[dns-operations] Monitoring for impending expiration of domains?

Sun Dec 13 14:44:16 UTC 2020

Seems to me that the answer is simple: as a domain owner you should keep
an *inventory* of all your domain names along with anniversary dates,
and set reminders if needed.
The anniversary day normally will remain the same, only the year changes
after renewal. TLDs such as .nl/.be/.de etc are somewhat different, but
the registrar usually charges on a yearly basis, counting from the
creation date. Is that's date that should be put in your calendar.

Do not rely on the courtesy reminders from your registrar, you may not
receive them for various reasons.

As for monitoring: scraping whois en masse is difficult, but what can be
done easily is checking for name servers changes. If the name expires
the name servers will either change or there will be none at all and the
name will stop resolving.

Additional steps for critical domain names: renew ahead (up to 10 years
for gTLDs), set autorenew and add a backup funding source if available.

Marj

On 12/13/20 5:26 AM, Viktor Dukhovni wrote:
> Yesterday I happened to notice that the "flexfilter.nl" domain went into
> "quarantine" under .NL, with NXDomain returned by the parent.  This
> domain still had ~14.5k signed domains using its MX hosts, including
> flexwebhosting.nl, who own/operate this "infrastructure" domain.
>
> While one might just write this off as "operator error", putting the
> blame squarely on the domain owner, I wonder whether in part the problem
> is a result of lack of transparency around impending domain expiration.
>
> Specifically, how should a responsible domain owner monitor their
> domains for impending expiration?  Yes, ideally some sort of email is
> sent from registrar to the domain owner reminding them of the need to
> renew the domain, but such emails can get lost in spam filters, may be
> sent to a stale contact address, ...
>
> And with increasing usability barriers around WHOIS[1], and some WHOIS
> services not returning expiration dates in the first place.  How exactly
> is an operator supposed to keep track of these dates, and not miss some
> renewals?
>
> Unless I'm missing something, the "operator error" in question can be
> reasonably described as falling into a well-disguised trap rather than
> an instance of mere negligence.
>
> So my question to the list is, what can or should be done to help domain
> owners avoid a similar fate?
>
> At least for my domain, the .ORG registry does return the relevant
> dates:
>
>     Creation Date: 2001-05-13T02:29:30Z
>     Updated Date: 2020-06-03T09:51:47Z
>     Registry Expiry Date: 2029-05-13T02:29:30Z
>
> but, for example, is the .ORG WHOIS scalable enough to support a daily
> query for each of the 10,000,000 registered domains?  And if a domain
> owner has many domains to track, how soon would they run into WHOIS
> query rate limits?
>
> Of course daily checks for a date that rarely changes may be too
> frequent, perhaps one should only check once a week or once a month?
> Are there tools that help one discover and keep track of the dates?
>
> And if not WHOIS, then where would one look?
>