Verisign ended the second quarter of 2021 with 170.6 million .com and .net domain name registrations in the domain name base, a 5.2% increase in 12 months, and a net increase of 2.59 million during the second quarter of 2021, according to the company’s second quarter 201 results.
InternetNZ Thursday publicly disclosed a vulnerability against authoritative DNS servers such as the ones run by top-level domain (TLD) operators, like .nz. This vulnerability could be exploited to carry out Denial-of-Service (DoS) attacks across the world.
Public Interest Registry announced Wednesday the launch of the DNS Abuse Institute as part of its ongoing efforts to protect Internet users from the threat of DNS Abuse such as malware, botnets, phishing, pharming and spam.
According to an analysis of the Netherlands’ 50 biggest brand names, the number of .nl domain names suspected of being used or intended for use in phishing has been increasing, but monitoring and intervention appears to be suppressing visible abuse such as phishing.
The Dutch ccTLD .nl passed the six million registered domain names last week, a milestone that was reached somewhat earlier as a result of around a quarter of a million new registrations following the COVID-19 pandemic and lockdown.
A couple of reports from the people behind .nz have shown the impact of COVID-19 (coronavirus) on New Zealanders and their internet use in recent months. Statistics for .nz shows increased DNS activity, including a surge in registrations that has taken registrations to close to 715,000.
To assist their registrars comply with the European Unionâs General Data Protection Regulation, SIDN, the .nl ccTLD manager, has set up a Privacy Portal and a Legal Help Desk. SIDN acknowledges that for registrars, bringing their operations into line with the GDPR — and making sure they stay that way — can be a challenge.
In a blog post on the SIDN website by RA CEO Margreth Verhulst and SIDN’s Key Account Manager Sebastiaan Assink discuss the Privacy Portal and Legal Help Desk now available to registrars.
âAt the start of the year, SIDN organised a webinar on the implications of the GDPR for domain name registration. Participants were asked whether they had set up a data processing register, as required under the new legislation. And no fewer than 66 per cent of the registrars responded by saying that they hadn’t yet set one up. A broadly similar picture emerged when the RA surveyed its members to find out how many were GDPR-compliant. From the survey feedback, it was also clear that registrars would welcome support bringing their activities into line with the directive. The RA and SIDN therefore linked up with the ICTRecht legal consultancy to create the Privacy Portal, which opened for business on 27 September 2018. The Portal is intended to advise registrars on recording and protecting sensitive information and other privacy-related issues. “The Privacy Portal offers registrars free guidance on all aspects of privacy management,” explains Sebastiaan. “You can get answers to legal questions, or help with data processing agreements and other documents.” Dozens of registrars have already turned to the Portal for assistance.
A registrarâs first contact the Privacy Portal sees them being asked a few general questions. Answers are used to build up a profile and then a customised account can be established. Through the account, tailored advice is made available and appropriate measures are suggested. Facilities are also available for organising your enquiries and documents. “The intake privacy scan provides an immediate impression of what you’ve got under control and what still needs attention,” adds Margreth.
âThe Portal also features a tool that can be used to set up and maintain a data processing register, another of the GDPR’s new requirements. There’s a privacy statement generator as well, and a utility for checking the adequacy of your technical data protection measures. Another feature of the Privacy Portal is its data breach registration functionality, which you can use to comply with the GDPR’s requirement that details of all breaches must be recorded. Finally, there’s a tool for generating appropriate data processing agreements to regulate your relationships with any data processors that handle data on your behalf. In other words, the Privacy Portal offers all kinds of assistance with GDPR-compliance.â
“Registrars process a great deal of personal data and cooperate with other actors, including suppliers and partners. They collect registrants’ personal details, for example, and forward the information to us on the registrants’ behalf. That’s how a domain name is registered. Naturally, it’s primarily the registrars’ responsibility to make sure that their data processing complies with the law. However, it’s also very much in our interests to see that registration data is processed and exchanged securely,” continues Sebastiaan. As Margreth points out, registrars have a lot on their plates, even without the GDPR. “Their core business is domain name registration, and compliance with the many rules and regulations that apply to the industry sometimes gets sidelined. So the Portal has been created with the aim of relieving some of the burden and making compliance easier for registrars. For any registrar who sees GDPR compliance as a dauntingly high mountain, the Privacy Portal will act like a Sherpa. You’ve still got to get up the mountain yourself, but the Portal is there to shoulder some of the load.”
âThe Privacy Portal is just one of the ways that the RA and SIDN are working together to support and invest in the registrar community. It is a spin-off from the Legal Help Desk opened earlier in the year. Via the Help Desk, all 1250 or so .nl registrars can get free legal advice regarding issues involving contracts, ICT, terms and conditions and the like. Questions are simply submitted to the Help Desk using a standard form. Another product of cooperation between SIDN and the RA is the SIDN Academy.â
“So far, we’ve run three SIDN Academy sessions for registrars. The one-day sessions are intended for sharing knowledge on particular topics,â said Assink. âThe first round of sessions was devoted to e-mail security, for example.”
Looking forward, the post notes Margreth and Sebastiaan have no preconceptions about how the Help Desk and Portal should develop from here. Both are really still pilot services. “We’ll evaluate the situation after twelve months,” says Margreth. “The future direction of the projects will depend on how registrars use these facilities in practice. A positive response and high levels of use will encourage us to continue and extend the services.”
The full version of this post originally appeared on the SIDN website here. SIDN is the country code top level domain (ccTLD) manager for .nl (Netherlands).
SIDN Labs, Afnic Labs and Grenoble Alps University have commenced a new research project on the âClassification of compromised versus maliciously registered domainsâ (COMAR).
The Franco-Dutch project, which commenced on 1 October, will address the problem of automatically distinguishing between domain names registered by cybercriminals for the purpose of malicious activities, and domain names exploited through vulnerable web applications. The project is designed to help intermediaries such as registrars and ccTLD registries further optimise their anti-abuse processes.
The ultimate goal of COMAR is to develop a machine learning-based classifier that labels blacklisted domains as compromised or maliciously registered, then extensively evaluate its accuracy, and implement it for a production-level environment. They also plan to study the attackersâ profit-maximising behaviour and their business models. The project will apply a classifier to unlabelled domain names of URL blacklists, for example, to answer the following question: do attackers prefer to register malicious domains, compromise vulnerable websites, or misuse domains of legitimate services such as cloud-based file-sharing services in their criminal activities?
COMAR is a joint project of SIDN Labs, Afnic Labs, and Grenoble Alps University. SIDN is the country code top level domain (ccTLD) registry for .nl, Afnic for .fr and Grenoble Alps University is aiming to establish itself as a leading cybersecurity research centre in the RhÃ´ne-Alpes region in France.
For more information on the research project, see:
Registering domain names in a country code top level domain often has benefits to that country’s local internet community. In the case of Canada’s ccTLD, Byron Holland, President and CEO of CIRA who manages .ca, recently explained how in a post on the company blog. Continue reading CIRA Explains Why Registering ccTLD Domains Benefits the Local Internet Community
Slow adoption of IPv6 in the Netherlands is liable to harm the nation’s innovation climate. That’s the conclusion of research carried out for SIDN, the .nl ccTLD registry.
According to monitoring by Google, the Netherlands has been slow to adopt the newer protocol. As a result, SIDN believes that the Netherland’s competitiveness as an innovation centre is being undermined. Tech companies are likely to see countries with good IPv6 support as more desirable bases. The Netherlands lags behind with IPv6 largely because of the policies of the two biggest access providers, the report concludes. Neither KPN nor Ziggo offers internet users a proper dual-stack IPv6 connection.
According Google’s data, Belgium heads the European ranking for IPv6 adoption, with more than 54 per cent of all visits to Google pages made from IPv6 addresses. In the Netherlands, the figure is just 13.2 per cent. The reluctance to embrace IPv6 does not bode well for the Dutch internet’s future-readiness. Nor, indeed, for the competitiveness of the country’s business community, since it makes the Netherlands less attractive as a place for innovation and investment in the Internet of Things (IoT).
Digitale Infrastructuur Nederland (DINL), which speaks for the companies and organisations that supply the facilities on which the digital economy is based, remains unconvinced of the case for IPv6, the study found. DINL argues that there is no pressing shortage of IPv4 addresses, and therefore no clear economic incentive to switch to IPv6. Nevertheless, DINL advocates research into the risks associated with slow adoption, since it doesn’t want to see the sector caught out by developments that it can’t respond to quickly.
According to the study findings, big companies and small businesses are embracing the new protocol more than medium-sized enterprises. Of the various sectors analysed, universities are easily the biggest IPv6 supporters, with an adoption rate of 43 per cent. And the private sector is using IPv6 more than the public sector. Nevertheless, the overall percentages are generally disappointing.
“Slow adoption of IPv6 is liable to harm our country’s international standing,” fears Roelof Meijer, SIDN’s CEO. “It detracts from the Netherlands’ image as a leading innovator. And that increases the danger of startups and innovative tech companies seeing other countries that do have good IPv6 support as more desirable bases. The services of global technology companies, such as Netflix, Google and Facebook, have been using IPv6 for a long time. That tells you which way the world is heading.”
Meijer also highlights the growing demand for IP addresses linked to the rise of the IoT: “Hubs and gateways that enable communication with IoT devices and domotics need IP addresses. If the Netherlands is going to continue to feature in development of the IoT, further implementation of IPv6 is essential.”
SIDN’s Chief Exec is therefore calling on everyone involved to finally commit to IPv6: “We all have a responsibility here. What we’re talking about is our country’s readiness for the future.”
IPv6 is the successor to IPv4, the protocol that underpins the internet’s addressing system. It’s needed because the world has run out of IPv4 addresses and the technical workarounds used to keep the system going have implications for the stability of the internet. With IPv6, addresses are structured in a completely different way, enabling far more of them to be created.
IPv4 is now nearly forty years old, but is still used for the bulk of internet traffic. Because the internet has developed in ways that were unimaginable four decades ago, with countless internet-connected devices and appliances, the demand for addresses has long since outstripped the scope for creating them on the basis of IPv4. IPv6 uses a different addressing technology, and therefore has a much bigger ‘address space’. Whereas IPv4 has space for 4 billion addresses, IPv6 has space for 340 undecillion (34 followed by 37 zeros).
The research report from the Dutch country code top level domain manager is currently available only in Dutch. An English translation will be available shortly SIDN advises.