--- Begin Message ---
Hi,
On 13/12/2020 05:26, Viktor Dukhovni wrote:
Yesterday I happened to notice that the "flexfilter.nl" domain went into
"quarantine" under .NL, with NXDomain returned by the parent. This
domain still had ~14.5k signed domains using its MX hosts, including
flexwebhosting.nl, who own/operate this "infrastructure" domain.
While one might just write this off as "operator error", putting the
blame squarely on the domain owner, I wonder whether in part the problem
is a result of lack of transparency around impending domain expiration.
Specifically, how should a responsible domain owner monitor their
domains for impending expiration? Yes, ideally some sort of email is
sent from registrar to the domain owner reminding them of the need to
renew the domain, but such emails can get lost in spam filters, may be
sent to a stale contact address, ...
And with increasing usability barriers around WHOIS[1], and some WHOIS
services not returning expiration dates in the first place. How exactly
is an operator supposed to keep track of these dates, and not miss some
renewals?
Unless I'm missing something, the "operator error" in question can be
reasonably described as falling into a well-disguised trap rather than
an instance of mere negligence.
So my question to the list is, what can or should be done to help domain
owners avoid a similar fate?
Some registrars provide a (free) REST API that provide such dates
informations (and other) available for authenticated domain owners.
{
"status": [
"clientTransferProhibited"
],
"dates": {
"created_at": "2019-02-13T11:04:18Z",
"deletes_at": "2021-03-30T00:04:18Z",
"hold_begins_at": "2021-02-13T10:04:18Z",
"hold_ends_at": "2021-03-30T10:04:18Z",
"pending_delete_ends_at": "2021-05-04T10:04:18Z",
"registry_created_at": "2019-02-13T10:04:18Z",
"registry_ends_at": "2021-02-13T10:04:18Z",
"renew_begins_at": "2012-01-01T00:00:00Z",
"restore_ends_at": "2021-04-29T10:04:18Z",
"updated_at": "2019-02-25T16:20:49Z",
"authinfo_expires_at": "2020-02-25T16:20:49Z"
},
"can_tld_lock": true,
...
Only the authenticated user can get list of it's domains and all linked
informations.
At least for my domain, the .ORG registry does return the relevant
dates:
Creation Date: 2001-05-13T02:29:30Z
Updated Date: 2020-06-03T09:51:47Z
Registry Expiry Date: 2029-05-13T02:29:30Z
but, for example, is the .ORG WHOIS scalable enough to support a daily
query for each of the 10,000,000 registered domains? And if a domain
owner has many domains to track, how soon would they run into WHOIS
query rate limits?
Too soon for sure... And .ORG is not the worst.
Such daily WHOIS query limits should not be a problem using the
authenticated Registrar API as only domain owner can get informations.
Of course daily checks for a date that rarely changes may be too
frequent, perhaps one should only check once a week or once a month?
Are there tools that help one discover and keep track of the dates?
And if not WHOIS, then where would one look?
--
Yannick
--- End Message ---
