Select Page

Computer security blogger Dave Piscitello of Hilton Head Island, S.C. (“The Security Skeptic”) ran an interesting piece: “Nine ways to mitigate malicious domains.” It’s a list of proposals that ICANN has collected from the security community that it will consider for new rules for top level domain applicants. It’s an effort to help prevent the establishment of malicious web sites.

ICANN is taking public comments at:

Dave said the suggestions under consideration are:

— Vetting registry operators to filter out criminal organizations. (Recommended by the Anti-Phishing Working Group and others.)

— Demonstrated plan for the deployment of Domain Name System Security Extensions. This would require written plans for signing zone files and delegations (domain names registered in its top level domain.).

— Prohibition of redirection by top level domains. (ICANN’s SSAC, the ICANN Board of Directors) “…applicants must return negative responses when a DNS query is made to a non-existent domain and must not synthesize (redirect) queries for error resolution or advertising purposes.”

— Removal of orphan glue records. “Orphaned glue records frequently point to name servers that host malicious domains. This measure requires applicants to explain the policy they will enforce to ensure that a name server record in a delegation will not persist in the TLD zone file when the parent domain name is deleted from the zone.”

— A requirement for detailed Whois records.

— Centralization of zone file access. Presently, applications must contract with top level domain registries to get FTP access to zone files.

— Documented registry level abuse contacts and procedures.

— Participation in the Expedited Registry Security Request process to help ICANN and registries to maintain security during an incident.

— Establishment of High Security Zones Verification.

See Dave’s blog piece here.

Thanks Dave

Tom Kelchner