en

ICANN Makes Progress Toward a More Comprehensive DNS Security Threat Analysis

28 October 2021

Russ WeinsteinRuss Weinstein, VP, GDD Accounts and ServicesSamaneh TajalizadehkhoobSamaneh Tajalizadehkhoob, Principal Security, Stability & Resiliency Specialist

As we shared in a blog on 11 June 2021, the ICANN organization (org) is interested in extending the level of reporting data in the Domain Abuse Activity Reporting (DAAR) project to the registrar level. DAAR, as many of you know, is a system for studying and reporting on the concentration of security threats across top-level domain (TLD) registries.  

The primary impediment to implementing registrar reporting has been the consistent and dependable access to the identifier of the registrar (registrar ID) for each domain name registration. This data is not contained in Domain Name System (DNS) records or TLD zone files.

We are pleased to report that following discussions with the leadership of the contracted parties, we have reached an agreement in principle where we can overcome this impediment with a change to the Base Generic Top-Level Domain (gTLD) Registry Agreement. The required change would enable ICANN org to use an existing data set provided by registries for research purposes such as DAAR. 

Samantha Demetriou, Chair of the gTLD Registries Stakeholder Group (RySG) stated, The RySG supports ICANN org’s plan to expand DAAR to include registrar data, as well as the org’s efforts to enhance the overall level of knowledge about DNS Abuse among the ICANN community and facilitate data-driven, fact-based discussions on this subject.” 

Ashley Heineman, Chair of the Registrars Stakeholder Group added, “We look forward to this update and the additional data it will provide the community.”

ICANN org will use this agreement in principle to finalize mutually agreeable contractual language, and follow the standard process to amend the Base gTLD Registry Agreement. This process includes the opportunity for community feedback via Public Comment, voting by the gTLD registries, and approval by the ICANN Board. In parallel, the org will update the DAAR system to enable new reporting to include registrar-level data once we can officially use the data set for research purposes.  

The overarching purpose of DAAR is to develop a robust, reliable, and reproducible methodology for analyzing security threat activity trends, which the ICANN community may use to make informed policy decisions. Adding registrar-level metrics to the DAAR system will make DAAR a more comprehensive and useful tool for a broader audience, including registrars themselves. We would like to thank the RySG for its collaborative and pragmatic approach in helping the ICANN community to better address DNS security threats. 

We welcome engagement and collaboration with the registrars and others in the community to maximize the utility of the new reporting data and tools of the DAAR project.   

For more information about the DAAR project, visit https://www.icann.org/octo-ssr/daar.

 

Russ Weinstein
Russ Weinstein
VP, GDD Accounts and Services

Russ Weinstein

Read biographyRead biography
Samaneh Tajalizadehkhoob
Samaneh Tajalizadehkhoob
Principal Security, Stability & Resiliency Specialist

Samaneh Tajalizadehkhoob

Read biographyRead biography