DNS Security

DNS Security / Featured Blogs

Challenges in Measuring DNS Abuse

From the creation of DNSAI Compass ("Compass"), we knew that measuring DNS Abuse1 would be difficult and that it would be beneficial to anticipate the challenges we would encounter. With more than a year of published reports, we are sharing insights into one of the obstacles we have faced. One of our core principles is transparency and we've worked hard to provide this with our methodology.

Mitigating DNS Abuse and Safeguarding the Internet

The internet is a beacon of global connectivity and information, but it has also become a battleground where malicious actors exploit vulnerabilities for various immoral purposes. Domain Name System (DNS) abuse stands has proven a constant in the internet threat landscape, posing risk to the overall digital trust.

Measuring the Use of DNSSEC

The canonical specification of the DNS that is normally cited are the pair of quite venerable RFCs, RFC 1034, "Domain names - concepts and facilities", and RFC 1035, "Domain names - implementation and specification", both published in November 1987. However, these two specification documents are just the tip of a rather large iceberg. One compendium of all the RFCs that touch upon the DNS lists some 292 RFCs.

Verisign Will Help Strengthen Security With DNSSEC Algorithm Update

As part of Verisign's ongoing effort to make global internet infrastructure more secure, stable, and resilient, we will soon make an important technology update to how we protect the top-level domains (TLDs) we operate. The vast majority of internet users won't notice any difference, but the update will support enhanced security for several Verisign-operated TLDs and pave the way for broader adoption and the next era of Domain Name System (DNS) security measures.

Call for Participation - ICANN DNSSEC and Security Workshop for ICANN78 Annual General Meeting

In cooperation with the ICANN Security and Stability Advisory Committee (SSAC), we are planning a DNSSEC and Security Workshop for the ICANN78 Annual General Meeting being held as a hybrid meeting from 21-26 October 2023 in Hamburg, Germany in the Central European Summer Time Zone (UTC +2). This workshop date will be determined once ICANN creates a block schedule for us to follow; then we will be able to request a day and time.

Next Steps in Preparing for Post-Quantum DNSSEC

In 2021, we discussed a potential future shift from established public-key algorithms to so-called "post-quantum" algorithms, which may help protect sensitive information after the advent of quantum computers. We also shared some of our initial research on how to apply these algorithms to the Domain Name System Security Extensions, or DNSSEC. In the time since that blog post, we've continued to explore ways to address the potential operational impact of post-quantum algorithms on DNSSEC, while also closely tracking industry research and advances in this area.

How to Take a Proactive Approach to DNS Health

Because DNS is such an omnipresent part of modern networking, it's easy to assume that functional DNS infrastructure can be left running with minimal adjustments and only needs to be investigated in the event of a malfunction. Yet there are small telltale signs that precede DNS issues -- and knowing what they are can help to prevent disruption before it happens.

Internet Multistakeholder Model: A Trade Association With Multistakeholder Theater

Did you know that we are swimming in Domain Name System abuse? As an Internet user, you probably were not aware. Apparently, doomsday is near, and the Internet is going to explode in our face if we do not do something about "domain name system abuse." This doomsday narrative has nearly jeopardized multistakeholder governance. However, it may also compel us to reconsider the multistakeholder model and its relevance in governing the Internet and its associated technologies.

DNS Abuse: A Litmus Test for ICANN

For a long time, arguments about the meaning of "DNS Abuse" prevented fruitful discussions within the ICANN community on when and how it is appropriate to act at the level of the DNS to address abuses online. The proposed amendments to RA and RAA agreements represent a significant and welcomed step in the right direction. As Secretariat of the Internet & Jurisdiction Policy Network (I&JPN), we strongly encourage their adoption...

A New Phase of Measuring DNS Abuse

Today the DNS Abuse Institute (“DNSAI” or the “ Institute”) adds a new level of reporting for our measurement project: DNSAI Compass™ (“Compass”). With this new level of reporting, we intend to show the spectrum of how malicious phishing and malware is distributed across the DNS registration ecosystem.1 To demonstrate this, we are identifying registrars and TLDs with high and low volumes of malicious domain registrations in their Domains Under Management (DUM), or new registrations.