Knowledge-sharing and Instantiating Norms for DNS and Naming Security
Knowledge-sharing and Instantiating Norms for DNS and Naming Security (KINDNS, pronounced kindness) is an ICANN initiative to produce a simple reference to help a wide variety of DNS operators understand the evolution of the DNS protocol and the best practices identified in the industry for cybersecurity and effective DNS operations.[1]
- Related initiatives: Mutually Agreed Norms for Routing Security (MANRS)
- Led by Adiel Akplogan
Background
KINDNS refers to an effort to develop a new framework to clarify and communicate DNS operational best practices so as to encourage operators to adopt and promote them. It comes as a response to [[[ICANN]]’s FY21-25 strategic goals emphasize promoting DNS security (See Goals 1.1.c and 1.3.a, b, and c). The ICANN Community has recognized the need to improve the security of the DNS and the global adoption of open standards and best practices.[2] The initiative is an acknowledgment of the difficulty of getting operators to implement security features at the same level. Small operators struggle to keep up with the continuous evolution of security measures, and major operators implement only the measures that align with their specific business goals.
Goals
KINDNS focuses only on the most important operational best practices and concrete instances of them. The first step is to identify and document a set of mutually agreed norms to support a secure DNS ecosystem. The next step is to develop an outreach and communication program to promote their adoption. The project's first targets are DNS Operators of Authoritative and Resolvers services and DNS software vendors.
Milestones
- Identify key DNS Operational Security best practices
- Document best practices and implementation guidelines
- Develop a multilingual website for the initiative
- Enroll sponsors and operators as early adopters
- Develop tools for self-assessment
- Develop an observatory platform for DNS security indicators
- Maintain a live community