DNS Abuse Review

Overview
Review Areas
Timeline


News

View archived news.

Overview

The DNS Abuse Review aims to aid the work of the Competition, Consumer Choice and Consumer Trust review team and will:

  • Provide an overview of the state of Domain Name System abuse following the roll-out of the New gTLD Program in January 2012.
  • Propose a research model to assess the state of DNS abuse in new gTLDs.
  • Discuss options for measuring the effectiveness of the safeguards to mitigate malicious conduct in the DNS.

Review Areas

Ahead of the launch of the New gTLD Program, ICANN solicited advice from stakeholders to a) examine the potential for increases in abusive, malicious, and criminal activity in an expanded DNS and b) make recommendations to pre-emptively mitigate those activities through a number of safeguards. Read the original report.

Areas of potential abuse were identified by experts in a diverse array of groups, including the Anti-Phishing Working Group (APWG), the Registry Internet Safety Group (RISG), the Security and Stability Advisory Committee (SSAC), Computer Emergency Response Teams (CERTs) and members from the banking, financial and Internet security communities. After extensive consultations, the below recommendations were made to address each issue area:

Question

Recommendation(s)

How do we ensure that bad actors do not run registries?

Vet registry operatorsthrough background checks to ensure no potential registry operator has been party to criminal, malicious, and/or bad faith behavior.

How do we ensure integrity and utility of registry information?

Require Domain Name System Security Extension (DNSSEC) deployment on the part of all new registries to minimize the potential for spoofed DNS records.
Prohibit "wild carding" to prevent DNS redirection and synthesized DNS responses that may result in arrival at malicious sites.
Encourage removal of "orphan glue" records to minimize use of these remnants of domains previously removed from registry records as "safe haven" name server entries in the TLD's zone file that malicious actors can exploit.

How do we ensure more focused efforts on combating identified abuse?

Require "Thick" Whois records to encourage availability and completeness of Whois data.
Centralize Zone File access to more efficiently obtain updates on new domains as they are created within each zone.
Document registry- and registrar-level abuse contacts and policies to provide a single point of contact to address abuse complaints and to have a publicly-available description of their anti-abuse measures. Registry operators may also require all registrars with whom they contract for services to provide an abuse point of contact and publish a documented abuse policy consistent with the registry's.
Provide an expedited registry security request process to address security threats that require immediate action by the registry and an expedited response from ICANN.

How do we provide an enhanced control framework for TLDs with intrinsic potential for malicious conduct?

Create a high security zone verification programto establish a set of criteria to assure trust in TLDs with higher risk of targeting by malicious actors—e.g. banking and pharmaceutical TLDs—through enhanced operational and security controls.

The DNS Abuse review will focus on analyzing the implementation and effectiveness of these safeguards in mitigating DNS abuse in new gTLDs, which will serve as an input to the work of the Competition, Consumer Choice, and Consumer Trust Review Team.

Timeline

DNS Abuse Review Activity Timeline

Updated 7 December 2016


News Archive