DNS Security

DNS Security / Recently Commented

Some Thoughts on DNS4EU – the European Commission’s Intention to Support the Development of a New European DNS Resolver

The last few decades have not been a story of unqualified success for European technology enterprises. The European industrial giants of the old telephone world, such as the former stalwarts Alcatel, Siemens, Philips, Ericsson and Nokia, have found it extraordinarily difficult to translate their former dominant positions in the telco world into the Internet world. To be brutally frank, none of the current generations of major players in the digital environment are European. more

The Ever-Evolving Problem of DNS Abuse

For several years, many within ICANN circles have raised concerns about the escalating nature of domain name system (DNS) abuse. While some strides were made toward a safer DNS, new data - this time from a comprehensive study of DNS abuse by the European Union - demonstrates that abuse remains a frustratingly obstinate problem that requires urgent attention. We've seen some registries and registrars testing innovative industry-led initiatives in an effort to address the issues. more

DNS Abuse Definition: Attributes of Mitigation

A substantial amount of DNS community discussion on the topic of DNS Abuse is focused on defining what is or is not DNS Abuse. The definition adopted by ICANN contracted parties, as well as the DNS Abuse Institute, is straightforward: DNS Abuse is malware, botnets, pharming, phishing, and spam where it's a vehicle for the preceding harms. There is, of course, some fuzziness on the margins, where technical harms are also using content. more

“It’s Always DNS!” Why DNS Is the Biggest Single Point of Failure in the New Norm

Many in the network security field may be familiar with the phrase: "It's always DNS."  This is a popular meme within the industry, often making reference to the internal domain name system (DNS), the dynamic host configuration protocol (DHCP) part of a company's online network, that whenever there is a network issue, it's always an issue with DNS. more

An Institute to Combat DNS Abuse

Over the last few years, it's become clear that abuse of the Domain Name System -- whether in the form of malware, botnets, phishing, pharming, or spam -- threatens to undermine trust in the Internet. At Public Interest Registry, we believe that every new .ORG makes the world a better place. That means anything that gets in the way of that is a threat, and that includes DNS Abuse. more

Phishing 2020: A Concentrated Dose of Badness

How much phishing is there? Where is it occurring, and why? How can it be reduced? I and my colleagues at Interisle Consulting have just published a new study called Phishing Landscape 2020, designed to answer those questions. We assembled a deep set of data from four different, respected threat intelligence providers and enriched it with additional DNS data and investigation. The result is a look at phishing attacks that occurred in May through July 2020. more

The State of DNS Abuse: Moving Backward, Not Forward

ICANN's founding promise and mandate are optimistic -- ensure a stable and secure internet that benefits the internet community as a whole. Recent months, however, have highlighted the uncomfortable truth that ICANN's and the industry's approach to DNS abuse is actually moving backward, ignoring growing problems, abdicating on important policy issues, and making excuses for not acting. Further, the impending failure of ICANN's new WHOIS policy to address cybersecurity concerns will add fuel to the fire, resulting in accelerating DNS abuse that harms internet users across the globe. more

Measuring Abuse: How Much COVID-Related Abuse Is There, Really?

Like measuring COVID's impact, so too measuring the impact of COVID-related abuse on the Internet is difficult, there are those that would foolishly dismiss the danger entirely, others over-state the problem, perhaps to prompt sales of tools and services. The amount and type of abuse varies from network to network, and to declare everything is fine based on one world-view you believe to be ubiquitous, or that the sky is falling based upon another, extrapolated to 'everybody else' is simply poor analysis. more

Dear U.S.A. – Observations on the Cyber Solarium Commission Report

I am writing to you as someone who is not your citizen, (although I had the fortune to wed the most beautiful of your daughters), to share my thoughts about the recent US Government Cyber Solarium Commission report. U.S.A. We owe you one! Without you and your citizens there would be no free Internet as we know it. Thank You! Your constitution is our inspiration. We, the global digital citizenship want to be "the people", in order to "secure the Blessings of Liberty to ourselves and our Posterity..." more

Why Are Internet Security Standards Badly Deployed and What to Do About It?

In 2019 under the aegis of the Internet Governance Forum, a pilot project was conducted into the causes of and solutions for the, in general, slow deployment of internet security standards. Standards that on mass deployment make the Internet and all its users safer, indiscriminately, immediately... Recently the report 'Setting the standard. For a more Secure and Trustworthy Internet. The Identification of Pressure Points in Society to Speed up Internet Standards Deployment', was published on the IGF website. more

Firefox Starts the Roll Out of DNS Over HTTPS (DoH) by Default for US-Based Users

According to the company, the rollout will continue over the next few weeks to confirm that no major issues are discovered as this new protocol is enabled. more

6 Ways to Strengthen DNS Security

The domain name system (DNS) grew to prominence during the initial, innocent days of the internet. During that time, early internet users tended to work for government or education organizations where trust was assumed, and security was not even a consideration. Since the online community was small and the internet was sparsely used, the importance of DNS was not widely understood, and as a consequence, left undefended. more

What’s Behind the Secure DNS Controversy and What Should You Do About It?

Anyone that has attended a meeting of the Internet Engineering Task Force (IETF) will know that the somewhat dry topic of internet protocols is often the source of passionate disagreement. But rarely does that debate extend beyond the confines of internet engineers. That has not been the case with a new protocol which aims to make the Internet's underlying domain name system more secure by default. more

Doing Our Part for a Safer, Stronger DNS

Public Interest Registry is the industry leader of DNS Anti-Abuse efforts on the Internet. Since our inception, we have worked to empower people and organizations that use the Internet to make the world a better place. Whether a .ORG is the foundation of an individual voice, a global non-profit, or any organization that is part of the mission-driven .ORG community, we are proud to have earned the trust of so many dedicated users. more

Leading Domain Registries and Registrars Release Joint Document on Addressing ‘DNS Abuse’

A group of leading domain name registries and registrars have joined forces in the fight against abuse in the Domain Name System (DNS), by developing a "Framework to Address Abuse." Each contributing company has shared its expertise and experience mitigating abusive practices with the goal of submitting the resulting Framework as a foundational document for further discussion in the multistakeholder community.  more