RE: [DNS] fresh bulk AUNIC data is out in the wild

RE: [DNS] fresh bulk AUNIC data is out in the wild

From: Bruce Tonkin <Bruce.Tonkin§melbourneit.com.au>
Date: Thu, 22 Nov 2001 17:57:54 +1100
Hello Mark,

> 
> 1. 'At any time in the past, (or at the present time), could 
> Melbourne IT's
> authorised re-sellers access the expiry dates of domain names 
> for which they
> were not the contact?'

Yes, in the past resellers could access information about a domain name
which included both the creation date and the expiry date.

In May 2001 Melbourne IT implemented a policy and systems change requiring
all expiry 
dates be obtained with a registry key. This was introduced to stop
unauthorised access and improve security.  
All Resellers were advised and the change was made public through the media.


In September 2001, we also removed access to the creation date (from which
the expiry date is often deduced).

> 
> 2. 'At any time in the past, (or at the present time), could 
> Melbourne IT's
> authorised re-sellers access the address details in bulk 
> (i.e. download the
> database or do unrestricted queries of the database to 
> collate the data) of
> domain names for which they were not the contact?'
> 

As far as I am aware, bulk access to the data has never been provided.


At this stage the Creation Date available on AUNIC can allow an organisation
to deduce the expiry date.  I recommend that the creation date be removed
from the standard on-line query on AUNIC.  Where there is a legitimate
reason (e.g a trademark attorney) for knowing the creation date of a domain
name, this can be handled with a separate request to auDA (possibly with an
administration fee associated with it to discourage data mining).

In response to the general question of where resellers are obtaining their
data, they can find the details of a domain name owner by sending single
queries to either Melbourne IT or AUNIC.  In the case of AUNIC they can
deduce the expiry date from the creation date (although these are not always
synchronized).  Bulk information that was obtained last year via AUNIC, can
at least give an organisation the list of domain names in existence at that
time, and from there they can query the on-line databases to get more recent
information.  More recent security breaches in AUNIC data earlier this year,
may have allowed a more recent copy of the bulk information.

I am interested to know of cases where new domain names that have been
created say since July 2001 are subject to the unsolicited offers of domain
name registration.

Organisations can also obtain information about the existence of domain
names by searching for ".com.au" websites using search engines, or reviewing
publications such as yellow pages etc.  Once an organisation knows that a
domain name exists, it can then query the AUNIC database to find details of
the domain name registrant.  In the case of resellers, they can also query
the Melbourne IT database for the same WHOIS information, but won't have
access to creation or expiry dates without the registry key.

Basically it is not hard to obtain sufficient information from a range of
on-line databases to launch unsolicited email, fax, telephone etc campaigns.
The restriction of bulk data can make it more difficult (ie the databases
need to be data mined over time), but doesn't in the end stop the practice.
At present the prices charged by those that use these types of approaches
and the number of people that respond to these approaches, more than covers
the costs of sending lots of notices.  We can at least limit access to
creation and expiry information.

Regards,
Bruce Tonkin

--
This article is not to be reproduced or quoted beyond this forum without
express permission of the author. 319 subscribers. 
Archived at http://listmaster.iinet.net.au/list/dns (user: dns, pass: dns)
Email "unsubscribe" to dns-request&#167;auda.org.au to be removed.
Received on Thu Nov 22 2001 - 07:37:09 UTC

This archive was generated by hypermail 2.3.0 : Fri Nov 28 2014 - 16:00:09 UTC