nanog mailing list archives

Re: swedish dns zone enumerator

From: John McCormac <jmcc () hosterstats com>
Date: Thu, 2 Nov 2023 18:15:40 +0000

On 02/11/2023 05:15, Randy Bush wrote:

ya, right,  and at a whole bunch of other cctld servers

from a network called domaincrawler-hosting

It looks like a list based attempt to discover domain names registeredin some small ccTLDs. The problem with some of the queries is that a fewof the second level subdomains of those ccTLDs have just hundreds ofregistrations. Not sure if it is an DNSSEC based attack.

Unlike the gTLDs, available via the ICANN CZDS, most ccTLDs don'tprovide access to their zone files. Some of the queries are odd becauseit seems to be applying lists from Swedish or German language sources tosmall ccTLDs where the main languages of the countries are not Swedishor German. Some of those domain name strings don't exist in the gTLDs. Afew of the examples don't exist in the .SE or .DE ccTLDs either.

The ccTLDs become more "unique" when the main language of their countryis not English. As a ccTLD's market evolves, registrants will oftendecide to only register in their ccTLD rather than in .COM or othergTLDs. The percentage of these unique registrations, as opposed toregistrations having an equivalent in the gTLDs, can be upwards of 15%.The percentage is also affected by economic conditions in the ccTLD'smarket and the price of a ccTLD registration compared to a .COMregistration. The problems for a list based dns enumeration on thesesmall ccTLDs are that there is a lot of them and they are small.

It might be an idea to contact Domaincrawler(.)com and ask what it isdoing.


Regards...jmcc
--
**********************************************************
John McCormac  *  e-mail: jmcc () hosterstats com
MC2            *  web: http://www.hosterstats.com/
22 Viewmount   *  Domain Registrations Statistics
Waterford      *  Domnomics - the business of domain names
Ireland        *  https://amzn.to/2OPtEIO
IE             *  Skype: hosterstats.com
**********************************************************


--
This email has been checked for viruses by Avast antivirus software.
www.avast.com

Current thread:

Re: swedish dns zone enumerator Amir Herzberg (Nov 01)
- <Possible follow-ups>
- Re: swedish dns zone enumerator Mark Andrews (Nov 01)
  - Re: swedish dns zone enumerator Randy Bush (Nov 01)
    - Re: swedish dns zone enumerator Mark Andrews (Nov 02)
    - Re: swedish dns zone enumerator Saku Ytti (Nov 02)
    - Re: swedish dns zone enumerator Randy Bush (Nov 02)
    - Re: swedish dns zone enumerator John McCormac (Nov 02)
  - Re: swedish dns zone enumerator Stephane Bortzmeyer (Nov 02)
    - Re: swedish dns zone enumerator Mark Andrews (Nov 02)