December 2022 - DNS | Cybersecurity | Security

Next steps in combatting DNS Abuse

Thomas Rickert and Lars Steffen from the eco Association take stock and give an outlook on collaborating in the fight against abuse involving the DNS.

Next steps in combatting DNS Abuse-web

Copyright: © BeeBright| istockphoto.com

In a previous article in dotmagazine, we looked in some detail at the topic of DNS abuse and the importance of acting and collaborating in the fight against it. The topic has been central to the activities of the eco Association’s topDNS initiative throughout 2022, and an overview of the first half of the year was given in August. Here, we want to take stock and look ahead to 2023.

The DNS is a core function of the Internet because it converts human-readable domain names into IP addresses. In the topDNS initiative, leading companies in the industry are working to protect this “telephone book of the Internet” from a variety of forms of misuse, which we refer to as DNS abuse. The initiative includes the founding members Verisign, CentralNic, Public Interest Registry, IQ Global AS, Leaseweb, CleanDNS, and Realtime Register. In September, nic.at, the Austrian ccTLD registry, joined topDNS, and more will follow early next year.

Assistance in understanding DNS Abuse

For some, DNS abuse has become a catch-all term for many types of attack and malicious behavior on the Internet. However, it is important to note that often it is not the domain name system itself that the attackers target. The DNS is part of virtually all activities on the Internet, including the harmful ones. As a result, even defining the term, and gaining an understanding of where the responsibility for protection lies, is no easy task.

In close cooperation with the eco Anti-Abuse Competence Group, topDNS has recently published an Abuse Taxonomy Table to provide guidance on which cyber threats are considered to be abuse of the Domain Name System, and which are not. The table is a living document. It does not claim to be complete, nor does it claim to do justice to all intermediaries and players in the DNS ecosystem. With the DNS Abuse Taxonomy Table, we would like to initiate a discussion about who can and should contribute to the protection of the Internet and its users. Interfering with the DNS only makes sense where it is obviously being manipulated or abused. Manipulating the DNS can have severe consequences for diversity and freedom of speech and cause collateral damage. There is just a binary choice between “on” and “off” for infrastructure providers of the DNS, while other players can take more nuanced approaches. We take the position that DNS blocking should be a last resort measures for a limited number of scenarios.

State of the DNS

On 31 January 2022, the European Commission published the Study on Domain Name System (DNS) abuse. The study was extensively discussed within the domain name industry and beyond. In November, topDNS organized a workshop in Brussels to review the 27 recommendations from the study, potentially to reframe the general ideas and suggestions and to agree on actions and operationalizable solutions. Participants included three different Directorate-Generals of the European Commission, the authors of the study, topDNS members, and subject matter experts, like the DNS Abuse Institute, the Internet & Jurisdictions Policy Network, CENTR, Global Cyber Alliance, and INTA.

At the workshop, topDNS also once again presented its “Stockholm Recommendations”, which the initiative had developed at a workshop in May at the Nordic Domain Days, for review. The recommendations are as follows:

  1. Publish an anti-abuse policy covering DNS abuse and contact details for abuse reports.
  2. Have staff that are trained to process DNS abuse reports.
  3. Try to find out if there are DNS abuse issues with your customers.
  4. Be responsive to abuse reports.
  5. Pass on reports you cannot handle to a party that is better placed to take action.
  6. Explore opportunities for the exchange of intelligence.
  7. Use tools. They provide data, insights, and guidance.
  8. Act swiftly if the issue requires urgency.
  9. Let proportionality guide your actions.
  10. Be part of the solution, not the problem.

These recommendations may sound like high level common sense to those already actively engaged in the fight against DNS abuse. But as can be seen from the activities planned for 2023, topDNS wants to reach those who do not yet pay much attention to the topic and those who are just starting to pay attention but do not know where to start. Sharing best practices with well-meaning players is an excellent tool for helping them become better.

Therefore, in addition to reviewing the recommendations, a further goal of the workshop was to give a voice to those who are often missing from the discussion on DNS abuse: DNS service providers, public resolver operators, hosting & email service providers, etc. A detailed report about the workshop and its conclusions will be published at the turn of the year.

Outlook 2023

Without wanting to anticipate the results, topDNS will focus its efforts on the following activities in 2023:

  • Webinar series on best practices and tools to avoid malicious domain name registrations
  • Develop training opportunities for many players along the value chain.
  • Where appropriate, the creation of “anti-abuse tool kits” for different intermediaries with recommendations for both open source and commercially available tools
  • Developing a trusted space for collaboration and sharing of insights and information.

The goal of topDNS is to bring all relevant stakeholders and intermediaries to the table and put up for discussion all different types of abuse that harm everyone on the Internet, as summarized in the abuse taxonomy table, in order to talk about roles and responsibilities across the board with the entire industry.

It's always good to develop self-regulatory initiatives and ideas on how to respond to challenges we are faced with using appropriate measures. There is a lot to do. Let’s do it.

A note on sponsoring

A brief point in conclusion: We are asked time and again why topDNS is linked to sponsorship and why we do not finance all activities of the topDNS initiative from membership fees. For more than 25 years, the eco Association has stood for moderate membership fees in order to give small and medium-sized enterprises in particular an equal voice in this very diverse industry. Topic-specific initiatives such as topDNS result in effort and costs that go beyond the regular association work: Additional resources, travel costs, meeting rooms with technology and catering, etc. Therefore, we would like to take this opportunity to thank all those who make this initiative possible: Verisign, CentralNic, Public Interest Registry, nic.at, IQ Global AS, Leaseweb, CleanDNS, and Realtime Register.

 

Attorney-at-law and domain law expert Thomas Rickert is Director of the Names & Numbers Forum at eco - Association of the Internet Industry (international.eco.de).

Thomas Rickert is a member of the GNSO (Generic Names Supporting Organization) Council of the Internet Corporation for Assigned Names and Numbers (icann.org). At the beginning of 2022 he initiated the topDNS Initiative (topdns.eco) that unites members of the eco Association to fight DNS abuse. Furthermore, Thomas Rickert is managing director of the law firm Rickert Rechtsanwaltsgesellschaft mbH (rickert.law), which is specialized in legal issues of the digital economy.

 

Lars Steffen is Director International at eco – Association of the Internet Industry (international.eco.de), the largest Internet industry association in Europe. At eco, he coordinates all international activities of the association and takes care of the members from the domain name industry.