy of ICANN that compells local registrars to provide minimum support.

Apparently, .np has no registrar at all but a direct relationship registrant<->regsitry.

Is there any way to find out whether that is a permanent deal or contract based?