0

After receiving spam on my newly registered, unused domain within a day I was curious about how they found it. With the help of google I found a site called domainpunch which lists all Addition to the zone file which gives an idea of the new domains that are registered. And my gTLD domain was indeed listed on the day I bought it.

I googled some more to find out how you could monitor these changes, to perhaps try it myself. But I quickly found this answer here that says DNS records are not propagated, but only cached. That means at least one request to my domain must have been made via a DNS server they monitor, which seems unlikely, unless they are very high in the DNS food chain.

More google brought me to Root name servers and several network tools, but they all require you to enter the domain name to get more information.

What am I missing, because it does look like some servers are propagating DNS zones without a request. Or am I going at this all wrong and are they capturing new domains in another way?

It's not a duplicate of "How does DNS work", because that is based on "REQUEST domainname" and this site doesn't request names, it receives them without knowing them. So it basically goes against the entire principle of how a DNS server works.

I also highly doubt they just download the zone file from a lot of nameservers, because as stated in this answer

no sanely configured DNS server should still allow this nowadays

Hugo Delsing
  • 73
  • 8
  • It's more likely that domainpunch download the entire zone file for .com (or whatever TLD you're using), and check the zone for new entries. – Jenny D Aug 21 '17 at 13:40
  • You can get access to zone files for TLDs (see https://www.verisign.com/en_US/channel-resources/domain-registry-products/zone-file/index.xhtml). This is different to zone transfers for non-TLDs, which indeed are mostly restricted nowadays. – Sven Aug 21 '17 at 14:17
  • To respond to your edit: The answer you're referring to is about the setup for an "ordinary" nameserver, containing the entire zone file for one or more given domain(s). The configuration for a TLD root is a different beast, as is the zone file for the TLD. – Jenny D Aug 21 '17 at 14:18
  • 1
    Additionally, any registrar can retrieve the full list of domains, and not all registrars are as unwilling to sell those lists to spammers as we'd all like - and some may indeed be spammers themselves. – Jenny D Aug 21 '17 at 14:24
  • But TLD root servers only contain nameservers, and when you check those they are restricted. But you're basically saying that domainpunch doesn't actually track zones, but illegally obtains a daily list of a registrar? – Hugo Delsing Aug 21 '17 at 14:28
  • 2
    @HugoDelsing: If they signed a contract with the registrar, they might be *legally* getting this file. Consider that DNS (or rather selling domains) is big business and registrars like Verisign are not interested in your privacy if they can profit from selling that data. – Sven Aug 21 '17 at 14:33
  • 2
    TLD root servers do not only contain nameservers - they also contain the domain names that those nameservers serve. Thus, anyone with access to the TLD zone file will know what domain names exist in that TLD (though not all the entries within that domain; that is what is usually restricted nowadays.) – Jenny D Aug 21 '17 at 14:46

0 Answers0