[dns-operations] Monitoring for impending expiration of domains?

Andrew Sullivan ajs at anvilwalrusden.com
Mon Dec 14 14:29:46 UTC 2020


On Mon, Dec 14, 2020 at 03:04:55AM -0500, Viktor Dukhovni wrote:
>
>Yes, RP is definitely correct, though far from widely used.  After
>querying 10k domains of working DANE MX hosts, I found 51 zone-apex RP
>RRsets.  We haven't marketed these terribly well... :-(

Anyway, they won't solve the problem you're talking about, because the way you often find out the domain has expired is that the registry puts the domain into Hold (which pulls the delegation) or else changed the delegation to their parking servers (which means the RP record won't be in the name servers you get when following the delegation).  So, only if you already know the expired-domain's original nameservers will you be able to find the RP record.

Note that whois from a registry often doesn't tell you when the domain will expire; just when the domain will expire in the registry.  Owing to the way most auto-renew policies work, the "real" expiry of the domain doesn't always show up in the registry.  ICANN invented the registrar expiry date field to expose this difference, but it's only available from the registrar.  As WHOIS becomes useless due to GDPR and friends, and an unholy combination of LEO and IPR interests manages to prevent any consensus from emerging thatt will permit the replacement of WHOIS with a protocol actually suited to purpose, it becomes ever harder to find the data you need in responses.

Perhaps the true answer to all of this is DOIs, because of course another opaque numerical identifier that nobody can remember will save us all ;-)

A


-- 
Andrew Sullivan
ajs at anvilwalrusden.com



More information about the dns-operations mailing list