CN Zone Volatility

| September 27, 2013

Among the (very) long list of projects that we’d love to work on here at DomainTools is to extend the DailyChanges data beyond the 6 core gTLDs that it currently supports. People who follow DomainTools closely know that we have made significant investments in ccTLD domain discovery resources. Non-zoned TLDs, which includes pretty much all ccTLDs, present a challenge for mapping the domain graph. Yet new domain discovery is critical, especially in the arenas of network security and brand protection.

Behind the scenes we have been building technology to track ccTLD ‘zones’, and this is the technology that one day will allow us to extend the DailyChanges domain+namerserver data out to hundreds of TLDs. Recently, we’ve seen some odd volatility in the .cn zone, so we thought we’d point out one instance.

Various data sources put the .cn zone size at about 7.8 million domains as of June 2013. According to our internal systems, between Sep 19th and Sept 25th, we saw 480,203 domains ‘drop’ from the .cn zone, all configured to use either ns1.do94.cn & ns2.do94.cn or ns1.ee28.cn & ns2.ee28.cn nameservers. We’ve long suspected these nameservers to be used in some sort of speculative/domain tasting activity.

We already saw a similar drop of 180,000 domains between Sept 6th and Sept 10th which showed up in the .CN drop list on the 22nd and 25th. Since the pendingDelete cycle for .cn is 15 days, we expect to see the over 480,000 domains drop in that droplist sometime between Oct 4th and Oct 10th.

So over 7 days, the .cn zone lost at least 6.2% of the domains in the zone, all from 2 very large nameservers. That’s an enormous change. Can you imagine .com losing 6% of domains in one week?

Below are some example domains from the two nameservers. All the domains are in pendingDelete and inactive status.

http://whois.domaintools.com/haploidic.cn
http://whois.domaintools.com/hexastitch.cn
http://whois.domaintools.com/humorously.cn
http://whois.domaintools.com/hystricomorph.cn
http://whois.domaintools.com/xavt.cn
http://whois.domaintools.com/xaxu.cn
http://whois.domaintools.com/xayv.cn
http://whois.domaintools.com/xavq.cn

The tasting pattern is pretty obvious if you analyze domains on these nameservers. And as an interesting side note, most of them use ‘whois.private.service@gmail.com’ as their whois email. There are over 2.5 million domains with that ‘privacy service’ email. Pretty much all of them are the the registrar Dnbiz Limited in China.

Share

Category: Domain Tools Updates

About the Author ()

Tim Chen has been the CEO of DomainTools since its 2009 spin-out into an independent company. Tim has over 15 years experience as a sales and operations executive in internet-driven businesses, including 8 in the domain name and DNS space. Prior to this Tim spent seven years in business development executive roles with Internet and software companies in the Bay Area, and four years in the Corporate Finance group at J.P. Morgan in New York. Originally from Rochester, New York, Tim is a graduate of Haverford College and Stanford business school. When not in the office you can usually find Tim on his bike, on his surfboard (or falling off it), or sequestered away reading entirely too much about the Buffalo Bills' draft prospects.

Comments (1)

Trackback URL | Comments RSS Feed

  1. Peter Mead says:

    Great idea, I’d like to see the change happen. Thanks