[dns-operations] Monitoring for impending expiration of domains?

Jothan Frakes jothan at gmail.com
Tue Dec 15 01:09:43 UTC 2020


Hey happy holidays to you all.

I appreciate this discussion; expiry dates have another purpose for third
parties.  I can describe one I find pressing at the moment.

I am working to maintain the Public Suffix List that many use, and there is
a tendency for entries to be requested, and then for them to "set and
forget" their entries once added...  The process works well inbound on
reviews, but there is really not as much attention to deletion or removals
by the submitting party, and we're not looking to go manually review them
because ... well, we're volunteering time.

We're pedant about validating the source being valid when records are
submitted or changed.  We ensure there is a txt record matching submitted
entries to indicate admin of the affected domain is involved. We have also
begun to require that names have 2+ years in their term when they are
submitted for subdomains.  With that latter part we are noticing that there
are a number of ccTLD that have eliminated the presentation of expiry dates
in their rdap or whois responses.  We have to fall back to treating the
commitment a submitting party makes about the expiration dates, which for
the most part is trusty but corroboration is better so we can 'trust, but
verify'.

We also are looking at the file size because it is getting more and more
widely downloaded - and looking at the process of how to automate
flagging/purging names from the PSL that might be stale or nxd, and the
expiry date being >1y was going to be a key input to this until we
discovered that expiry dates were not universally available for such
automation.

-J

Jothan Frakes



On Mon, Dec 14, 2020 at 11:09 AM John Levine <johnl at taugh.com> wrote:

> In article <yblo8iwz3n0.fsf at w7.hardakers.net> you write:
> >critical).  I had the registrar's emails specifically filtered to an
> >important folder so I'd notice the pending expiration date.  Then...
> >that registar sold all their DNS services to a different one.  I lost
> >two domains because the new registar's mails ending up in a spam folder
> >before I noticed.  Whoops.
> >
> >Mind you the fault was entirely mine.
>
> I dunno. It is pretty common for people to whitelist addresses that
> have sent mail before, so if they changed their address I'd expect a
> lot of it to go into spam folders. It doesn't sound like they sent you
> notices from the old address telling you that future mail would come
> from the new address.
>
> > But auto-renew is probably the only safe way, as mail fails...
>
> That's swell until the message asking for the card's new expiration
> date falls into the spam folder, too.
>
> There is a great deal of responsiblity go go around here, particularly
> when something slightly out of the ordinary happens.
>
> R's,
> John
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20201214/1f5cf991/attachment.html>


More information about the dns-operations mailing list