Knowledge-sharing and Instantiating Norms for DNS and Naming Security
Knowledge-sharing and Instantiating Norms for DNS and Naming Security (KINDNS, pronounced kindness) is an ICANN initiative to produce a simple reference to help a wide variety of DNS operators understand the evolution of the DNS protocol and the best practices identified in the industry for cybersecurity and effective DNS operations.[1] It relies on a self-assessment tool that walks users through a series of questions to help them understand where they are positioned in the scale of the practices that the framework promotes.[2]
The KINDNS website provides references to other tools and guidelines that can help you improve or validate your operational practices – no matter what type of operator you are.
- Related initiatives: Mutually Agreed Norms for Routing Security (MANRS)
- Led by Adiel Akplogan
Background edit
KINDNS refers to an effort to develop a new framework to clarify and communicate DNS operational best practices so as to encourage operators to adopt and promote them.[3] It comes as a response to ICANN’s FY21-25 strategic goals emphasize promoting DNS security (See Goals 1.1.c and 1.3.a, b, and c). The ICANN Community has recognized the need to improve the security of the DNS and the global adoption of open standards and best practices.[4] The initiative is an acknowledgment of the difficulty of getting operators to implement security features at the same level. Small operators struggle to keep up with the continuous evolution of security measures, and major operators implement only the measures that align with their specific business goals.
Goals edit
KINDNS focuses only on the most important operational best practices and concrete instances of them. The first step is to identify and document a set of mutually agreed norms to support a secure DNS ecosystem. The next step is to develop an outreach and communication program to promote their adoption. The project's first targets are DNS Operators of Authoritative and Resolvers services and DNS software vendors.
Milestones edit
- Identify key DNS Operational Security best practices
- Document best practices and implementation guidelines
- Develop a multilingual website for the initiative
- Enroll sponsors and operators as early adopters
- Develop tools for self-assessment
- Develop an observatory platform for DNS security indicators
- Maintain a live community
Early Adopters edit
Since the site went live in September 2022, there have been several early adopters, including TLD & Critical Zone Operators, SLD Operators, Private Resolver Operators, Shared Private Resolver Operators, and Public Resolver Operators.[5]