[dns-operations] Monitoring for impending expiration of domains?

Yannick Liste at uggy.org
Sun Dec 13 10:39:52 UTC 2020 

Hi,

On 13/12/2020 05:26, Viktor Dukhovni wrote:
> Yesterday I happened to notice that the "flexfilter.nl" domain went into
> "quarantine" under .NL, with NXDomain returned by the parent.  This
> domain still had ~14.5k signed domains using its MX hosts, including
> flexwebhosting.nl, who own/operate this "infrastructure" domain.
> 
> While one might just write this off as "operator error", putting the
> blame squarely on the domain owner, I wonder whether in part the problem
> is a result of lack of transparency around impending domain expiration.
> 
> Specifically, how should a responsible domain owner monitor their
> domains for impending expiration?  Yes, ideally some sort of email is
> sent from registrar to the domain owner reminding them of the need to
> renew the domain, but such emails can get lost in spam filters, may be
> sent to a stale contact address, ...
> 
> And with increasing usability barriers around WHOIS[1], and some WHOIS
> services not returning expiration dates in the first place.  How exactly
> is an operator supposed to keep track of these dates, and not miss some
> renewals?
> 
> Unless I'm missing something, the "operator error" in question can be
> reasonably described as falling into a well-disguised trap rather than
> an instance of mere negligence.
> 
> So my question to the list is, what can or should be done to help domain
> owners avoid a similar fate?

Some registrars provide a (free) REST API that provide such dates 
informations (and other) available for authenticated domain owners.

{
   "status": [
     "clientTransferProhibited"
   ],
   "dates": {
     "created_at": "2019-02-13T11:04:18Z",
     "deletes_at": "2021-03-30T00:04:18Z",
     "hold_begins_at": "2021-02-13T10:04:18Z",
     "hold_ends_at": "2021-03-30T10:04:18Z",
     "pending_delete_ends_at": "2021-05-04T10:04:18Z",
     "registry_created_at": "2019-02-13T10:04:18Z",
     "registry_ends_at": "2021-02-13T10:04:18Z",
     "renew_begins_at": "2012-01-01T00:00:00Z",
     "restore_ends_at": "2021-04-29T10:04:18Z",
     "updated_at": "2019-02-25T16:20:49Z",
     "authinfo_expires_at": "2020-02-25T16:20:49Z"
   },
   "can_tld_lock": true,
   ...

Only the authenticated user can get list of it's domains and all linked 
informations.


> At least for my domain, the .ORG registry does return the relevant
> dates:
> 
>      Creation Date: 2001-05-13T02:29:30Z
>      Updated Date: 2020-06-03T09:51:47Z
>      Registry Expiry Date: 2029-05-13T02:29:30Z
> 
> but, for example, is the .ORG WHOIS scalable enough to support a daily
> query for each of the 10,000,000 registered domains?  And if a domain
> owner has many domains to track, how soon would they run into WHOIS
> query rate limits?

Too soon for sure... And .ORG is not the worst.

Such daily WHOIS query limits should not be a problem using the 
authenticated Registrar API as only domain owner can get informations.


> Of course daily checks for a date that rarely changes may be too
> frequent, perhaps one should only check once a week or once a month?
> Are there tools that help one discover and keep track of the dates?
> 
> And if not WHOIS, then where would one look?
> 

-- 
Yannick

More information about the dns-operations mailing list