Do you have feedback on the definitions or the terms? Send us an email to: firstname.lastname@example.org
An incident that results in the intentional or unintentional exposure or release of personal data or sensitive information to an unauthorized party. If a data breach were to expose the credentials for a registrant’s account with a registrar, cyberattackers could access the account and hijack the registrant’s domain name.
Members of the ICANN Empowered Community, which the ICANN Bylaws define as all of ICANN’s Supporting Organizations (SOs) plus the At-Large Advisory Committee and the Governmental Advisory Committee. The Empowered Community gives Decisional Participants the ability to legally enforce community powers.
A process that can be used to resolve a conflict, dispute, or complaint. ICANN has policies to address various types of disputes involving the registration and use of domain names. Under these policies, claimants can file complaints with one of the approved Dispute Resolution Service Providers instead of taking the dispute to the court system for adjudication.
A malicious activity in which cyberattackers use multiple computers (sometimes thousands) to engage in a synchronized attack on a targeted system. Attackers often launch DDOS attacks from botnets, a collection of malware-infected devices that act in response to commands from a botnet command and control. Like a denial-of-service attack, the attackers overwhelm the targeted system with spurious requests, making the system difficult or impossible for its intended users to reach.
The system that ICANN uses to monitor domain abuse and registration activity across top-level domains (TLDs). DAAR continuously collects registration and security threat data from numerous reputation data feeds. Using this data, ICANN analysts identify and report the use of domain names for activities such as phishing, malware distribution, botnet activity, and spam.
A unique name that forms the basis of the uniform resource locators (URLs) that people use to find resources on the Internet (e.g., web pages, email servers, images, and videos). The domain name itself identifies a specific address on the Internet that belongs to an entity such as a company, organization, institution, or individual. For example, in the URL https://www.icann.org/public-comments, the domain name icann.org directs a browser to the ICANN organization’s domain. The rest of the URL directs the browser to a specific resource on the www server within ICANN’s domain (in this case, the Public Comments page on the ICANN org website).
A domain name consists of two or more textual segments separated by dots. For example, in the domain name icann.org, the first part of the name, icann, represents a second-level domain within the top-level domain org. Domain names can also have more than two segments, as in bbc.co.uk. In this example, bbc represents a subdomain within the second-level domain co, which resides in the top-level domain uk.
To complete a domain name registration, the registrant registers the domain name with a registrar. The registrar verifies that the domain name is available in the requested TLD and submits the registration request to the registry operator for that TLD. The registry operator then adds the new domain to the TLD’s registry.
Data that is accessible to the public through a directory service known as WHOIS. DNRD refers to the information that registrants submit when they register a domain name. Registrars or registry operators collect this data and make some of it available for public display or for use by applications. The data elements that registrants must submit are specified in the Registrar Accreditation Agreement.
A form of Domain Name System (DNS) abuse in which a cyberattacker gains control over how a registered domain name is resolved. Sometimes attackers hijack a domain name by gaining control of an authoritative name server and altering the domain name’s DNS configuration in that server. In other cases, attackers hijack a domain name by gaining control of a registrant’s account with a registrar. Once the attackers have access to the account, they alter the domain name’s DNS configuration or transfer the domain name to another registrar.
The process of extending the registration of a domain name when the registration reaches its expiration date. When individuals register domain names, they obtain the right to use the name for a specified length of time. To continue using the name, a registrant must renew the registration. If a domain name is not renewed, the registrant may lose the right to use the name.
Information that indicates certain properties of a domain name registration.
Codes called Extensible Provisioning Protocol domain status codes indicate the current state of the domain name in the registry. These codes are defined on the EPP Status Code page of the ICANN website. Registrants can check the status of their domain names using WHOIS Lookup on the ICANN website or through their registrar’s WHOIS search tool.
Any malicious activity aimed at disrupting the DNS infrastructure or causing the DNS to operate in an unintended manner. Abusive activities include corrupting DNS zone data, gaining administrative control of a name server, and flooding the DNS with thousands of messages to degrade name-resolution services.
A form of attack in which a cyberattacker uses the DNS channel to evade an organization’s network security systems. In an attack through the DNS channel, attackers use specially crafted DNS queries to download malware onto infected computers. They can also use this technique to extract sensitive information from infected computers inside one or more organizations.
A regional conference where individuals and groups that are key stakeholders in the DNS meet and discuss issues of relevance to their region. Regional and global Internet organizations sponsor DNS Forums in various regions around the world. Key to ICANN's regional outreach efforts, these forums raise awareness and foster collaboration among regional stakeholders and encourage involvement in ICANN’s multistakeholder process.
Any activity that uses the DNS protocol or the domain name registration process to carry out malicious or illegal activity. Misuse activities include hijacking domain names, registering domain names to sell counterfeit merchandise, using the DNS to distribute spam, and exploiting the DNS protocol to launch denial-of-service attacks.
A technique in which an attacker sends a request to a name server using a falsified (spoofed) source Internet Protocol (IP) address. The spoofed IP address not only conceals the location of the attacker, it also causes the name server to direct responses to the attacker’s intended target.
Attackers often use this technique in denial-of-service attacks to flood a targeted name server with query traffic.
An attack in which the attacker continuously queries a name server with the intent of depleting a resource that is essential to the server’s operation. In one type of exhaustion attack, the attacker continuously opens connections on a name server, but does not complete the connection process for any of them. The incomplete connections eventually consume available memory on the name server, preventing it from opening any legitimate connections.
An attack on the DNS in which the operator of a name server manipulates response messages to queries for nonexistent domain names. Instead of delivering the response message to the Internet user, the name server delivers a synthesized message that contains an Internet Protocol (IP) address selected by the operator.
Operators that manipulate DNS response messages in this way often redirect users to sites that provide a search engine or sites that display pay-per-click advertising.
A technology that helps secure domain name lookups by incorporating a chain of digital signatures into the lookup process. Using DNSSEC, resolvers can determine whether the query responses they receive have been generated by authenticated DNS servers. By accepting only authenticated query results, resolvers can prevent attackers from hijacking the lookup process and directing Internet users to deceptive websites. Full deployment of DNSSEC ensures that users are connected to the Internet Protocol (IP) address that genuinely corresponds to the domain name specified in a uniform resource locator (URL).
A technique that attackers use to magnify the effect of a cyberattack on a name server or resolver. With this technique, attackers amplify DNS traffic by issuing queries that deliver huge response messages to the targeted name server or resolver.
An attack in which the attacker takes advantage of a vulnerability (e.g., a bug or a security hole) in the DNS server software. Some attackers use this form of attack to disable a name server. For example, they might craft an unorthodox DNS message to cause a targeted name server to fail. Other attackers exploit vulnerabilities that allow them to gain administrative control over a name server.