CN Zone Volatility

| September 27, 2013

Among the (very) long list of projects that we’d love to work on here at DomainTools is to extend the DailyChanges data beyond the 6 core gTLDs that it currently supports. People who follow DomainTools closely know that we have made significant investments in ccTLD domain discovery resources. Non-zoned TLDs, which includes pretty much all ccTLDs, present a challenge for mapping the domain graph. Yet new domain discovery is critical, especially in the arenas of network security and brand protection.

Behind the scenes we have been building technology to track ccTLD ‘zones’, and this is the technology that one day will allow us to extend the DailyChanges domain+namerserver data out to hundreds of TLDs. Recently, we’ve seen some odd volatility in the .cn zone, so we thought we’d point out one instance.

Various data sources put the .cn zone size at about 7.8 million domains as of June 2013. According to our internal systems, between Sep 19th and Sept 25th, we saw 480,203 domains ‘drop’ from the .cn zone, all configured to use either ns1.do94.cn & ns2.do94.cn or ns1.ee28.cn & ns2.ee28.cn nameservers. We’ve long suspected these nameservers to be used in some sort of speculative/domain tasting activity.

We already saw a similar drop of 180,000 domains between Sept 6th and Sept 10th which showed up in the .CN drop list on the 22nd and 25th. Since the pendingDelete cycle for .cn is 15 days, we expect to see the over 480,000 domains drop in that droplist sometime between Oct 4th and Oct 10th.

So over 7 days, the .cn zone lost at least 6.2% of the domains in the zone, all from 2 very large nameservers. That’s an enormous change. Can you imagine .com losing 6% of domains in one week?

Below are some example domains from the two nameservers. All the domains are in pendingDelete and inactive status.

http://whois.domaintools.com/haploidic.cn
http://whois.domaintools.com/hexastitch.cn
http://whois.domaintools.com/humorously.cn
http://whois.domaintools.com/hystricomorph.cn
http://whois.domaintools.com/xavt.cn
http://whois.domaintools.com/xaxu.cn
http://whois.domaintools.com/xayv.cn
http://whois.domaintools.com/xavq.cn

The tasting pattern is pretty obvious if you analyze domains on these nameservers. And as an interesting side note, most of them use ‘whois.private.service@gmail.com’ as their whois email. There are over 2.5 million domains with that ‘privacy service’ email. Pretty much all of them are the the registrar Dnbiz Limited in China.

Share

Category: Domain Tools Updates

About the Author ()

Tim Chen is a proven business development and operational executive, having worked in and around Internet and software companies for over 15 years. Tim has been the CEO of DomainTools for four years, appointed during the May 2009 spin out of DomainTools from Thought Convergence, Inc. (TCI). Before joining DomainTools, Tim spent a year as TCI's Vice President of Corporate Development and 2.5 years leading the domain acquisition efforts for Internet REIT, one of the first venture funded domain investment companies. Tim started in the domain world in 2005 by incubating new business ideas with Mark Pincus (Founder of Zynga) and a small team of engineers in San Francisco. Prior to focusing on the domain and DNS communities, Tim spent seven years in business development executive roles with Internet and software companies in the Bay Area, and four years in the Corporate Finance group at J.P. Morgan in New York. Originally from Rochester, New York, Tim is a Phi Beta Kappa graduate of Haverford College, has an MBA from Stanford University, and sits on the board of NewRetirement.com, an automated retirement planning service.

Comments (1)

Trackback URL | Comments RSS Feed

  1. Peter Mead says:

    Great idea, I’d like to see the change happen. Thanks