ICANN Acronyms and Terms

Information that indicates certain properties of a domain name registration.

Codes called Extensible Provisioning Protocol domain status codes indicate the current state of the domain name in the registry. These codes are defined on the EPP Status Code page of the ICANN website. Registrants can check the status of their domain names using WHOIS Lookup on the ICANN website or through their registrar’s WHOIS search tool.

The Domain Name System (DNS) helps users to find their way around the Internet. Every computer on the Internet has a unique address - just like a telephone number - which is a complicated string of numbers called its IP address (IP stands for Internet Protocol). IP addresses can be hard to remember. The DNS makes using the Internet easier by allowing a familiar string of letters - the domain name - to be used instead of the arcane IP address. For instance, you only need to type https://icann.org to reach our website, instead of the IP address 192.0.43.7.

Any malicious activity aimed at disrupting the DNS infrastructure or causing the DNS to operate in an unintended manner. Abusive activities include corrupting DNS zone data, gaining administrative control of a name server, and flooding the DNS with thousands of messages to degrade name-resolution services.

A form of attack in which a cyberattacker uses the DNS channel to evade an organization’s network security systems. In an attack through the DNS channel, attackers use specially crafted DNS queries to download malware onto infected computers. They can also use this technique to extract sensitive information from infected computers inside one or more organizations.

A regional conference where individuals and groups that are key stakeholders in the DNS meet and discuss issues of relevance to their region. Regional and global Internet organizations sponsor DNS Forums in various regions around the world. Key to ICANN's regional outreach efforts, these forums raise awareness and foster collaboration among regional stakeholders and encourage involvement in ICANN’s multistakeholder process.

Any activity that uses the DNS protocol or the domain name registration process to carry out malicious or illegal activity. Misuse activities include hijacking domain names, registering domain names to sell counterfeit merchandise, using the DNS to distribute spam, and exploiting the DNS protocol to launch denial-of-service attacks.

A request that a DNS client (usually a resolver) submits to a name server to obtain information from the Domain Name System.

A DNS query often contains a request for the Internet Protocol (IP) address of a specific host or domain name. For this type of query, the name server responds with either 1) the requested IP address, 2) the IP address of the next name server in the path of authority, or 3) an NXDOMAIN error code, which signals that the requested host or domain name does not exist.

A technique in which an attacker sends a request to a name server using a falsified (spoofed) source Internet Protocol (IP) address. The spoofed IP address not only conceals the location of the attacker, it also causes the name server to direct responses to the attacker’s intended target.

Attackers often use this technique in denial-of-service attacks to flood a targeted name server with query traffic.

An attack in which the attacker continuously queries a name server with the intent of depleting a resource that is essential to the server’s operation. In one type of exhaustion attack, the attacker continuously opens connections on a name server, but does not complete the connection process for any of them. The incomplete connections eventually consume available memory on the name server, preventing it from opening any legitimate connections.

An attack on the DNS in which the operator of a name server manipulates response messages to queries for nonexistent domain names. Instead of delivering the response message to the Internet user, the name server delivers a synthesized message that contains an Internet Protocol (IP) address selected by the operator.

Operators that manipulate DNS response messages in this way often redirect users to sites that provide a search engine or sites that display pay-per-click advertising.

A file that identifies domain names that are known (or suspected) to resolve to Internet Protocol (IP) addresses that host botnet command-and-control servers or other malicious content.

Zone administrators in the DNS deploy RPZs to create firewalls around their recursive resolvers. The resolvers check the RPZ when they receive requests to resolve domain names. If a requested domain appears in the RPZ, the resolver can return an error message or redirect the requestor to a web page that provides malware detection and remediation instructions.

A technology that helps secure domain name lookups by incorporating a chain of digital signatures into the lookup process. Using DNSSEC, resolvers can determine whether the query responses they receive have been generated by authenticated DNS servers. By accepting only authenticated query results, resolvers can prevent attackers from hijacking the lookup process and directing Internet users to deceptive websites. Full deployment of DNSSEC ensures that users are connected to the Internet Protocol (IP) address that genuinely corresponds to the domain name specified in a uniform resource locator (URL).

A technique that attackers use to magnify the effect of a cyberattack on a name server or resolver. With this technique, attackers amplify DNS traffic by issuing queries that deliver huge response messages to the targeted name server or resolver.

An attack in which the attacker takes advantage of a vulnerability (e.g., a bug or a security hole) in the DNS server software. Some attackers use this form of attack to disable a name server. For example, they might craft an unorthodox DNS message to cause a targeted name server to fail. Other attackers exploit vulnerabilities that allow them to gain administrative control over a name server.

A segment of the DNS namespace to which administrative authority has been delegated. For example, when sections of the root zone are delegated as top-level domains (TLDs), each TLD becomes an independently administered DNS zone. Likewise, when a TLD divides its namespace into second-level domains, it generally delegates administrative authority to each of those domains, thus creating additional DNS zones.

A parent domain at any level in the DNS hierarchy can optionally delegate administrative authority to any or all its subdomains (children). A zone always starts at a domain boundary and includes a zone file identifies the host servers over which it has administrative authority. A zone ends at the boundary of another independently administered zone.