Category: Domain Name Registry

NetActuate Announces Program to Support Emerging ccTLDs

Without vouching for or knowing who NetActuate is, they’ve released a news release this week announcing that in order to help ccTLDs (country code top-level domain providers) meet and overcome challenges with security, resiliency, and network performance, they have established a new grant program for emerging ccTLDs. The program will provide anycast and infrastructure services to help new ccTLDs build their global presence.

“As an ICANN participant and long-time steward of many open source projects (that include providing critical infrastructure services), we understand the challenges an emerging ccTLD can face when managing a global deployment,” said Mark Mahle, CEO and Principal Technology Architect of NetActuate. “We’re pleased to offer this special program to support ccTLDs starting up in emerging markets.”

In their announcement they note “emerging ccTLDs provide an important service to residents of their country, state, or territory. Purchasing a ccTLD is very often limited to those doing business within that country, providing a wider range of domain options to local businesses serving local markets. When a site uses a ccTLD, Google assumes that site (and all the content on it) is specifically relevant to the geographic area targeted by the ccTLD, helping local residents find better and more relevant content to them.”

“However, many emerging ccTLDs face significant financial barriers to launching a resilient, secure, and high-performing global deployment to support their DNS services. NetActuate’s grant program is designed to help emerging ccTLDs better serve their communities by giving them the network and infrastructure they need to build a self-sustaining, long-term service.”

To apply for this program, go to: netactuate.com/emerging-tld

ccTLDs Can Now Participate in ICANN’s Domain Abuse Activity Reporting System

ICANN announced Tuesday that country code top-level domain (ccTLD) operators will now be able to actively participate in the Domain Abuse Activity Reporting (DAAR) system.

ICANN‘s DAAR system is used to study and report on domain name registration and security threat behavior across top-level domain (TLD) registries. The data is obtained from a curated list of Domain Name System (DNS) reputation providers.

Now, ccTLD operators can pull their own aggregated DAAR data via the Monitoring System Application Programing Interface (MoSAPI). The MoSAPI interface allows registry operators to retrieve information collected by the ICANN Service Level Agreement Monitoring (SLAM) system. While ccTLD operators will not be subject to the SLAs the SLAM system monitors, using MoSAPI will allow a consistent interface for all registries participating in DAAR. The aggregated data counts security threats broken down by threat type (e.g., phishing, botnet command and control, malware distribution, and spam) per TLD. These data sets will be similar to those of the generic top-level domains (gTLDs) that are currently provided via MoSAPI. Having access to such data will enable ccTLD operators to monitor the DAAR security threat levels per threat type per month in the same way as gTLD operators.

The ICANN organization invites all ccTLD operators to participate in the DAAR project to promote a greater understanding of DNS abuse across the global DNS. To participate, ccTLD operators should send a request to globalsupport@icann.org to begin the process.

More Information

For additional discussions regarding DAAR project data sharing and any other measurement of DNS security threats and abuse related topics please join the DNS-Abuse-Measurements mailing list.

DAAR webpage: https://www.icann.org/octo-ssr/daar.

About ICANN

ICANN‘s mission is to help ensure a stable, secure, and unified global Internet. To reach another person on the Internet, you need to type an address – a name or a number – into your computer or other device. That address must be unique so computers know where to find each other. ICANN helps coordinate and support these unique identifiers across the world. ICANN was formed in 1998 as a not-for-profit public-benefit corporation with a community of participants from all over the world.

This ICANN announcement was sourced from: https://www.icann.org/news/announcement-2019-11-19-en

Last Day To Apply For .CAT Discount Renewal Code As 1 and 2 Character Priority Registration Underway

To celebrate Catalonia’s National Day, puntCAT is offering discount codes to renew .cat domains, but the last day to apply for a discount code is today, 18 November, with codes valid until 31 January.

To apply for a discount code, go to decomptes.fundacio.cat and answer the question, then share the promotion on social networks or subscribe to the newsletter and you will receive the code to your email. The code is valid until 31 January and it can be used to renew the domain name with registrars participating in the promotion.

puntCAT is also releasing one- and 2-character domain names with a 4 stage registration process. The first step is currently underway, a priority registration for member entities of the Board of Trustees of Fundació puntCAT and entities that supported the launch of the .cat domain. This period runs until 8 December.

Following is a priority registration for Public Authorities and entities in Catalan-speaking territories that runs from 9 December to 19 January 2020. There will then be a priority registration for trademarks from 20 January to 1 March and then on 2 March 2020 it will be an open registration phase for any company and/or person. Applications will be processed on a first-come, first-served basis.

To apply for a domain, it is necessary to fill in the following form. Once received, a selection committee made up of 2 members of the .cat team and a member of the Foundation’s board of trustees will consider the applications. Applications will be assessed according to the following criteria:

  • Domain pertinence and availability
  • The applicant’s background and relationship with the domain
  • Intention of use of the domain

The domains that have so far been registered are the following:

  • Ç.cat
  • 33.cat
  • Ja.cat
  • Va.cat
  • X.cat
  • Id.cat
  • Cv.cat
  • Jo.cat
  • Un.cat
  • 1.cat
  • Vw.cat
  • Vz.cat
  • Sí.cat
  • Ub.cat

Finding That Elusive .AT Domain Just Got Easier With nic.at’s Domainfinder

Finding that elusive domain name can be difficult for even the most adept of us, so a few registries have developed services to make suggestions for when your first choice isn’t available. The latest of those is nic.at who has launched Domainfinder, developed in-house by their research and development team.

To showcase their Domainfinder, nic.at has put together a simple video to show off how it works.

The most well-known of services to assist in finding that elusive domain name has been developed by Verisign and is called NameStudio for their .com, .net and .tv top-level domains. As with Name Studio, Domainfinder makes suggestions of alternatives for both second and third (.co.at and .or.at) level .at domain names.

Explosive Allegations Made Against Directors Of Wasteful Spending As auDA Gets Second Choice Chair

It was supposed to be a new beginning. But on the day when a new auDA Board, including a new Chair, was announced, it appears there are still recriminations from those in the past with explosive allegations of what could at worst amount to corruption by outgoing directors. Not only that, the new Chair was second choice, with the first choice as Chair overruled due to what can be best described as a personality conflict.

auDA logo

It was supposed to be a new beginning. But on the day when a new auDA Board, including a new Chair, was announced, it appears there are still recriminations from those in the past with explosive allegations of what could at worst amount to corruption by outgoing directors. Not only that, the new Chair was second choice, with the first choice as Chair overruled due to what can be best described as a personality conflict.

First, today. A new Board has been appointed. The new Chair, Alan Cameron AO, was appointed after an executive search for the new Board. However the first recommendation for Chair, a high profile female company director, was overruled due to what Domain Pulse has been told can be best described as a “personality conflict” with at least one person on the outgoing Board.

Cameron has had a strong background having been appointed Chair of NSW Law Reform Commission in 2015 and prior to that was head of the Australian Securities and Investments Commission (ASIC) from 1993 to 2000. According to what is believed to be his LinkedIn profile he has been an Executive Director at Macquarie Group since 2007.

The new Board has stronger executive experience than previous Boards, but only a few Directors on the 9-member Board appear to have any background in the domain name industry. Also, auDA members were told there would be 6 independent appointed directors, one of which would be the Chair, and 4 elected directors. However in their announcement of the new Board today there were only 3 elected directors, none of whom have a background in domain investing which is sure to irk that community.

It also emerged today that a Freedom of Information (FOI) request in the name of Christopher Byron Leptos has been lodged on the Right to Know website [account now deleted – see below for explanation], a website setup where the public can make requests for information on the goings on in government departments and their agencies, of which auDA, the .au policy and regulatory body, comes under through their connection with the Department of Communications and the Arts. The request has been timed 2 days out for the annual general meeting on 14 November, the last of which the outgoing Directors will attend.

Leptos was the former auDA Chair who walked out of a Board meeting in late July never to return with claims he was spurned in his request for more information on the then auDA CEO Cameron Boardman’s allegedly falsified academic qualifications. However it’s likely Leptos is not the person making the FOI requests as several of the requests relate negatively to him, but rather a disgruntled present or former Director, or even staffer, or both, with intimate knowledge of recent happenings at the Board level.

There were 6 FOI requests to the Department of Communications and the Arts dated 12 November in Leptos’ name, these relating to:

  • “serious allegations of bullying and intimidation committed by AUDA Chair Chris Leptos between May 2018 and June 2019 resulting in the resignation of a company secretary and an official complaint from a current AUDA staff member”
  • a “serious breach of governance and directors duty committed by AUDA director James Deck via his attempt to inappropriately access AUDA marketing funds, specifically” relating to an application using Deck’s position on the Board for “substantial marketing funds for his private business” and that former Chair Leptos “attempted to cover up and misrepresent the conduct of Deck”
  • a request for all relevant information on a direction from Departmental Officer Vicki Middleton instructing outgoing acting Chair Suzanne Ewart to “withdraw her application for Chair of the new AUDA board”
  • allegations of “verbal abuse directed at Departmental staff member Annaliesse [sic] Williams by AUDA directors Joe Manariti and James Deck at the ICANN meeting in Barcelona in October 2018” including amount of alcohol consumed by Manariti and Deck and response of the then Chair Leptos
  • an order by acting Chair Suzanne Ewart “to pay her A$10,000 per week despite there not being a Board resolution or budget for this to occur”, which didn’t include superannuation payments and was in addition to her Chair salary of $70,000 which would have taken her total salary “to $627,000 per year, making her the 9th highest paid public servant in Australia”
  • expense claims by the aforementioned Directors James Deck and Joe Manariti relating to their attendance at the ICANN meeting in Barcelona where the FOI request alleges Deck and Manariti’s flights were “booked through Manariti’s wife [sic] travel agency (African Luxury Safaris) at 30% more than market rates and equivalent airfares and contrary to AUDA travel policy” with “4 nights in Prague, 4 nights in Paris and 7 nights in Barcelona which shows that only 3 meeting [sic] were conducted over the 18 day trip”, “hotel accommodation in Barcelona at A$1500 per night for a luxury suite, despite other AUDA staff and directors staying in A$250 per night accommodation and a “total expense claim showing the AUDA was charged over $35,000 for this travel for 3 meetings in 18 days”
  • allegations relating to the above travel by Manariti and Deck that “AUDA incurred [an FBT liability] totaling over $11,000 as the travel was of a personal nature and not approved by AUDA and that the Chair of AUDA Suzanne Ewart covered up this liability”.

UPDATE: The Right to Know account set up to raise the allegations has now been suspended as a report was received the “account was created to impersonate someone else.”

Afnic Give the 7 “A”s In Determining A TLD’s Success

AFNIC logo

A post on the Afnic blog this week is intended to give food for thought on what makes up a successful top-level domain, suggesting one way could be via the 7 As – awareness, amplitude, advantage, access, adoption, activity and affect.

For each TLD, the post by Loïc Damilaville notes, there are different metrics. Legacy gTLDs, new gTLDs and ccTLDs are all different, and even within the differing TLDs there are differing metrics – success for a .brand gTLD is completely different for a generic gTLD or ccTLD. And even with generic gTLDs there are differing metrics.

So a summary of the 7 As as outlined by Damilaville, who is a Deputy Director General at Afnic, manager of the French ccTLD .fr as well as 17 new gTLDs and a number of ccTLDs for French territories, are:

1) Awareness: the most well-known market factor as well as relating to an objective reality: “domain names in general such as new TLDs still suffer from a certain lack of awareness among the general public” and “individuals are simply unaware of this precious tool for consolidating their online presence.”

2) Amplitude: refers “to a TLD’s volume potential in terms of target audience and catchment area.” This varies from highly restrictive TLDs to open generics such as “the highly restrictive .BANK, to the .COOP for cooperatives, for example, which cannot really be consider as ‘failures’ when they achieve tens of thousands of names. As for ccTLDs, which usually have local reach, Amplitude will depend to a large extent on the spread of the Internet in the particular country.”

3) Advantage: “the advantages generated by the TLD for both clients and the registry with its registrars. It’s the ‘value-added’ in the wider sense that will explain why registrars will be more or less inclined to suggest this TLD to their clients.”

4) Access: this refers to “market access, meaning their capacity for being listed with the right registrars for the target audience.” This varies for .com that is available through almost all ICANN-accredited registrars while by “way of contrast, some TLDs are only issued by a handful of registrars, which can compromise their development. ccTLDs are often marketed by their own local registrar networks, a minority of which have the sole status of ‘ICANN registrar’, although this does not prevent them from developing a dense network across national territory.”

5) Adoption: is the TLD seen as a “must-have” or “nice- to-have” when it comes to Internet presence? The answer Damilaville notes “will often depend on the target audience, but we can look at the example of .CORP / .BRAND, which are currently ‘nice-to-have’ for major groups but might become ‘must-have’ in a few decades.”

6) Activity: “a TLD will last if it is economically viable, but also if it can be sure of a good renewal rate. This relates in part to the use that owners make of the names. Is it sites providing content and functionalities that can extend as far as e-commerce? Or is it just parking pages or websites generated automatically but of no interest to visitors?”

7) Affect: lastly “’Affect’ is also about the renewal rate, representing the retention rate that goes beyond the actual level of usage.”

To read Damilaville’s column Key success factors for Internet extensions: an evaluation grid in more detail, go to: https://www.afnic.fr/en/resources/blog/key-success-factors-for-internet-extensions-an-evaluation-grid.html

Another TLD coup for nic.at’s RcodeZero DNS

nic.at’s RcodeZero DNS service has just started supplying Anycast technology to the Polish domain extension .pl. This means that nic.at infrastructure provides supplementary hosting and security to the seventh biggest ccTLD in the EU with over 2.5 million domains. According DNSperf statistics, RcodeZero DNS is one of the fastest anycast providers worldwide.

CEO Richard Wein is delighted with the new RcodeZero DNS customer NASK, the Polish national research institute responsible for the Top Level Domain .pl.

“After .nl and .eu, we have succeeded in convincing another major country code TLD with a couple of million domains to use our services. In an industry where you know each other very well, this is a big compliment for me: The relevant players trust the technical competence of nic.at. This shows that even a small country can provide services to the big ones so long as you focus on quality, reliability and flexibility.”

It is the clear goal of nic.at to gain more RcodeZero DNS customers within the TLD community – also on other continents.

The technical implementation for .pl is proof of nic.at’s ability to meet individual customer requirements. The .pl TLD consists of 159 subzones. Therefore – in contrast to other customers with fewer zones – every process and check has to be performed 159 times before distributing the zone to the servers all over the globe.

The constant expansion and upgrading of the RcodeZero infrastructure is also recognised in the worldwide Ranking of DNSperf where the DNS performance of the top Anycast providers is measured. RcodeZero DNS actually ranks sixth – not far away from well-known names like Cloudflare and Wordpress.

This nic.at news release was sourced from: https://www.nic.at/en/news/nic-at/another-tld-coup-for-nicats-rcodezero-dns

Almost Half of 20 Most Abused TLDs Are ccTLDs As Newly Detected Botnet C&Cs Reach All Time High: Spamhaus

Spamhaus released their quarterly Botnet Threat Update for the third quarter of 2019 and almost half of the TLDs in their top 20 “most abused top-level domains” were within ccTLD name spaces: .ru (Russia), .pw (Palau), .eu (European Union), .ga (Gabon), .tk (Tokelau), .su (the former Soviet Union), .ml (Mali), .cf (Central African Republic) and .me (Montenegro). There were also a handful of new gTLDs: .top, .xyz, .icu, .name, .live, .site and .club. But the TLD with by far the most abused domains, and also by far the largest, was .com, with 4,058 abusive domain names and around 145 million domains in total while .net was second with 534 fraudulent domains.

Spamhaus released their quarterly Botnet Threat Update for the third quarter of 2019 and almost half of the TLDs in their top 20 “most abused top-level domains” were within ccTLD name spaces: .ru (Russia), .pw (Palau), .eu (European Union), .ga (Gabon), .tk (Tokelau), .su (the former Soviet Union), .ml (Mali), .cf (Central African Republic) and .me (Montenegro). There were also a handful of new gTLDs: .top, .xyz, .icu, .name, .live, .site and .club. But the TLD with by far the most abused domains, and also by far the largest, was .com, with 4,058 abusive domain names and around 145 million domains in total while .net was second with 534 fraudulent domains.

During the third quarter the number of fraudulent domain names registered within Russia’s ccTLD .ru almost halved from 731 domains in Q2 to 392 domains in Q3. And 2 more gTLDs joined .com in Q3 in the top 3: .net and .info.

Of the registrars with the most abused domain names on their books, Namecheap easily came out top with 1,034 while the Chinese West263.com was second with 375. By country, there were 5 Chinese registrars on the top 20 list, 3 from the United States and 2 each from Russia and Germany.

The highlight, or rather lowlight, of the report from Spamhaus’ point of view was the number of newly detected botnet command & control servers (C&Cs) reached an all-time high in July this year with more than 1,500 botnet C&Cs detected by Spamhaus Malware Labs. This is far in excess of the monthly average, set in the first half of this year, of 1,000 botnet C&Cs.

One of the most notorious botnets called “Emotet”, however, did appear to go on vacation. This botnet went silent for several months, but returned in September with a large scale spam campaign. Emotet, also known as “Heodo”, was a former e-banking Trojan that targeted e-banking customers around the world. In 2018, Emotet ceased it’s e-banking fraud activities and started to offer infected computers on a “Pay-Per-Install” model to other cybercriminals. As of 2019, Emotet is one of the most dangerous botnets and indirectly responsible for a large amount of ransomware campaigns like Ryuk.

The most notable change between Q2 and Q3 Spamhaus observed was TrickBot. They identified a 550% increase in the number of botnet C&Cs that were associated with this malware family. There were additional smaller changes in the malware landscape, with some families dropping out of the charts and others appearing.

Spamhaus observed they continued to see Cloudflare, a US-based content delivery network (CDN) provider, being one of the preferred options by cybercriminals to host botnet C&C servers. This trend has been evident since 2018. Disappointingly, Spamhaus say they’ve still seen no apparent attempts from Cloudflare to battle the ongoing abuse of their network for botnet hosting and other hostile infrastructure. However, as of Q3, Cloudflare got beaten by the Chinese cloud provider Alibaba, by a narrow margin of 4.

There was also a surge in the number of Botnet C&Cs hosted in Russia with a proliferation of botnet C&Cs hosted across various hosting providers in Russia, notably ispserver.com, reg.ru, simplecloud.ru, marosnet.ru and spacenet.ru. After a short period of respite, there is once again a trend among cybercriminals moving their infrastructure to Russian Internet service providers.

The Spamhaus Botnet Threat Update: Q3-2019 can be downloaded in full from: https://www.spamhaus.org/news/article/789/spamhaus-botnet-threat-update-q3-2019

DENIC Makes Available Software Tool for High-Performance Measurement to Internet Community

DENIC has developed a software tool for performance measurement of DNS servers and has now handed it over to DNS OARC, a platform for DNS developers and DNS operators.

According to a post linked from the DENIC announcement on Medium by the Domain Name System Operations Analysis and Research Center (DNS OARC) team, the tool was developed by Patrick Fedick at DENIC eG, the registry for Germany’s country code top-level domain (ccTLD), one of DENIC’s software testers with a strong DNS background and experience with performance testing.

Key features of dnsmeter as outlined in the DNS OARC post are:

  • payload can be given as text file or PCAP file
  • can automatically run different load steps, which can be given as list
    or ranges
  • results per load step can be stored in a CSV file
  • sender address can be spoofed from a given network or from PCAP file,
    if payload is a PCAP file
  • answers are counted, even if source address is spoofed, if answers get
    routed back to the load generator
  • round-trip-times are measured (average, min, mix)
  • amount of DNSSEC queries can be given as a percentage of total traffic
  • optimized for a high quantity of packets by pre-compiling the payload,
    on an Intel(R) Xeon(R) CPU E5–2430 v2 @ 2.50GHz, it can generate more than 900,000 packets per second
  • runs on Linux and FreeBSD

The DNSmeter is now available to be used as open source.
For more details please go to medium.com/@dnsoarc/dnsmeter-53eec8e82e51.

Nominet Consults On Reducing Phishing, Reducing Criminal Activity and Drop List For .UK

Nominet has opened a consultation process that will see the .uk registry seek feedback on reducing phishing, law enforcement landing pages for domain names suspended for criminal activity and implementing a drop list for expired domains.

The 2019 consultation invites feedback on three important issues:

I. Reducing the use of .UK domain names for phishing attacks

II. Implementing law enforcement landing pages following suspensions for criminal activity

III. Implementing a .UK drop list to provide a transparent and orderly process for the re-registration of expired domains

On phishing, since 2018 Nominet has used Domain Watch, an anti-phishing initiative. The initiative operates as a risk-based enhanced verification of registration data for all newly-registered domains. It uses a combination of technical algorithms and manual intervention to highlight suspicious domains. Of the 3.6 million newly registered domains in the 12 month period July 2018 to July 2019, over 1,500 domains were blocked in the DNS as a result of our Domain Watch initiative.

Nominet are asking if they should update their policies to specifically allow them to prevent resolution in the DNS where they have identified a high risk of phishing use.

On implementing landing pages following suspensions for criminal activity, while Nominet does not have the means to remove content or alter websites, they can disrupt the impact of criminal behaviour by removing or suspending a domain name. So Nominet is now seeking views on what should happen following the suspension. One option proposed is an informational landing page.

And lastly, on a drop list, Nominet is consulting on implementing a .uk drop list to provide a transparent and orderly process for the re-registration of expired domains. They also want to know if there is support for the publishing of official information for registrars to clarify when expired domains will become available for general registration. They’re also asking if Nominet should encourage competition in the .uk secondary domains market?

Looking forward, in the consultation paper Nominet raises several other issues they are considering to improve the .uk namespace including:

  • Moving to an inter-registrar transfer system that is more widely adopted across the industry
  • Standardising domain name renewals, expiry and cancellations in line with generic Top Level Domains (gTLDs) by implementing RFC 3915 and a life cycle to match gTLDs
  • Removing the option for direct registration of domains with Nominet, without operating through a registrar.

“We are committed to running a world leading registry and are always looking for ways to improve,” said Eleanor Bradley, MD of Registry Solutions and Public Benefit at Nominet. “As the environment in which we operate evolves, we actively engage with a wide variety of UK stakeholders to ensure that the policies we maintain reflect emerging threats, changes in stakeholder expectations and new industry practices.”

“This consultation sets out ambitious ideas to ensure .UK maintains its position as a vibrant and trusted namespace and provides an important opportunity for the UK internet community to provide input. We believe open consultation creates better policy so I encourage all interested parties to engage and look forward to hearing from you.”

Since 1996 Nominet has operated .uk, developing policies that provide the framework of principles for the .uk namespace. They are developed in consultation with a wide variety of stakeholders and aim to ensure a connected, inclusive and secure space for the UK internet community.

The .UK Policy Consultation invites feedback from all interested stakeholders by 16 December 2019. A roundtable event towards the end of the consultation period will be held on 4 December 2019. Interested parties can find out more and submit responses here.