DNS Abuse has become an issue the domain name industry is beginning to give the attention it deserves. In February 2021 attention to it was ramped up when the Public Interest Registry, the team behind .org, launched the DNS Abuse Institute. Prior to this the issue was bubbling along being discussed regularly at ICANN meetings and elsewhere.
However the launch of the DNS Abuse Institute brought together much of the domain name industry with a goal of tackling abuse such malware, botnets, phishing, pharming and spam.
In January 2021 the European Commission released their Study on Domain Name System (DNS) abuse which proposed a definition of DNS abuse as “any activity that makes use of domain names or the DNS protocol to carry out harmful or illegal activity. DNS abuse exploits the domain name registration process, the domain name resolution process, or other services associated with the domain name (e.g., shared web hosting service).”
The EC study distinguished “between maliciously registered domain names: domain name registered with the malicious intent to carry out harmful or illegal activity compromised domain names: domain name registered by bona fide third-party for legitimate purposes, compromised by malicious actors to carry out harmful and illegal activity. DNS abuse disrupts, damages, or otherwise adversely impacts the DNS and the Internet infrastructure, their users or other persons.”
The EC study proposed “a set of recommendations in the field of prevention, detection and mitigation of DNS abuse addressed to DNS operators (TLD registries, registrars, resellers and hosting providers, depending on their role in the DNS chain) but also to international, national and EU institutions and coordination bodies. The study also recommends actions in the field of DNS metadata, WHOIS and contact information, abuse reporting, protection of the DNS operations, awareness, knowledge building and mitigation collaboration at EU level.”
In March, CENTR, the organisation representing European country code top-level domain (ccTLD) registries, published a comment on the EC’s DNS abuse study “calling out some of the misleading analysis and unfortunate conclusions in the study.”
In their summary of the EC’s report, CENTR published the following:
Despite its good intentions, the final Study and its accompanying documents include several inconsistencies, and many of its recommendations are not based on clear evidence or verifiable research. Despite concluding that European ccTLDs are “by far the least abused”, the Study applies a one-size-fits-all approach to its recommendations addressing DNS service providers, domain name registries and registrars, largely ignoring the existing good practices within European ccTLDs.
Furthermore, the broad definition of DNS abuse, as suggested in the Study, does not take into account the role of different service providers and other categories of stakeholders that are part of the internet ecosystem, when discussing abuse mitigation measures. As a result, the Study offers a skewed view on the DNS abuse problem and how to tackle it.
As this Study was written with the aim to guide further policy development in the EU, CENTR members call on policy-makers to tread carefully when reading the Study. A summary of CENTR’s main points can be found below, as well as the link to the full comment.
Summary of CENTR’s key points:
- CENTR members regard keeping abuse low on the internet as an important element to safeguard end-user trust and safety within their zones.
- CENTR members are pleased with the fact that the DNS Abuse Study recognises many good practices in place within European ccTLDs that contribute to low levels of abuse within their managed ccTLDs.
- The DNS abuse definition proposed by the DNS Abuse Study encompasses all common forms of cybercrime, and as a result should also include mitigation and prevention measures addressed at all actors involved in sustaining and using the DNS.
- The recommendations put forward in the DNS Abuse Study do not adequately take into consideration the essentiality of the internet infrastructure, such as the DNS, and the role and responsibilities of different operators active on the internet.
- The data sources used to assess the magnitude of DNS abuse in the DNS Abuse Study cannot be independently verified, and are not optimised for mitigation measures available for domain name registries and registrars.
- The DNS Abuse Study generally disregards the proportionate resolution path targeting the intermediary that is closest to the content, codified in EU legislation, without any clear and abuse-specific justification.
- The DNS Abuse Study disregards the fundamental difference between the governance of ccTLDs and gTLDs and demonstrates incoherent analysis by adopting a “one-size-fits-all” approach with measures targeted at both ccTLDs and gTLDs despite finding that ccTLDs are by far less abused. As a result, any measures targeted solely at ccTLDs will have a limited impact on effectively reducing abuse online.
- The recommendation to adopt harmonised Know-Your-Business-Customer practices across ccTLDs, despite the lack of proof of abuse, is unjustified and disregards the existing data accuracy practices already in place.
- The recommendation for a unified approach to accessing complete registration data across ccTLDs disregards the overarching EU data protection framework, as well as the recommendations put forward by data protection authorities within ICANN community discussions.
- The DNS Abuse Study recommends publishing DNS zone file data without assessing the potential negative consequences that such publication may entail for the security and stability of the DNS, including the confidentiality of customer data.
The full CENTR Comment on the DNS Abuse Study is available here: centr.org/library/library/download/10300/7262/41.html
The European Commission’s Study on Domain Name System (DNS) abuse [173 pages] is available to download from: op.europa.eu/en/publication-detail/-/publication/7d16c267-7f1f-11ec-8c40-01aa75ed71a1
There is also a Technical report. Appendix 1 to the EC’s Study on Domain Name System (DNS) abuse [96 pages] available to download from: op.europa.eu/en/publication-detail/-/publication/d9804355-7f22-11ec-8c40-01aa75ed71a1/language-en/format-PDF/source-250151899