As part of our continued Dangling DNS research, we started evaluating nameservers from the Tranco one million top websites list (2020-08-26). The list is based on 30-day average of rankings from three other provider lists. This report is a summary of some of the findings.
(We found at least 520 additional domains with dangling DNS records, including for several universities and one Fortune 500 company. We are contacting many domain owners and will publish this research separately.)
The top million list contains 27299 website names that don't exist. This 2.7% NXDOMAINs is interesting since it is an average over 30 days. Why do the popularity rankings continue to keep so many non-existent domains? (We didn't query each nameserver like we do with our extensive auditing service.)
5174 (half percent) of the names resulted in SERVFAILs. We didn't research each of these, but this is indicative of a lame server or lame delegation. An example is Allegheny College's original and still-used, still-delegated, but not primary domain name: alleg.edu.
The Tranco list had domains from 827 different TLDs. The most popular top level domains are:
The top million domains (that had answers) had 238528 unique nameserver names (out of 2463992 total). (These are from the zones themselves and not from the parent delegations — that will be a different study.) The top 20 nameserver names were:
The most popular NS nameserver domain names (out of 2463992 names) for the top million are:
This also isn't an accurate measurement of top hosts as many different names hosted at the same IPs. The nameserver names resolved to only 174994 IP (A) addresses. The top ten were all in the 162.251.82 network which are primarily orderbox-dns.com nameservers plus around 300 other nameserver names.
390 NS targets were literal IP addresses with trailing dot to make them non-working domain names. 2166 NS targets weren't even within ICANN domain names, such as ns2.domain.tld., ns3.idsc-ns.local., ns1., localhost., etc.
2557 NS targets resolved to 593 IPs (A) in private not-Internet routable networks, such as 10.0.0.1, 192.168.99.17, 172.17.51.212, and many others. 288 were 0.0.0.0 and 94 were 127.0.0.1 loopback addresses
There are so many more attributes to look at. Our DNS audit system has over 90 checks, including for IPv6, TCP, and DNSSEC.
In our research of top million website domain names for NS records in the zone itself (not its parent delegation), the most frequent amount of records is two. The largest set of NS records is 54! Less than 7% have five or more NS records.
|Rank||Domains||Number of NS in Zone|
|4||64004||NS Records: 0|
|7||6424||NS Records: 1|
|1||624585||NS Records: 2|
|3||93080||NS Records: 3|
|2||155927||NS Records: 4|
|5||21659||NS Records: 5|
|6||21232||NS Records: 6|
|9||2388||NS Records: 7|
|8||4155||NS Records: 8|
|12||374||NS Records: 9|
|11||506||NS Records: 10|
|14||59||NS Records: 11|
|10||1185||NS Records: 12|
|13||71||NS Records: 13|
|15||39||NS Records: 14||16||13||NS Records: 15|
|17||7||NS Records: 16|
|18||2||NS Records: 17|
|18||2||NS Records: 18|
|19||1||NS Records: 19 myibidder.com.|
|18||2||NS Records: 20|
|18||2||NS Records: 21|
|19||1||NS Records: 22 escoglobal.com.|
|19||1||NS Records: 23 neulion.net.|
|19||1||NS Records: 24 walmartimages.com.|
|19||1||NS Records: 54 yy.gov.cn.|