CENTR has taken a look at how COVID-19 has impacted on the DNS, or rather how domain names using terms relating to COVID-19 have fared. While the end result is not much, what they have missed is the impact of domain names being registered because of the global pandemic but don’t refer COVID-19 or related terms.
Registrations are now open for the ICANN68 Policy Forum scheduled for 22-25 June 2020. Originally to be held physically in Kuala Lumpur, Malaysia, as a result of the COVID-19 pandemic it has now been held as a virtual meeting instead.Continue reading Registrations Now Open For Virtual ICANN68 In June
New Zealand’s Domain Name Commission (DNC) had their third victory in three appearances in their ongoing court battle with DomainTools, the latest being in March. DomainTools had appealed three claims, following losing their first appeal, but won only one, while the DNC won the remaining two, with consideration being given by the DNC to appeal the remaining claim. It is a battle over whether a top-level domain registry protect the privacy of their registrants. As Jordan Carter, InternetNZ’s CEO, told the Goldstein Report back in March 2019, “this test case will be significant for protecting the privacy rights of .nz registrants in the .nz domain name space and it is likely to have an impact on other ccTLDs and the wider industry.” It seems that the privacy rights of .nz registrants has been protected.Continue reading .NZ Gets Another Victory In DomainTools Battle Over registrant Privacy Rights
Over 64,000 previously unregistered .PR domain names were released on Monday, Puerto Rico Top Level Domain has announced. The domains released are a mix of words and terms in Spanish and English as well as numerical strings.Continue reading .PR Releases 64,000 Premium Domains
People are staying at home more now in many countries including the Netherlands, and as a result Dutch people and businesses have registered just over 85,000 .nl domain names since the restrictions came into force. According to the .nl registry, SIDN, that’s ten thousand up on the same period in 2019.Continue reading SIDN Sees Unexpected Jump In .NL Registrations Due To COVID-19
Over half (53%) of all .de domain names were registered in three German states – North Rhine-Westphalia (22%), Bavaria (18%) and Baden-Württemberg (13%) – at the end of 2019, according to the latest statistical analysis of .de domain names by Germany’s ccTLD manager DENIC.Continue reading Over Half .DE Domains Registered In Three States: DENIC
Canada’s ccTLD registry, CIRA, has made the internet a bit safer and more private this week with the launch of CIRA Canadian Shield – a free DNS firewall service that will provide online privacy and security to individuals and families across Canada.Continue reading CIRA Provides Canadians With Free DNS Firewall To Enhance Security And Privacy
Donuts has migrated the backend operations of all their 241 new gTLDs and 3.777 million domain names to the cloud using Amazon Web Services. It is the first major backend registry operator to migrate an existing on-premises backend to the cloud.
Announcing the move, Donuts says moving to the cloud has many strategic benefits for the largest new gTLD operator by TLDs and its registrar partners. The transition will allow Donuts to scale platform capacity according to the growth of its registrations while leveraging the redundancy and resiliency of the AWS platform. By leveraging the power of the cloud and AWS services, Donuts can expand its operational footprint in new geographies and deploy cloud services to efficiently process and analyse registry data for Donuts and its partners at a competitive cost structure.
“Our teams have mastered new technologies through this migration process. With this cloud migration, Donuts is positioned to take on new growth and innovation initiatives with confidence, knowing that our team of engineers and data scientists are up to the challenge,” reported Donuts CEO, Akram Atallah.
“We’ve fully automated the platform environment build-up, allowing us to set up a new registry platform in any geography with the push of a button,” says Benoit Levac, VP of Product and Engineering at Donuts. “This strengthens our position within the market as acquisition opportunities present themselves during this market consolidation.”
As one of the most innovative registries in the new gTLD era, Donuts is committed to maintaining the best platform and technology stack. Cloud enablement provides the scale and agility required to seize business opportunities ahead. Donuts plans to continue to optimise the new cloud platform to increase security, reliability, and adapt to the ever-changing technology landscape.
nic.at announced their sister company, ipcom, has signed up 3 more ccTLDs to their anycast network technology RcodeZero DNS taking the total of TLDs relying on the technology to at least 19. While the Slovenian Registry (ARNES) has been using RcodeZero for many years for their .si, they recently extended their contract. But both the Finnish (TRAFICOM) and Irish (IE Domain Registry) registries have recently signed up and implemented RcodeZero as their secondary DNS provider to strengthen their DNS infrastructure for the first time.
Citing the network’s reliability and performance, TRAFICOM uses the secondary anycast service for their half million domain names in the Finnish country code top-level domain (ccTLD).
“Traficom selects its DNS partners based on very high quality and security standards, and ipcom fulfills them. During these challenging times this is very important”, explains Juhani Juselius, Chief Specialist.
The Irish ccTLD .ie also recently signed up for the secondary anycast network RcodeZero DNS to ensure permanent availability at maximum speed for their 300,000 domains.
In addition to the new ccTLD customers, .si (ARNES) – a long term customer for many years – has also renewed their contract with ipcom.
“With the Anycast service provided by RcodeZero DNS we can increase stability and redundancy for our .si TLD DNS,” said Benjamin Zwitting, Chief Technical Officer at ARNES, explaining why they decided to continue their partnership with RcodeZero DNS.
Naturally nic.at was delighted their sister company was able to gain two new clients and add another.
“Gaining more and more European TLDs proves that we are an important anycast provider within the community,” said a very happy Richard Wein, CEO of nic.at and ipcom. “Our flexibility towards customer needs, our personal support provided by long term employees and our location in the heart of Europe, positions us as attractive provider for competitive anycast solutions. We are proud to deliver high levels of reliability, performance and maximum protection for a registry’s DNS infrastructure.”
Any why use a service such as ipcom’s RcodeZero DNS anycast technology? In their announcement, nic.at says there are benefits that can be achieved by using at least one additional secondary anycast provider. With over 30 years of experience as the .at registry, ipcom has expert knowledge that feeds directly into our anycast product development and can respond very quickly and flexibly. More than 19 registries (like .nl, .pt, .eu), with more than 15 million domains under management, rely on RcodeZero DNS. External name service monitoring proves that the RcodeZero DNS network with more than 20 nodes (for TLDs) is one of the most reliable anycast services and a trusted global provider – the perfect partner for everybody that is continuously striving for highest optimisation of its own DNS infrastructure to guarantee the highest security standards.
The ccTLD for the Lao People’s Democratic Republic, which has gained a second home in Los Angeles, became the TLD with the second most botnet Command and Control (C&C) domains on the Spamhaus chart of most abused TLDs in its first appearance on the top 20 chart.
As usual, .com was the most abused top-level domain with 3,291 abusive domain names registered out of its 145.4 million and 45% of the top-level botnet C&C domains. There were 1,151 abusive domains for .la followed by .pw (Palau – 575) and then .xyz (278), these being the only TLDs with more than 200 abusive registrations.
For .pw and .xyz, these two TLDs have appeared in the Top 20 for over a year, although there was a significant increase in the number of botnet C&C domain registrations associated with these TLDs in Q1 2020, placing them at third and fourth respectively.
In the first quarter of 2020, Spamhaus Malware Labs also identified a total number of 2,738 new botnet Command and Controllers (C&Cs). Out of these, 2,014 (average 671 per month) were under the direct control of miscreants i.e. as a result of a fraudulent sign-up. That’s a decrease of 57% compared to Q4 2019. This, Spamhaus notes, is welcome news for internet users, following the significant increases throughout 2019.
The reason for this decrease, Spamhaus notes, is currently unproven. They believe “it could be partially related to a VPN provider who refuses to take action on abuse reports and is failing to shut down traffic from existing botnet C&Cs. If botnet C&Cs, which have been detected and reported, are allowed to continue to operate, there is no reason why miscreants should spin up new ones.”
When it comes registrars Namecheap continues to be the favourite place for malware authors to register their botnet C&C domains. For Internet Service Providers (ISPs) hosting botnet C&Cs Cloudflare came out top and while it does not directly host any content, it provides services to botnet operators, masking the actual location of the botnet controller and protecting it from DDoS attacks. Compared to Q4 2019, there was little change in the hosting provider landscape. The usual suspects were still present in Top Twenty, including Cloudflare (US), Google (US), OVH (FR) and Hetzner (DE). It would appear that these big players in the Cloud hosting market did little to improve the situation.
The report has a spotlight on the Raccoon Stealer malware. At the end of 2019 Raccoon Stealer was a newcomer on the cyber threat landscape. This Spamhaus notes is piece of malware usually delivered to the end-user through spam campaigns, dropper, or exploit kits by malware that is already present on the victim’s machine. Raccoon Stealer is a credential and information stealer that runs on MS Windows. However, it is also being used by threat actors to install additional malware. What makes Raccoon Stealer rather unique is where its botnet C&Cs are hosted: on the Google Cloud.