Still serving expired domains (2025-04)

For over five years, we have been reporting about DNS vulnerabilities, anomalies, and misconfigurations. Today's research is about nameservers that continue to serve for old, non-existent domains, that is, domains that are not registered and not delegated by what should be their parents. These examples may indicate losing track of customers or domains, still getting paid or contracted to serve, backups mistakenly restored, lack of maintenance or periodic configuration reviews, or simple miscommunication about removed parent domains, etc.

A couple examples are expired qseven7pt.top still being served by 15 dnspod.com nameservers and sonyonline.net still being served by one pendingrenewaldeletion.com nameserver and three daybreakgames.com nameservers. Likely millions of expired domains are still configured.

Here are many examples of domains under now removed TLDs that are still being authoritatively served. Some of these TLDs have been dead for several years.

nic.abarth still being served by some Afilias nameservers with recent DNSSEC signing.
learn.active still being served by some active.com nameservers.
nic.alfaromeo still being served by some Afilias nameservers with recent DNSSEC signing.
winggroup.an still being served by some hostgator.com nameservers (but don't see an SOA).
nic.bentley still being served by some Nominet nameservers, some with recent DNSSEC signing.
medialounge.bugatti still being served by various Porsche and xc-ns.de nameservers .
privacy.cbs still being served by some AWS nameservers.
nic.ceb still being served by some Afilias nameservers with recent DNSSEC signing.
toolbox.csc still being served by Markmonitor nameservers.
social.dabur still being served by some nameserver.net.au nameservers.
nic.esurance still being served by some Afilias nameservers with recent DNSSEC signing.
nic.etisalat still being served by CentralNic nameservers.
commercial.everbank still being served by ultradns.com nameservers.
nic.fiat still being served by some Afilias nameservers with recent DNSSEC signing.
investors.flsmidth still being served by Brandshelter nameservers.
about.frontdoor still being served by ispapi.net nameservers.
connect.guardian still being served by UltraDNS nameservers.
registrar.hoteles still being served by CentralNIC nameservers.
travel.iselect still being served by UltraDNS nameservers.
sms.jcp still being served by Akamai nameservers.
nic.kerrylogistics still being served by some Afilias nameservers with recent DNSSEC signing.
nic.kinder still being served by various Vercara nameservers (formerly Neustar).
fashion.lancaster still being served by lovellsnames.org nameservers.
nic.lancia still being served by some Afilias nameservers with recent DNSSEC signing.
store.lipsy still being served by cscdns.net nameservers.
livingculture.lixil still being served by ispapi.net nameservers.
nic.loft still being served by various Vercara (formerly Neustar) nameservers (but don't see an SOA).
nic.maserati still being served by some Afilias nameservers with recent DNSSEC signing.
nic.metlife still being served by some Afilias nameservers with recent DNSSEC signing.
nmfoundation.mutual still being served by some AWS DNS nameservers.
innovationchallenge.natura still being served by some AWS DNS nameservers.
nic.newholland still being served by some Afilias nameservers with recent DNSSEC signing.
status.northwesternmutual still being served by some Northwestern Mutual nameservers (but not the UU.net nameservers).
registrar.passagens still being served by centralnic-dns.com nameservers.
sansforgetica.rmit still being served by some domaincontrol.com nameservers.
nic.rocher still being served by various Vercara nameservers (formerly Neustar).
lifeinsurance.shriram still being served by 101domain.com nameservers.
plus.spiegel still being served by Brandshelter nameservers.
learn.spreadbetting still being served by NSone and marketdatasystems.com nameservers.
x.tp still being served by a rapidns.com nameservers.
nic.vuelos still being served by various Vercara nameservers (formerly Neustar).

There are many other domains under those dead TLDs still active too. Note that we didn't also check if web or mail service is still active.

Some expired TLDs have unused (because not delegated) parking details or placeholder records still hosted by name services, such as adac, afamilycompany, cityeats, epost, flsmidth, meo, sapo, spiegel. Other dead TLDs with nameservers that still are authoritative for them include:

avianca still being served by some Afilias nameservers but with expired DNSSEC signatures.
movistar still being served by IronDNS but with expired DNSSEC signatures.
shaw still being served by some Afilias nameservers but with expired DNSSEC signatures.
telefonica still being served by IronDNS but with expired DNSSEC signatures.

In most cases above, there is no parent delegating to the authoritative nameservers, but we did find a few. So two levels: working delegations and then authoritative. The following expired TLDs have parent nameservers which are still delegating for some children which also are still serving authoritatively: an (ja.net nameserver), lancaster (Afnic), and mutual (Vercara).

What are you using to maintain and check your DNS? Contact us to learn about our DNS Institute DNS Analyzer which has over 200 checks for IETF RFC specifications and best practices, government requirements, and registry guidelines.