Skip to main content
Resources

Press Release: ICANN Initiative Promotes Internet Security Best Practices

Community of technical experts will work together to ensure a safer and more secure Domain Name System

Los Angeles – 06 September 2022 – The Internet Corporation for Assigned Names and Numbers (ICANN) is launching the Knowledge-sharing and Instantiating Norms for DNS and Naming Security (KINDNS) initiative to make the Internet safer and more resilient for all users. By collaborating with a global community of technical experts, ICANN is developing a clear framework of operational best practices for Domain Name System (DNS) security.

KINDNS is just one of many ICANN efforts underway to promote broad participation among public and private actors to make the Internet safer, and more secure and interoperable.

"As the Internet has grown and come to play a greater role in our everyday lives, DNS security has never been more critical," said John Crain, ICANN's Senior Vice President and Chief Technology Officer. "While various best practices exist for DNS operations, they are inconsistently applied and at times have led to significant security breaches that affect the whole Internet."

To mitigate this, ICANN collaborated with the technical community to create KINDNS as a mechanism to share best practices to better secure DNS operations. The result is a simple, effective framework that large and small DNS operators can voluntarily and easily follow. For example, a good practice shared through KINDNS aims at ensuring domain name servers are geographically and topologically diverse (KINDNS Practice-5 of Authoritative and Recursive servers operators). Another example is to encourage operators to enable Domain Name System Security Extensions (DNSSEC), both through Authoritative server signatures and the Resolver validating these signatures. DNSSEC is a technology developed to assure that Internet users reach their desired online destination by helping to prevent some types of attacks (KINDNS Practice-1 of Authoritative and Recursive servers operators).

Internet service providers, corporate IT managers, DNS service operators and software developers are invited to adopt the best practices promoted by KINDNS on its website and help promote the program. To learn how, visit the KINDNS dedicated website here.

About ICANN

ICANN's mission is to help ensure a stable, secure, and unified global Internet. To reach another person on the Internet, you need to type an address – a name or a number – into your computer or other device. That address must be unique so computers know where to find each other. ICANN helps coordinate and support these unique identifiers across the world. ICANN was formed in 1998 as a nonprofit public benefit corporation with a community of participants from all over the world.

Media Contact

Alexandra Dans
Communications Director, The Americas
Montevideo, Uruguay
+598 95 831 442
alexandra.dans@icann.org
Or press@icann.org

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."