Comment by gruez
6 years ago
>The advice I've seen is to not search for the domain first, just register it outright from the start. The domain registration business is run with all of the integrity and customer focus of TicketMaster.
What if you don't want to cough up $10-$20 on a whim? Would doing a whois (using the NIC's whois site) suffice?
Doing an OOB whois search is almost certainly fine. It's when you search on godaddy.com or whatnot that you get burned.
What is an "OOB whois search"?
Out of Band. Registrars cannot intercept whois searches?
I've had this same scenario happen before, and since then I just issue a `whois` from the command line to bypass any potential frontend interception. Not sure if that is 100% full proof either though.
I have used whois cli since the early 2000s because I did not trust the registrars as domains I just searched ended up being registered. Never had that issue again since then.
Isn't the WHOIS query sent unencrypted? Can't it be intercepted in that case?
I use the whois command line tool when searching and have yet to get squatted. My experience is only about 500 domains over 20 years.
i use host -t NS cooldomain.example as a pre-filter. If a domain has NS records, it's definitely registered, although there are some registered domains without NS records (makes them pretty much nonfunctional, but if that's what the registrant wants, it's their business)
This is a neat trick, thanks. Adding to my toolbox
If I understand the domain name infrastructure correctly, that would imply that it's the registrar who is collaborating with the squatters. A command-line whois query would still have to query the servers of the registry for a particular domain (others on this thread speculate that it may be the domain registry that shares data with the squatters).
Curious about this as well. When you query the servers of the registry [gandi, namecheap, godaddy] for a particular domain example.com, doesn't it update the one of the datetime fields for last queried?
Then again, the squatter would have to know what to search. Isn't it against rules for domain registrars to publish their recent query history [private or public]?
Any more light on this subject would be greatly appreciated!