en

A Step Toward a More Comprehensive DNS Security Threat Analysis

11 June 2021

Samaneh TajalizadehkhoobSamaneh Tajalizadehkhoob, Principal Security, Stability & Resiliency SpecialistRuss WeinsteinRuss Weinstein, VP, GDD Accounts and Services

ICANN's Domain Abuse Activity Reporting (DAAR) project is a system for studying and reporting on domain name registration and security threats across top-level domain (TLD) registries. Over the last year, ICANN has made significant enhancements to DAAR, including enabling country code top-level domain (ccTLD) participation, developing new reporting for those ccTLDs who choose to participate, and enhancing the reporting for generic top-level domains (gTLDs).

A natural evolution for DAAR is to extend the reporting capabilities to the registrar level. The primary impediment to implementing this has been consistent and dependable access to the identifier of the registrar (registrar ID) for each domain name registration, as this data is not contained in DNS records or TLD zone files.

We are pleased to share that ICANN organization (org) and the leadership of contracted parties are engaged in discussions to enable ICANN org to report on domain name registration and concentrations of security threats for ICANN-accredited registrars. This discussion includes a proposal for the registries to modify the Base gTLD Registry Agreement to allow ICANN access to an existing data set for research purposes such as DAAR. A similar change was implemented between ICANN org and Verisign in 2020 as part of Amendment #3 to the .COM Registry Agreement.

The overarching purpose of DAAR is to develop a robust, reliable, and reproducible methodology for analyzing security threat activity. The ICANN community may use the results to make informed policy decisions. Adding registrar-level metrics to the DAAR system will make DAAR a more comprehensive and useful tool for a broader audience including registrars themselves. We look forward to sharing an update on this soon.

For more information about ICANN's DAAR project, please attend the ICANN71 Plenary Session, Understanding Reputation Block Lists, on Thursday, 17 June. To register for ICANN71 and view the full schedule, click here.

Samaneh Tajalizadehkhoob
Samaneh Tajalizadehkhoob
Principal Security, Stability & Resiliency Specialist

Samaneh Tajalizadehkhoob

Read biographyRead biography
Russ Weinstein
Russ Weinstein
VP, GDD Accounts and Services

Russ Weinstein

Read biographyRead biography