As you've implied, but just to make it clear: It's not legitimate for someone to declare your domain's death in absentia just because they can't see anything new and cute. The domain name system was not invented for website addresses in the first place; it was invented to let people assign their own names for computers, and it's nobody's business whether they can see your list of zero or a million computers that are also none of their business. That being said, I'll mention a few tips to defend your domain against self-serving grabby types:
- As long as you already have web hosting anyway, just make sure there's a homepage that mentions that the domain really is in use. It doesn't have to have images or anything fancy at all; just enough to let people know that someone is paying attention if they pull any tricks. Maybe mention that it's been in use since 2001, to indirectly discourage anyone from thinking that a typosquatting case is going to be in their favor. In any case, it will get the point across that you're not a squatter.
- If you ever get tired of paying for hosting, some registrars (like Gandi) will host a redirect or a simple 1-page or 3-page site of your own content for free (not just placeholder spam for their own company). That's enough to tell grabby types to move along and stay off your lawn.
- If you think someone might actually try to impersonate you to hijack your registration (either by registrar move, transfer of ownership, or "updating" your contact information to theirs), have your domain registrar add protective EPP flags for your domain. You have to go through the extra step of having those turned back off later if you really want to transfer or early-delete your domain name. Some of them:
- clientDeleteProhibited and clientTransferProhibited: These stop your domain from being dropped or moved to another registrar where the attacker already has their own control in place. (Some registrars may already have them turned on.)
- clientUpdateProhibited: If you think you're under active attack, you might ask for this; it usually means you can't even change which nameservers the domain uses, without asking for the flag to be removed first.
- serverDeleteProhibited, serverTransferProhibited, serverUpdateProhibited: These are "super" versions of the above, but you probably don't want them unless someone is aggressively trying to steal your domain. Adding and removing them on your own request means that you have to ask your registrar, then the registrar has to forward the request to the top-level domain registry, who then has to add or remove the flags.
- While you're playing with your domain registration: Make sure your registration contact information is good enough that your registrar can actually reach you if something goes wrong. Strictly speaking, someone can file a whois data complaint against a domain, claiming the contact data is phony, and then the registrar has to make sure they can contact someone who will still claim control of the domain.