Domain Name Lifetimes: Baseline and Threats

Antonia Affinito, Raffaele Sommese, Gautam Akiwate, Stefan Savage, Kimberley Claffy, Geoffrey M. Voelker, Alessio Botta, Mattijs Jonker

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

Abstract

The domain name system (DNS) is a key component
of the Internet. The DNS is essentially a hierarchical and
distributed database that involves – and is operated by – many
independent parties that fulfill various roles. Top-level domains
such as .com and .co.uk are run by registries. Registrants can
register domain names, usually through so-called registrars, but
sometimes directly with the TLD registry.
Domain names go through a well-defined life-cycle and names
that are only short-lived in ways break expectation. In this
paper, we study domain name lifetimes at scale and over a tenyear period. We focus on ten prominent TLDs and observe that
under most, the vast majority of lifetimes (95%) last exactly the
minimum registration term of one year. The exception to this
is .com, which sees 40% of lifetimes renewed for at least one
more year. We also identify lifetimes that are suspiciously shortlived (e.g., 80% under .xyz). Using blocklist data we confirm
that about 25% are reportedly malicious and study indicators if
names are taken down and how quickly. Finally, we empirically
study malicious name registration campaigns and show that this
involves registrars that offer bulk registration options.
Original languageEnglish
Title of host publicationProceedings of the 6th edition of the Network Traffic Measurement and Analysis Conference (TMA Conference 2022)
PublisherInternational Federation for Information Processing (IFIP)
Number of pages9
ISBN (Electronic)978-3-903176-47-8
Publication statusPublished - 27 Jun 2022
Event6th Network Traffic Measurement and Analysis Conference, TMA 2022 - University of Twente, Enschede, Netherlands
Duration: 27 Jun 202230 Jun 2022
Conference number: 6
https://tma.ifip.org/2022/

Conference

Conference6th Network Traffic Measurement and Analysis Conference, TMA 2022
Abbreviated titleTMA 2022
Country/TerritoryNetherlands
CityEnschede
Period27/06/2230/06/22
Internet address

Fingerprint

Dive into the research topics of 'Domain Name Lifetimes: Baseline and Threats'. Together they form a unique fingerprint.

Cite this