Jump to content

DNS Abuse Responses: Difference between revisions

From ICANNWiki
Jessica (talk | contribs)
Jessica (talk | contribs)
No edit summary
Line 21: Line 21:


==Points of View==
==Points of View==
Every type of Internet user has worries over DNS Abuse and the responses to it. For instance, there is an ongoing multistakeholder debate over where to draw the line between technical abuse and content abuse.  
Every type of Internet user has worries over DNS Abuse and the responses to it. For instance, there is an ongoing multistakeholder debate over where to draw the line between technical abuse and content abuse. Moreover, there are technical limits on what each type of stakeholder can do to stop abuse.
    
    
===Social Scientists===
===Social Scientists===
Line 57: Line 57:
===Internet Governance Organizations===
===Internet Governance Organizations===
====ICANN====
====ICANN====
So far, ICANN has been steadfast in its focus on technical DNS abuse and avoidance of policymaking around content abuse. ICANN's determination of the org's definition for DNS Abuse is based on the work product of GAC and the base gTLD Registry Agreement. Thus, ICANN considers DNS security threats to be limited to attacks involving phishing, malware, botnet command and control, pharming, and spam as a vector.<ref>[https://www.icann.org/en/blogs/details/update-on-icanns-dns-security-threat-mitigation-program-19-7-2021-en Update on DNS Security Threats, ICANN Org]</ref> As recently as [[ICANN 71]], the ICANN board was criticized by members of the [[ALAC]], the [[BC]], and other [[Internet Governance]] bodies for not doing enough to steward contracted parties and non-contracted parties toward involvement in reducing abuse.  
So far, ICANN has been steadfast in its focus on technical DNS abuse and avoidance of policymaking around content abuse. ICANN's determination of the org's definition for DNS Abuse is based on the work product of GAC and the base gTLD Registry Agreement. Thus, ICANN considers DNS security threats to be limited to attacks involving phishing, malware, botnet command and control, pharming, and spam as a vector.<ref>[https://www.icann.org/en/blogs/details/update-on-icanns-dns-security-threat-mitigation-program-19-7-2021-en Update on DNS Security Threats, ICANN Org]</ref> As recently as [[ICANN 71]], the ICANN board was criticized by members of the [[ALAC]], the [[BC]], and other [[Internet Governance]] bodies for not doing enough to steward contracted parties and non-contracted parties toward involvement in reducing abuse. However, ICANN and [[SSAC]], in particular, have begun pointing to [[SAC115]] and [[DAAR]] as evidence of their work on addressing DNS abuse.
However, ICANN and [[SSAC]], in particular, have begun pointing to [[SAC115]] and [[DAAR]] as evidence of their work on addressing DNS abuse.
Parts of ICANN Org, Board, and Community dedicated to resolving DNS Abuse issues:
 
:*[[OTCO]] monitors gTLD zone files and runs
:*[[SSAC]] advises on the stability and security of the DNS, and
:*[[Contractual Compliance]] is not beholden to the DNS Abuse Framework; instead, the office can reprimand registrars or registries that do not maintain abuse contacts (or a webform) to receive abuse complaints or promptly investigate allegations of DNS Abuse in good faith.
*[[TTL]] on [[Domain Abuse Activity Reporting|DAAR]]-listed domains
====IGF====
====IGF====
====DNS Abuse Institute====
====DNS Abuse Institute====
Line 65: Line 68:


===Private Sector===
===Private Sector===
====Registars====
====Registries and Registars====
====Registries====
 
*The [[DNS Abuse Framework]] was developed by registries and registrars. The framework discourages a registry or registrar from taking action against domains, except in certain types of Website Content Abuse:
# child sexual abuse materials,
# illegal distribution of opioids online,
# human trafficking, or
# specific, credible incitements to violence
 
====BC====
====BC====
The business community wants  
The business community wants  
====IP====
====IP====

Revision as of 13:21, 21 July 2021

DNS Abuse Responses are the various tools, methods, collaboration, and philosophies spawning from DNS Abuse itself.

Overview[edit | edit source]

There are four time-related categories of responses to DNS Abuse:

  1. reactionary detection and removal of sources of abuse (necessarily after the fact),
  2. cotemporal efforts to mitigate the amount and likelihood of abuse or its impact,
  3. future-focused work on stopping abuse before it can happen, and
  4. ongoing allowance of abuse for ideological or jurisdictional reasons.

Response Options[edit | edit source]

Reactionary Removal[edit | edit source]

Cotemporal Mitigation[edit | edit source]

Future Prevention[edit | edit source]

Intentional Inaction[edit | edit source]

Points of View[edit | edit source]

Every type of Internet user has worries over DNS Abuse and the responses to it. For instance, there is an ongoing multistakeholder debate over where to draw the line between technical abuse and content abuse. Moreover, there are technical limits on what each type of stakeholder can do to stop abuse.

Social Scientists[edit | edit source]

Governments/Intergovernmental Organizations[edit | edit source]

IGO responses generally see DNS Abuse as a facet of Cybercrime. Government responses tend to focus on what can be adjudicated; include content abuse, such as child pornography; and outline how and when electronic evidence can be collected.

Objectives[edit | edit source]

Pro-Mitigation[edit | edit source]


Pro-Privacy[edit | edit source]
  • Pro-privacy legislation, such as the GDPR, limits access to natural persons' data.

Government Responses[edit | edit source]

Domestic Legislation[edit | edit source]

In the U.S., cybersecurity legislation thus far has focused on standardizing and formalizing preventative measures.[1] Congress passed

Case Type[edit | edit source]

Civil[edit | edit source]
Criminal[edit | edit source]
Responding to State-Sponsored Cyberattacks[edit | edit source]

Technical Community[edit | edit source]

Internet Governance Organizations[edit | edit source]

ICANN[edit | edit source]

So far, ICANN has been steadfast in its focus on technical DNS abuse and avoidance of policymaking around content abuse. ICANN's determination of the org's definition for DNS Abuse is based on the work product of GAC and the base gTLD Registry Agreement. Thus, ICANN considers DNS security threats to be limited to attacks involving phishing, malware, botnet command and control, pharming, and spam as a vector.[3] As recently as ICANN 71, the ICANN board was criticized by members of the ALAC, the BC, and other Internet Governance bodies for not doing enough to steward contracted parties and non-contracted parties toward involvement in reducing abuse. However, ICANN and SSAC, in particular, have begun pointing to SAC115 and DAAR as evidence of their work on addressing DNS abuse. Parts of ICANN Org, Board, and Community dedicated to resolving DNS Abuse issues:

  • OTCO monitors gTLD zone files and runs
  • SSAC advises on the stability and security of the DNS, and
  • Contractual Compliance is not beholden to the DNS Abuse Framework; instead, the office can reprimand registrars or registries that do not maintain abuse contacts (or a webform) to receive abuse complaints or promptly investigate allegations of DNS Abuse in good faith.

IGF[edit | edit source]

DNS Abuse Institute[edit | edit source]

Currently, this newcomer is entirely focused on creating an interoperable framework to reduce DNS abuse. The DNSAI acknowledges there are two options for reducing security threats: proactive and reactive methods. The institute is currently putting more of its energy into developing reactive tools because they can be used by anti-abuse or compliance personnel without requiring integration in registration platforms and thus, broad buy-in should be easier to secure.[4]

Private Sector[edit | edit source]

Registries and Registars[edit | edit source]

  • The DNS Abuse Framework was developed by registries and registrars. The framework discourages a registry or registrar from taking action against domains, except in certain types of Website Content Abuse:
  1. child sexual abuse materials,
  2. illegal distribution of opioids online,
  3. human trafficking, or
  4. specific, credible incitements to violence

BC[edit | edit source]

The business community wants

IP[edit | edit source]

Intellectual property lawyers

ISPCP[edit | edit source]

Internet Service and Connectivity providers

Reputation Industry[edit | edit source]

End Users[edit | edit source]

End users, even those who work in the DNS industry, need help managing DNS Abuse mainly because of the timeless effectiveness of Social Engineering Attacks. For instance, at the end of 2020, GoDaddy notoriously tested its workers to see if they would share sensitive information after clicking on dubious links from a spoofed email.[5]

References[edit | edit source]

References[edit | edit source]