Knowledge-sharing and Instantiating Norms for DNS and Naming Security

Knowledge-sharing and Instantiating Norms for DNS and Naming Security (KINDNS, pronounced kindness) is an ICANN initiative to produce a simple reference to help a wide variety of DNS operators understand the evolution of the DNS protocol and the best practices identified in the industry for cybersecurity and effective DNS operations.[1] It relies on a self-assessment tool that walks users through a series of questions to help them understand where they are positioned in the scale of the practices that the framework promotes.[2]

The KINDNS website provides references to other tools and guidelines that can help you improve or validate your operational practices – no matter what type of operator you are.

Background edit

KINDNS refers to an effort to develop a new framework to clarify and communicate DNS operational best practices so as to encourage operators to adopt and promote them.[3] It comes as a response to ICANN’s FY21-25 strategic goals emphasize promoting DNS security (See Goals 1.1.c and 1.3.a, b, and c). The ICANN Community has recognized the need to improve the security of the DNS and the global adoption of open standards and best practices.[4] The initiative is an acknowledgment of the difficulty of getting operators to implement security features at the same level. Small operators struggle to keep up with the continuous evolution of security measures, and major operators implement only the measures that align with their specific business goals.

Goals edit

KINDNS focuses only on the most important operational best practices and concrete instances of them. The first step is to identify and document a set of mutually agreed norms to support a secure DNS ecosystem. The next step is to develop an outreach and communication program to promote their adoption. The project's first targets are DNS Operators of Authoritative and Resolvers services and DNS software vendors.

Milestones edit

  1. Identify key DNS Operational Security best practices
  2. Document best practices and implementation guidelines
  3. Develop a multilingual website for the initiative
  4. Enroll sponsors and operators as early adopters
  5. Develop tools for self-assessment
  6. Develop an observatory platform for DNS security indicators
  7. Maintain a live community

Early Adopters edit

Since the site went live in September 2022, there have been several early adopters, including TLD & Critical Zone Operators, SLD Operators, Private Resolver Operators, Shared Private Resolver Operators, and Public Resolver Operators.[5]

References edit