Domain Name Lifetimes: Baseline and Threats

Abstract

The domain name system (DNS) is a key componentof the Internet. The DNS is essentially a hierarchical anddistributed database that involves – and is operated by – manyindependent parties that fulfill various roles. Top-level domainssuch as .com and .co.uk are run by registries. Registrants canregister domain names, usually through so-called registrars, butsometimes directly with the TLD registry.Domain names go through a well-defined life-cycle and namesthat are only short-lived in ways break expectation. In thispaper, we study domain name lifetimes at scale and over a tenyear period. We focus on ten prominent TLDs and observe thatunder most, the vast majority of lifetimes (95%) last exactly theminimum registration term of one year. The exception to thisis .com, which sees 40% of lifetimes renewed for at least onemore year. We also identify lifetimes that are suspiciously shortlived (e.g., 80% under .xyz). Using blocklist data we confirmthat about 25% are reportedly malicious and study indicators ifnames are taken down and how quickly. Finally, we empiricallystudy malicious name registration campaigns and show that thisinvolves registrars that offer bulk registration options.

Publication
Proceedings of the 6th edition of the Network Traffic Measurement and Analysis Conference (TMA Conference 2022)