ICANN Acronyms and Terms

A part of the Internet ecosystem where publishers can host or exchange information without revealing their identities or locations. Although the Dark Web uses the Internet Protocol (IP), it uses encryption and the Onion Router (TOR) to protect users from surveillance and traceability.

The Dark Web does not use the Domain Name System to resolve domain names. Instead it uses TOR's hidden service names, which are delegated from .onion, a special-use top-level domain.

An incident that results in the intentional or unintentional exposure or release of personal data or sensitive information to an unauthorized party. If a data breach were to expose the credentials for a registrant’s account with a registrar, cyberattackers could access the account and hijack the registrant’s domain name.

Members of the ICANN Empowered Community, which the ICANN Bylaws define as all of ICANN’s Supporting Organizations (SOs) plus the At-Large Advisory Committee and the Governmental Advisory Committee. The Empowered Community gives Decisional Participants the ability to legally enforce community powers.

In the New Generic Top-Level Domain Program (New gTLD Program), a list maintained by ICANN that records the variant gTLD strings that applicants list in their gTLD applications.

The assignment of administrative authority for a domain to a registry operator. A registry operator to which this authority is delegated assumes the responsibility for operating and maintaining the authoritative name servers for a given domain.

A domain at any level in the Domain Name System hierarchy can optionally delegate authority to any or all its subdomains (children). To put a delegation into effect, the operator of the parent domain must update its zone file to point to the authoritative name servers for the child domains to which authority has been delegated.

An architecture that emerged from the Corporation for National Research Initiatives (CNRI) in the mid-1990s for managing digital objects on the Internet. The architecture consists of three components: an identifier/resolution component, a digital object repository component, and a digital object registry component. The DOA design provides flexibility in how data and metadata are represented in individual systems.

A process that can be used to resolve a conflict, dispute, or complaint. ICANN has policies to address various types of disputes involving the registration and use of domain names. Under these policies, claimants can file complaints with one of the approved Dispute Resolution Service Providers instead of taking the dispute to the court system for adjudication.

An entity approved by ICANN to adjudicate dispute resolution proceedings in response to formally filed disputes. Working through a DRSP offers parties a mechanism to resolve a dispute outside the court system.

A malicious activity in which cyberattackers use multiple computers (sometimes thousands) to engage in a synchronized attack on a targeted system. Attackers often launch DDOS attacks from botnets, a collection of malware-infected devices that act in response to commands from a botnet command and control. Like a denial-of-service attack, the attackers overwhelm the targeted system with spurious requests, making the system difficult or impossible for its intended users to reach.

The system that ICANN uses to monitor domain abuse and registration activity across top-level domains (TLDs). DAAR continuously collects registration and security threat data from numerous reputation data feeds. Using this data, ICANN analysts identify and report the use of domain names for activities such as phishing, malware distribution, botnet activity, and spam.

A unique name that forms the basis of the uniform resource locators (URLs) that people use to find resources on the Internet (e.g., web pages, email servers, images, and videos). The domain name itself identifies a specific address on the Internet that belongs to an entity such as a company, organization, institution, or individual. For example, in the URL https://www.icann.org/public-comments, the domain name icann.org directs a browser to the ICANN organization’s domain. The rest of the URL directs the browser to a specific resource on the www server within ICANN’s domain (in this case, the Public Comments page on the ICANN org website).

A domain name consists of two or more textual segments separated by dots. For example, in the domain name icann.org, the first part of the name, icann, represents a second-level domain within the top-level domain org. Domain names can also have more than two segments, as in bbc.co.uk. In this example, bbc represents a subdomain within the second-level domain co, which resides in the top-level domain uk.

An individual or entity who registers a domain name. See registrant.

The process of selecting a domain name and registering it in a top-level domain. Domain name registration typically involves a:

• Registrant: the individual or entity who wants to register a domain name
• Registrar: an entity that processes domain name registrations
• Registry operator: the entity that maintains the master database (the registry) of domain names registered in a particular top-level domain (TLD)

To complete a domain name registration, the registrant registers the domain name with a registrar. The registrar verifies that the domain name is available in the requested TLD and submits the registration request to the registry operator for that TLD. The registry operator then adds the new domain to the TLD’s registry.

A registrant can optionally register a domain name through a reseller. Resellers are third-party companies that offer domain name registration services through a registrar.

Data that is accessible to the public through a directory service known as WHOIS. DNRD refers to the information that registrants submit when they register a domain name. Registrars or registry operators collect this data and make some of it available for public display or for use by applications. The data elements that registrants must submit are specified in the Registrar Accreditation Agreement.

A form of Domain Name System (DNS) abuse in which a cyberattacker gains control over how a registered domain name is resolved. Sometimes attackers hijack a domain name by gaining control of an authoritative name server and altering the domain name’s DNS configuration in that server. In other cases, attackers hijack a domain name by gaining control of a registrant’s account with a registrar. Once the attackers have access to the account, they alter the domain name’s DNS configuration or transfer the domain name to another registrar.

The process of extending the registration of a domain name when the registration reaches its expiration date. When individuals register domain names, they obtain the right to use the name for a specified length of time. To continue using the name, a registrant must renew the registration. If a domain name is not renewed, the registrant may lose the right to use the name.

A person or entity that participates in a registrar's distribution channel for domain name registrations. Resellers contract with registrars to provide some or all registrar services. Services that resellers provide can include collecting registration data from registrants, submitting registration data to registrars, and facilitating registration agreements between registrars and registrants.

Information that indicates certain properties of a domain name registration.

Codes called Extensible Provisioning Protocol domain status codes indicate the current state of the domain name in the registry. These codes are defined on the EPP Status Code page of the ICANN website. Registrants can check the status of their domain names using WHOIS Lookup on the ICANN website or through their registrar’s WHOIS search tool.

The Domain Name System (DNS) helps users to find their way around the Internet. Every computer on the Internet has a unique address - just like a telephone number - which is a complicated string of numbers called its IP address (IP stands for Internet Protocol). IP addresses can be hard to remember. The DNS makes using the Internet easier by allowing a familiar string of letters - the domain name - to be used instead of the arcane IP address. For instance, you only need to type https://icann.org to reach our website, instead of the IP address 192.0.43.7.

Any malicious activity aimed at disrupting the DNS infrastructure or causing the DNS to operate in an unintended manner. Abusive activities include corrupting DNS zone data, gaining administrative control of a name server, and flooding the DNS with thousands of messages to degrade name-resolution services.

A form of attack in which a cyberattacker uses the DNS channel to evade an organization’s network security systems. In an attack through the DNS channel, attackers use specially crafted DNS queries to download malware onto infected computers. They can also use this technique to extract sensitive information from infected computers inside one or more organizations.

A regional conference where individuals and groups that are key stakeholders in the DNS meet and discuss issues of relevance to their region. Regional and global Internet organizations sponsor DNS Forums in various regions around the world. Key to ICANN's regional outreach efforts, these forums raise awareness and foster collaboration among regional stakeholders and encourage involvement in ICANN’s multistakeholder process.

Any activity that uses the DNS protocol or the domain name registration process to carry out malicious or illegal activity. Misuse activities include hijacking domain names, registering domain names to sell counterfeit merchandise, using the DNS to distribute spam, and exploiting the DNS protocol to launch denial-of-service attacks.

A request that a DNS client (usually a resolver) submits to a name server to obtain information from the Domain Name System.

A DNS query often contains a request for the Internet Protocol (IP) address of a specific host or domain name. For this type of query, the name server responds with either 1) the requested IP address, 2) the IP address of the next name server in the path of authority, or 3) an NXDOMAIN error code, which signals that the requested host or domain name does not exist.

A technique in which an attacker sends a request to a name server using a falsified (spoofed) source Internet Protocol (IP) address. The spoofed IP address not only conceals the location of the attacker, it also causes the name server to direct responses to the attacker’s intended target.

Attackers often use this technique in denial-of-service attacks to flood a targeted name server with query traffic.

An attack in which the attacker continuously queries a name server with the intent of depleting a resource that is essential to the server’s operation. In one type of exhaustion attack, the attacker continuously opens connections on a name server, but does not complete the connection process for any of them. The incomplete connections eventually consume available memory on the name server, preventing it from opening any legitimate connections.

An attack on the DNS in which the operator of a name server manipulates response messages to queries for nonexistent domain names. Instead of delivering the response message to the Internet user, the name server delivers a synthesized message that contains an Internet Protocol (IP) address selected by the operator.

Operators that manipulate DNS response messages in this way often redirect users to sites that provide a search engine or sites that display pay-per-click advertising.

A file that identifies domain names that are known (or suspected) to resolve to Internet Protocol (IP) addresses that host botnet command-and-control servers or other malicious content.

Zone administrators in the DNS deploy RPZs to create firewalls around their recursive resolvers. The resolvers check the RPZ when they receive requests to resolve domain names. If a requested domain appears in the RPZ, the resolver can return an error message or redirect the requestor to a web page that provides malware detection and remediation instructions.

A technology that helps secure domain name lookups by incorporating a chain of digital signatures into the lookup process. Using DNSSEC, resolvers can determine whether the query responses they receive have been generated by authenticated DNS servers. By accepting only authenticated query results, resolvers can prevent attackers from hijacking the lookup process and directing Internet users to deceptive websites. Full deployment of DNSSEC ensures that users are connected to the Internet Protocol (IP) address that genuinely corresponds to the domain name specified in a uniform resource locator (URL).

A technique that attackers use to magnify the effect of a cyberattack on a name server or resolver. With this technique, attackers amplify DNS traffic by issuing queries that deliver huge response messages to the targeted name server or resolver.

An attack in which the attacker takes advantage of a vulnerability (e.g., a bug or a security hole) in the DNS server software. Some attackers use this form of attack to disable a name server. For example, they might craft an unorthodox DNS message to cause a targeted name server to fail. Other attackers exploit vulnerabilities that allow them to gain administrative control over a name server.

A segment of the DNS namespace to which administrative authority has been delegated. For example, when sections of the root zone are delegated as top-level domains (TLDs), each TLD becomes an independently administered DNS zone. Likewise, when a TLD divides its namespace into second-level domains, it generally delegates administrative authority to each of those domains, thus creating additional DNS zones.

A parent domain at any level in the DNS hierarchy can optionally delegate administrative authority to any or all its subdomains (children). A zone always starts at a domain boundary and includes a zone file identifies the host servers over which it has administrative authority. A zone ends at the boundary of another independently administered zone.