Millions of dynamic DNS users suffer after Microsoft seizes No-IP domains

A massive outage was faced by countless servers dependent on dynamic domain name services from No-IP.com when Microsoft seized control of 22 domains identified to be facilitating malware-centric cyber attacks against Windows users.

Microsoft took control of the domain IP resolver for the associated No-IP domains in accordance with a federal court order. The tech giant asserted that the action aimed to detect and reroute traffic involving two specific malware families exploiting No-IP services. The move sparked substantial criticisms from end users, especially those in the internet security field. They perceived Microsoft’s actions as excessive, predominantly due to the lack of solid proof suggesting that No-IP was willfully aiding the malware campaign, recognized as Bladabindi (also NJrat) and Jenxcus (also NJw0rm).

Co-founder of Radically Open Security, Claudio Guarnieri stated in an email to Ars Technica that, “Microsoft’s move to take over DNS authority for these dynamic DNS domains empowers them with full control and authority over their configurations. Essentially, it equated to Microsoft wiping No-IP off the map by seizing significant parts of their DNS infrastructure.”

No-IP lambasted the move as well, stating that the action by Microsoft had negatively impacted “millions of innocent users” in their official statement:

We were taken by surprise this morning when Microsoft served a federal court order seizing 22 of our most commonly used domains. The reason cited was the misuse of some of the subdomains by creators of malware. We’ve always dutifully cooperated with other corporations when we’ve been notified of cases of supposed malicious activities. Unfortunately, Microsoft did not reach out to us or asked us to block any particular subdomains, despite our communication channels with Microsoft corporate executives being open at all times.

In discussions with Microsoft today, they stated that their main goal is to filter out any distinctly malicious hostnames in each seized domain while permitting the benign ones to function. However, it seems clear that their infrastructure is incapable of managing the immense volume of queries from our clients. This inability is causing service outages for millions of innocent users due to Microsoft’s attempt to investigating hostnames associated with a minor number of malicious perpetrators.

Had Microsoft gotten in touch with us, we would’ve immediately taken appropriate actions. Instead, their excessive measures have impacted millions of innocent Internet users, even though they claim their actions were intended as a tactic to push us to strengthen our controls.

At Vitalwerks and No-IP, we enforce our abuse policy strictly. Our dedicated abuse management team works round the clock to ensure that the domains linked with the No-IP system remain free from spam and harmful activities. Unfortunately, our free dynamic DNS service is exploited periodically by cybercriminals, spammers, and malware distributors. That said, Microsoft’s draconian measure hasn’t yielded any significant benefits. We are working tirelessly to resolve this pressing issue as quickly as possible.

Richard Domingues, assistant general counsel for the Microsoft digital crimes unit, justified the company’s actions, stating No-IP’s role in the conception, control, and distribution of malicious software as the cause. He argued the move was critical to protecting Microsoft, its clientele, and the global internet community.

The debacle reveals how legitimate users can be inadvertently affected when measures are taken to combat cybercrime, demonstrating that well-intended efforts to eliminate malicious online activities can unintentionally lead to harm for innocent participants.

This article was updated in 2025 to reflect current trends and insights.