I can't think of any reason under normal circumstances where RIPE would need or want to download your zone.

Notice I said "under normal circumstances". The only reason I can think of is the registerfly situation. Your domain doesn't happen to be registered through registerfly, does it?

I wouldn't do it unless you have received some communication that you can verify from RIPE explaining why they need to do this. Otherwise, I'd be suspicious that the IP address is forged, the IP doesn't really belong to RIPE, or somebody used some kind of trickery to gain control of a RIPE-owned IP.

Hi jtara.

No, the domains are "normal" :), and all of them registered months, even tears ago.

There're some curious things:

1- They're just asking for .es domains, though there're a lot of .com, .net, etc.
2- IP is 193.0.0.63, which resolves to "hostcount.ripe.net". According to their website, it seems to be a statistics service, but I don't understand the need to transfer the zone... I also have connections from 193.0.1.51.

Thanks

David

resolves to "hostcount.ripe.net". According to their website, it seems to be a statistics service, but I don't understand the need to transfer the zone

Ah.

I'd imagine they are trying to count the total number of hosts in some TLD(s). Since each domain can have multiple hosts, the only way to do this is to download the zone file.

I don't see how they can do this accurately. Most domains deny (and SHOULD deny) zone transfers to outsiders. So, they are only going to have a sample which they will have to extrapolate from. A flawed sample at that - a sample of zones that have a serious security flaw! I guess they can do tests for duplicate entries for the same host, hosts that don't respond, etc.

In any case, it's none of their business. If they want this for marketing purposes, let do a survey. I'd turn off the zone transfers.

I'll follow your advice, let's block them too.

Thank you again.

David