Home / Blogs

DNS and the Internet of Things: Opportunities, Risks, and Challenges

The ICANN Security and Stability Advisory Committee (SSAC) has recently published SAC105, a report on the interplay between the DNS and the Internet of Things (IoT). Unlike typical SSAC publications, SAC105 does not provide particular recommendations to the ICANN Board, but instead is informative in nature and intends to trigger and facilitate dialogue in the broader ICANN community.

First paper on IoT-DNS interaction

This is the first paper the SSAC is aware of to distill the unique interactions between the DNS and the IoT, and as such, should be important to most members of the ICANN community. The paper frames the risks that the IoT presents to the DNS ecosystem and strives to remove much of the confusion and angst around the IoT. The paper asks some provocative questions and the SSAC is looking for input from the community on what further work we should do in this space. Please read the document, it’s not too long and is really interesting, then give us some feedback!

The IoT is an emerging Internet application that is widely expected to enhance our daily lives by seamlessly interacting with our physical environment through tens of billions of connected sensors and devices. These interactions make the IoT vastly different from traditional Internet applications such as email and web browsing because data exchange often takes place passively and without human involvement or awareness. IoT devices interact continuously with the DNS, relying on it for their operations and updates, as well as impacting the DNS in many different ways. It is vitally important that the DNS community understand the effects of IoT on the DNS, and that IoT manufacturers understand how DNS is vital to a healthy IoT ecosystem.

Key Findings: Opportunities, Risks, Challenges

The IoT represents an opportunity for the DNS, because IoT devices sense and act upon physical environments and will, therefore, have new security, stability, and transparency requirements that the DNS can help fulfill. For example, DNSSEC can help ensure a connected door lock only communicates with its intended service and not a malicious one.

At the same time, the IoT is a risk because it can cause stress on the DNS. Recent measurement studies show that IoT botnets can grow to hundreds of thousands of infected devices such as light bulbs, cameras, and doorbells, and then launch large Distributed Denial of Service (DDoS) attacks against Internet infrastructure. IoT botnets are difficult to eradicate because devices may require device-specific cleanup procedures and often operate unattended.

SAC105 also examines various challenges to take advantage of the opportunities and address the risks. One challenge is to develop a library that makes DNSSEC validation and other DNS security facilities available for IoT software engineers. Another challenge is to develop a shared system that enables different DNS operators to automatically and continuously share information on IoT botnets, allowing them to more quickly respond to those botnets and the DDoS attacks they generate.

Learning more

We encourage you to learn more about the DNS and the Internet of Things by watching the video interview with SSAC member Cristian Hesselman, chair of the SSAC IoT Work Party that produced the report. We also encourage you to view the presentation on SAC105 given by SSAC member Jacques Latour at ICANN 65 Tech Day, and of course to read the full report.

SAC105 is an easy and approachable read for non-technical audiences, yet still covers many complex issues not covered in other reports on the IoT.

We look forward to your feedback! Contact the SSAC at: [email protected]

By Cristian Hesselman, Director of SIDN Labs and member of the SSAC

Filed Under


If you have any feedback on our Cristian Hesselman  –  Jul 10, 2019 12:37 PM

If you have any feedback on our blog, then please send an email to .(JavaScript must be enabled to view this email address)!


Cristian Hesselman

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Brand Protection

Sponsored byCSC

New TLDs

Sponsored byRadix

Threat Intelligence

Sponsored byWhoisXML API


Sponsored byDNIB.com

Domain Names

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global


Sponsored byVerisign