Knowledge-sharing and Instantiating Norms for DNS and Naming Security

Knowledge-sharing and Instantiating Norms for DNS and Naming Security (KINDNS, pronounced kindness) is an ICANN initiative to produce a simple reference to help a wide variety of DNS operators understand the evolution of the DNS protocol and the best practices identified in the industry for cybersecurity and effective DNS operations.^[1] It relies on a self-assessment tool that walks users through a series of questions to help them understand where they are positioned in the scale of the practices that the framework promotes.^[2]

The KINDNS website provides references to other tools and guidelines that can help you improve or validate your operational practices – no matter what type of operator you are.

Related initiatives: Mutually Agreed Norms for Routing Security (MANRS)
Led by Adiel Akplogan

Background[edit | edit source]

KINDNS refers to an effort to develop a new framework to clarify and communicate DNS operational best practices so as to encourage operators to adopt and promote them.^[3] It comes as a response to ICANN’s FY21-25 strategic goals emphasize promoting DNS security (See Goals 1.1.c and 1.3.a, b, and c). The ICANN Community has recognized the need to improve the security of the DNS and the global adoption of open standards and best practices.^[4] The initiative is an acknowledgment of the difficulty of getting operators to implement security features at the same level. Small operators struggle to keep up with the continuous evolution of security measures, and major operators implement only the measures that align with their specific business goals.

Goals[edit | edit source]

KINDNS focuses only on the most important operational best practices and concrete instances of them. The first step is to identify and document a set of mutually agreed norms to support a secure DNS ecosystem. The next step is to develop an outreach and communication program to promote their adoption. The project's first targets are DNS Operators of Authoritative and Resolvers services and DNS software vendors.

Milestones[edit | edit source]

Identify key DNS Operational Security best practices
Document best practices and implementation guidelines
Develop a multilingual website for the initiative
Enroll sponsors and operators as early adopters
Develop tools for self-assessment
Develop an observatory platform for DNS security indicators
Maintain a live community

Early Adopters[edit | edit source]

Since the site went live in September 2022, there have been several early adopters, including TLD & Critical Zone Operators, SLD Operators, Private Resolver Operators, Shared Private Resolver Operators, and Public Resolver Operators.^[5]

References[edit | edit source]

ICANNWiki resources: Content Guide | Documentation | Development || Maintenance: Articles needing attention | Candidates for deletion || Projects: Internet & Digital Governance Library

[1] KINDNS presentation, IDS 2021

[2] We are live, KINDNS.org

[3] KINDNS.org

[4] KINDNS Wiki, ICANN Community

[5] Participants, KINDNS

[1]

[2]

[3]

[4]

[5]