Public Interest Registry announced Wednesday the launch of the DNS Abuse Institute as part of its ongoing efforts to protect Internet users from the threat of DNS Abuse such as malware, botnets, phishing, pharming and spam.
According to an analysis of the Netherlands’ 50 biggest brand names, the number of .nl domain names suspected of being used or intended for use in phishing has been increasing, but monitoring and intervention appears to be suppressing visible abuse such as phishing.
The Dutch ccTLD .nl passed the six million registered domain names last week, a milestone that was reached somewhat earlier as a result of around a quarter of a million new registrations following the COVID-19 pandemic and lockdown.
A couple of reports from the people behind .nz have shown the impact of COVID-19 (coronavirus) on New Zealanders and their internet use in recent months. Statistics for .nz shows increased DNS activity, including a surge in registrations that has taken registrations to close to 715,000.
To assist their registrars comply with the European Unionâs General Data Protection Regulation, SIDN, the .nl ccTLD manager, has set up a Privacy Portal and a Legal Help Desk. SIDN acknowledges that for registrars, bringing their operations into line with the GDPR — and making sure they stay that way — can be a challenge.
In a blog post on the SIDN website by RA CEO Margreth Verhulst and SIDN’s Key Account Manager Sebastiaan Assink discuss the Privacy Portal and Legal Help Desk now available to registrars.
âAt the start of the year, SIDN organised a webinar on the implications of the GDPR for domain name registration. Participants were asked whether they had set up a data processing register, as required under the new legislation. And no fewer than 66 per cent of the registrars responded by saying that they hadn’t yet set one up. A broadly similar picture emerged when the RA surveyed its members to find out how many were GDPR-compliant. From the survey feedback, it was also clear that registrars would welcome support bringing their activities into line with the directive. The RA and SIDN therefore linked up with the ICTRecht legal consultancy to create the Privacy Portal, which opened for business on 27 September 2018. The Portal is intended to advise registrars on recording and protecting sensitive information and other privacy-related issues. “The Privacy Portal offers registrars free guidance on all aspects of privacy management,” explains Sebastiaan. “You can get answers to legal questions, or help with data processing agreements and other documents.” Dozens of registrars have already turned to the Portal for assistance.
A registrarâs first contact the Privacy Portal sees them being asked a few general questions. Answers are used to build up a profile and then a customised account can be established. Through the account, tailored advice is made available and appropriate measures are suggested. Facilities are also available for organising your enquiries and documents. “The intake privacy scan provides an immediate impression of what you’ve got under control and what still needs attention,” adds Margreth.
âThe Portal also features a tool that can be used to set up and maintain a data processing register, another of the GDPR’s new requirements. There’s a privacy statement generator as well, and a utility for checking the adequacy of your technical data protection measures. Another feature of the Privacy Portal is its data breach registration functionality, which you can use to comply with the GDPR’s requirement that details of all breaches must be recorded. Finally, there’s a tool for generating appropriate data processing agreements to regulate your relationships with any data processors that handle data on your behalf. In other words, the Privacy Portal offers all kinds of assistance with GDPR-compliance.â
“Registrars process a great deal of personal data and cooperate with other actors, including suppliers and partners. They collect registrants’ personal details, for example, and forward the information to us on the registrants’ behalf. That’s how a domain name is registered. Naturally, it’s primarily the registrars’ responsibility to make sure that their data processing complies with the law. However, it’s also very much in our interests to see that registration data is processed and exchanged securely,” continues Sebastiaan. As Margreth points out, registrars have a lot on their plates, even without the GDPR. “Their core business is domain name registration, and compliance with the many rules and regulations that apply to the industry sometimes gets sidelined. So the Portal has been created with the aim of relieving some of the burden and making compliance easier for registrars. For any registrar who sees GDPR compliance as a dauntingly high mountain, the Privacy Portal will act like a Sherpa. You’ve still got to get up the mountain yourself, but the Portal is there to shoulder some of the load.”
âThe Privacy Portal is just one of the ways that the RA and SIDN are working together to support and invest in the registrar community. It is a spin-off from the Legal Help Desk opened earlier in the year. Via the Help Desk, all 1250 or so .nl registrars can get free legal advice regarding issues involving contracts, ICT, terms and conditions and the like. Questions are simply submitted to the Help Desk using a standard form. Another product of cooperation between SIDN and the RA is the SIDN Academy.â
“So far, we’ve run three SIDN Academy sessions for registrars. The one-day sessions are intended for sharing knowledge on particular topics,â said Assink. âThe first round of sessions was devoted to e-mail security, for example.”
Looking forward, the post notes Margreth and Sebastiaan have no preconceptions about how the Help Desk and Portal should develop from here. Both are really still pilot services. “We’ll evaluate the situation after twelve months,” says Margreth. “The future direction of the projects will depend on how registrars use these facilities in practice. A positive response and high levels of use will encourage us to continue and extend the services.”
The full version of this post originally appeared on the SIDN website here. SIDN is the country code top level domain (ccTLD) manager for .nl (Netherlands).
SIDN Labs, Afnic Labs and Grenoble Alps University have commenced a new research project on the âClassification of compromised versus maliciously registered domainsâ (COMAR).
The Franco-Dutch project, which commenced on 1 October, will address the problem of automatically distinguishing between domain names registered by cybercriminals for the purpose of malicious activities, and domain names exploited through vulnerable web applications. The project is designed to help intermediaries such as registrars and ccTLD registries further optimise their anti-abuse processes.
The ultimate goal of COMAR is to develop a machine learning-based classifier that labels blacklisted domains as compromised or maliciously registered, then extensively evaluate its accuracy, and implement it for a production-level environment. They also plan to study the attackersâ profit-maximising behaviour and their business models. The project will apply a classifier to unlabelled domain names of URL blacklists, for example, to answer the following question: do attackers prefer to register malicious domains, compromise vulnerable websites, or misuse domains of legitimate services such as cloud-based file-sharing services in their criminal activities?
COMAR is a joint project of SIDN Labs, Afnic Labs, and Grenoble Alps University. SIDN is the country code top level domain (ccTLD) registry for .nl, Afnic for .fr and Grenoble Alps University is aiming to establish itself as a leading cybersecurity research centre in the RhÃ´ne-Alpes region in France.
For more information on the research project, see:
Registering domain names in a country code top level domain often has benefits to that country’s local internet community. In the case of Canada’s ccTLD, Byron Holland, President and CEO of CIRA who manages .ca, recently explained how in a post on the company blog. Continue reading CIRA Explains Why Registering ccTLD Domains Benefits the Local Internet Community
Slow adoption of IPv6 in the Netherlands is liable to harm the nation’s innovation climate. That’s the conclusion of research carried out for SIDN, the .nl ccTLD registry.
According to monitoring by Google, the Netherlands has been slow to adopt the newer protocol. As a result, SIDN believes that the Netherland’s competitiveness as an innovation centre is being undermined. Tech companies are likely to see countries with good IPv6 support as more desirable bases. The Netherlands lags behind with IPv6 largely because of the policies of the two biggest access providers, the report concludes. Neither KPN nor Ziggo offers internet users a proper dual-stack IPv6 connection.
According Google’s data, Belgium heads the European ranking for IPv6 adoption, with more than 54 per cent of all visits to Google pages made from IPv6 addresses. In the Netherlands, the figure is just 13.2 per cent. The reluctance to embrace IPv6 does not bode well for the Dutch internet’s future-readiness. Nor, indeed, for the competitiveness of the country’s business community, since it makes the Netherlands less attractive as a place for innovation and investment in the Internet of Things (IoT).
Digitale Infrastructuur Nederland (DINL), which speaks for the companies and organisations that supply the facilities on which the digital economy is based, remains unconvinced of the case for IPv6, the study found. DINL argues that there is no pressing shortage of IPv4 addresses, and therefore no clear economic incentive to switch to IPv6. Nevertheless, DINL advocates research into the risks associated with slow adoption, since it doesn’t want to see the sector caught out by developments that it can’t respond to quickly.
According to the study findings, big companies and small businesses are embracing the new protocol more than medium-sized enterprises. Of the various sectors analysed, universities are easily the biggest IPv6 supporters, with an adoption rate of 43 per cent. And the private sector is using IPv6 more than the public sector. Nevertheless, the overall percentages are generally disappointing.
“Slow adoption of IPv6 is liable to harm our country’s international standing,” fears Roelof Meijer, SIDN’s CEO. “It detracts from the Netherlands’ image as a leading innovator. And that increases the danger of startups and innovative tech companies seeing other countries that do have good IPv6 support as more desirable bases. The services of global technology companies, such as Netflix, Google and Facebook, have been using IPv6 for a long time. That tells you which way the world is heading.”
Meijer also highlights the growing demand for IP addresses linked to the rise of the IoT: “Hubs and gateways that enable communication with IoT devices and domotics need IP addresses. If the Netherlands is going to continue to feature in development of the IoT, further implementation of IPv6 is essential.”
SIDN’s Chief Exec is therefore calling on everyone involved to finally commit to IPv6: “We all have a responsibility here. What we’re talking about is our country’s readiness for the future.”
IPv6 is the successor to IPv4, the protocol that underpins the internet’s addressing system. It’s needed because the world has run out of IPv4 addresses and the technical workarounds used to keep the system going have implications for the stability of the internet. With IPv6, addresses are structured in a completely different way, enabling far more of them to be created.
IPv4 is now nearly forty years old, but is still used for the bulk of internet traffic. Because the internet has developed in ways that were unimaginable four decades ago, with countless internet-connected devices and appliances, the demand for addresses has long since outstripped the scope for creating them on the basis of IPv4. IPv6 uses a different addressing technology, and therefore has a much bigger ‘address space’. Whereas IPv4 has space for 4 billion addresses, IPv6 has space for 340 undecillion (34 followed by 37 zeros).
The research report from the Dutch country code top level domain manager is currently available only in Dutch. An English translation will be available shortly SIDN advises.
The Dutch and Austrian ccTLD managers, SIDN and nic.at, have signed a cooperation agreement under which all domains managed by SIDN will additionally be hosted on the nic.at anycast network RcodeZero DNS. The agreement was announced by SIDN’s CEO Roelof Meijer and nic.at CEO Richard Wein on the sidelines of the ICANN meeting in San Juan, Puerto Rico.
“We are very happy and proud to offer our technical services to the third largest European ccTLD,” says Richard Wein, CEO of nic.at. The agreement covers the almost 6 million domains registered under .nl, .amsterdam, .aw and .politie and sees SIDN becoming the biggest customer of the RcodeZero TLD DNS network. A network which already hosts twelve different TLDs at thirteen highly available redundant locations all over the world.
Roelof Meijer, SIDN’s CEO, explains the reasons why they decided for RcodeZero DNS: “First of all, it was important for us to have a partner under EU jurisdiction and data protection law. Secondly, we were impressed by nic.at’s technical know-how and flexibility, as well as their readiness to develop their product further based on our needs.” In recent years, SIDN has constantly been improving and optimising its DNS infrastructure with anycast partners to guarantee the best possible availability of .nl domains.
RcodeZero DNS will soon be expanded with additional nodes in Australia and South America to provide better performance and lower latency for customers in those areas, too. However, RcodeZero DNS, had other attractions for a technician, as confirmed by Marc Groeneweg, Coordinator of DNS Ops Team at SIDN: “It’s important for us to have comprehensive statistics and real-time DNS traffic information to further analyse our infrastructure, as a basis for continued improvement of our infrastructure.“
The technical work of integrating all Dutch domains into the network has just been completed and the set-up is now ready for public production.
The agreement is a sign of further consolidation and expansion within the top level domain registry industry, using their experiences in areas such as security among others. In the security area, a big issue for business worldwide, the domain name business is one of the leading providers of online security solutions. Some registries, such as nic.at and SWITCH, the Swiss registry operator, also run CERTs.
Others, such as CIRA, the Canadian ccTLD manager, has been active in recent months signing agreements with Uniregistry, DNS.PT (Portugal’s .pt) and InternetNZ (New Zealand’s .nz) to provide global domain name system services. SIDN itself has acquired a controlling stake in Connectis, one of the Netherlands' leading suppliers of secure log-in solutions and redesigned SPIN, their open-source system for protecting the internet and end-users against insecure IoT devices in home networks. And DENIC, the German (.de) ccTLD manager, has been approved as an authorised New gTLD Data Escrow Agent to offer both to ICANN-accredited registrars and registries an escrow service which fully complies with the European legal framework.
Registries universally said they’re not content police in a discussion on domain name take down processes involving legal counsels from the operators of 6 European registries, both generic and country code TLDs. However processes vary among the registries.
The discussion involved representatives from dotSaarland, DENIC (.de), SWITCH (.ch), SIDN (.nl), DNS Belgium (.be) and Nominet (.uk) at the Domain Pulse conference in Munich Friday, the annual event that rotates between Germany, Switzerland and Austria.
One registry that does make decisions on takedowns, or suspensions as they’re often called, and the content on the sites using the domain names, is SWITCH. Anna Kuhn explained how SWITCH was rather unusual in that they were both a registry and operated a national Computer Emergency Response Team (CERT), which gave them some additional expertise. However SWITCH still doesn’t make decisions on content, only on domain names involved in the hosting malware and phishing Combatting cybercrime, Kuhn explained, is one of the roles of the registry operator.
Volker Greimann from dotSaarland, the only new gTLD operator in the panel discussion, said .saarland is in a different position to the country code top level domain (ccTLD) registries as they have a direct contract with ICANN. Additionally, the Saarland regional government said they don’t want their new generic top level domain (new gTLD) to be a haven for crime. The gTLD for the German state has an anti-abuse rule in their terms and conditions that requires domain names to not ruin the reputation of the Saar region.
Horst explained the German registry's position of the German registry in this respect: “DENIC is not the right point of contact to which to turn when it comes to content. If DENIC were to evaluate content and delete, at its own discretion, domains through which websites with questionable content can be accessed, this would be equivalent to censorship. In a democracy based on the separation of powers, no one can seriously support law enforcement by the private sector. This philosophy of DENIC's is, by the way, also reflected by the unanimous opinion of the German courts.”
The courts, Horst explained, have always sided with DENIC’s view that they also aren’t in a position to judge on what is illegal content and that complaints should always go to the registrant if they can be contacted.
SIDN’s Maarten Simon said SIDN will never just take down a domain name and that contacting the registry should be a last resort. However Simon also noted .nl domain names are much more trusted by Dutch people than any other TLD. And that this trust is both in SIDN’s interest to protect so that internet users continue to want to visit sites using the Dutch ccTLD and businesses want to register .nl domain names. Building trust benefits SIDN’s bottom line as more .nl domain names are registered. For complaints regarding .nl domain names, there is an independent appeals board with a number of judges and professors with the expertise to deal with complaints.
Peter Vergote from DNS Belgium also noted how .be has nothing to do with judging content hosted using a .be domain name, so to get a domain name suspended a complaint has to give necessary evidence such as a court order to have a domain name taken down.
Vergote echoed Simon’s views on .nl in that DNS Belgium deeply cares about the quality of the .be zone and it’s their sincere duty to do what they can without taking unnecessary risks. While they are more active than in the past on dealing with complaints, they will never evaluate content on a website. This position has been backed by a court order from a Belgian court that states deciding illegal content is up to the courts and can’t be done by DNS Belgium. When it comes to phishing though, DNS Belgium treats this differently and will take action without a court order if they are advised from a competent body that a domain name is used for phishing.
But DNS Belgium will never take it upon themselves to suspend a domain name that’s suspected of being used for phishing because that’s a content evaluation. Additionally Vergote said a phisher is unlikely to put their correct identity in Whois. DNS Belgium suspends around a dozen domain names per month with complaints largely driven by government agencies and rarely from private individuals or organisations.
So what about the domain names that are required to be taken down, or suspended? For SIDN, Simon explained the procedure starts with a form to be completed on the SIDN website where the complainant explains why the domain name should be taken and what they’ve done to date to complain. If the complaint is clear cut SIDN will go to the registrar and get the domain name taken down. SIDN receives about 20 requests per year and take down one, maybe 2, each year out of the 5.8 million .nl registrations.
Nominet’s Wenban-Smith commented on the futility of removing or suspending a domain name because even if they do, the content still exists. Nominet doesn’t allow child abuse or content that promotes criminal activity on .uk domain names. But Nominet doesn’t make decisions on what is illegal content but does cooperate with those who can such as law enforcement. For those wishing to make complaints, Nominet doesn’t take requests from those outside the UK. In 2017 Wenban-Smith said Nominet suspended 16,000 .uk domain names in 2017.