[dns-operations] check if a domain has been registered via DNS

Andrew Sullivan ajs at anvilwalrusden.com
Fri Apr 28 18:26:18 UTC 2017


On Fri, Apr 28, 2017 at 01:06:57PM -0400, Mark Jeftovic wrote:
> But you cannot machine it or automate it (at least you're not supposed
> to and if you game a way to do it, it can't be counted as reliable).
> And there are reasons why you might want to (mail servers may want to
> soft bounce emails from domains in an expired state, I personally want
> to never see an email again from a domain cloaked with whois privacy.)
> Or as Paul Vixie said, to be able to blackhole entire Registrars. I
> would love that.

These are all excellent examples of where RDAP with anonymous access
would excel: it's parsable, you can ask for specific things, and
differential access means you could make just some small subset of
stuff public.

> This is information the registry maintains anyway, the idea is that they
> publish it in another band, that being the DNS.

But they're _aready_ publishing it from one database.  What you're
asking for is a separate database (the DNS zones), and that's an
opportunity for data sync problems.

> RDS will likely be gated. Not everybody will have access to it the way
> everybody can do DNS queries.

Well, the PDP hasn't even settled on whether to replace whois (I mean
it), so I wouldn't assume anything.  Moreover, this is an example of
operational _improvements_ on the Internet that could come from RDAP
with a limited disclosure policy about some fields.  When WEIRDS was
making RDAP, lots of people said they'd go for better access to some
things by giving up others, and now is the chance to show how that
might be possible.  But the PDP has in it lawyers who think 100k
queries/day is a big deal, so more operational reality could help that
discussion and yield a policy that is sane.

Best regards,


Andrew Sullivan
ajs at anvilwalrusden.com

More information about the dns-operations mailing list