[dns-operations] Monitoring for impending expiration of domains?

Sun Dec 13 20:05:04 UTC 2020

Hi,

I fully agree with Steve that domain names have a peculiar value. Perhaps
the purchase price has become too low?

If your domain is important to you, most registries offer a service to
protect your registration from all kinds of mistakes and attacks.
The name and exact details of this service differ from registry to registry
...

Verisign calls it Registry Lock:
https://www.verisign.com/en_US/channel-resources/domain-registry-products/registry-lock/index.xhtml
For .be it is called Domain Guard:
https://www.dnsbelgium.be/en/domain-guard
For .nl it is called  nl-control https://www.sidn.nl/en/product/nl-control

Maarten

On Sun, Dec 13, 2020 at 8:43 PM Viktor Dukhovni <ietf-dane at dukhovni.org>
wrote:

> On Sun, Dec 13, 2020 at 01:03:12PM -0600, Chris Adams wrote:
>
> > Once upon a time, Viktor Dukhovni <ietf-dane at dukhovni.org> said:
> > > While one might just write this off as "operator error", putting the
> > > blame squarely on the domain owner, I wonder whether in part the
> problem
> > > is a result of lack of transparency around impending domain expiration.
> >
> > You can set to auto-renew, or you can use a calendar.  I don't like
> > automatic charges and avoid them when possible, so whenever I renew one
> > of my domains, I put the expiration on my calendar with several advance
> > notifications.
> >
> > Plus, if you are following the rules and keeping up-to-date contacts,
> > you should get email notifications from the registrar before expiration.
> >
> > I have other things that I'm expected to renew without prompting (my
> > state driver's license doesn't send notifications for example), so I
> > guess I'm just used to keeping up with things myself.
>
> That's a good example, but at least with a driver's license, passport,
> ... the expiration date is right there, on the document.  I think that
> that more uniform visibility of such metadata would be useful.
>
> I'm loathe to configure my registry login credentials that can transfer
> ownership of a domain, ... into a tool that only needs to look up dates
> for pre-expiration monitoring.  Doing this right would require some sort
> of read-only token, that can be used solely for such requests.
>
> Setting up calendars 9+ years in advance is a fragile business, I'd
> much rather be able to populate a dashboard, with periodic updates.
>
> And contact email addresses change, staff move on...  Doing this
> right takes a lot of attention to detail, which suggests a need
> for a "belt and suspenders" approach, where multiple things would
> have to go wrong for a renewal to be inadvertently missed.
>
> And multiple likely means more than two if the renewals are only once a
> decade.  It is in many ways easier to automate and ensure proper
> functioning of a frequent process than to do the same with something
> that happens only once a decade.
>
> Someone mentioned certificates, but we've now learned to no longer
> do manual certificate updates, those were all to fragile.  Instead
> they're just automatically renewed (ACME).
>
> --
>     Viktor.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20201213/72526342/attachment-0001.html>