[dns-operations] Bulk whois/zone file access

John R Levine johnl at taugh.com
Sun Mar 19 04:13:48 UTC 2017

> It's not so much the czds set up, it's that it does not support a bunch of
> tlds. It isn't a one stop shop and the other TLDs (com/net/org/biz/info/us)
> don't scale with what CZDS does. Please correct me if your experience
> differs.

Before the new TLD round, you had to apply separately to each TLD for zone 
file access, typically filling out the form and e-mailing them a PDF. 
They'd send back credentials, usually for FTP, in a few cases https, and 
for tiny .MUSEUM, axfr.  The agreement said it was for three months but in 
practice once you're set up, it's renewed forever unless you do something 
naughty.  Some of the new TLDs added in the 2000s ignored zone file 
requests until I got ICANN on their cases and for a while I was the only 
person outside ICANN with access to all of the gTLD zone files.

When the new TLD round was starting up, it was obvious this wouldn't 
scale, so an informal group got together to invent what became CZDS.  We 
decided on common application criteria, and a common profile for the zone 
file format.  (That took a while because some wanted to say "use master 
files" which is too vague, and others wanted them preprocessed in various 
ways.  We ended up with a profile of master files that's intended to be 
easy to parse.)

My suggestion for the credentials was for ICANN to vet the applicants, 
issue the credentials, and send them to all the registries so clients 
would have a list of FTP or whatever servers for all the registries and 
use the same credentials with each.  They sort of did that, only they also 
provide a central server which redistributes the zone files.

Since then some of the small 2000s TLDS like .coop and .cat and .museum 
moved to CZDS, but the big ones still have their own FTP servers.  The 
problems with CZDS are from registries who have the odd idea that their 
zone files are valuable proprietary info and so try to make it as hard as 
they can to get their zones, using a variety of annoying tricks you've 
likely run into, starting with requiring a new application every three 

ICANN has no control over ccTLDs, so it's entirely up to them if they 
distribute zone files.  The .US file is available via FTP with an ICANN 
style application, the .SE and .NU files from a public web server, and the 
rest not at all unless they happen to leave a name server open for AXFR.


More information about the dns-operations mailing list