The NGPC approved the Name Collision Occurrence Management Framework on 30 July 2014 that puts new requirements on registries to mitigate name collision issues.
This session explains what registries are expected to implement, and discuss feedback from those in the community on their experiences so far. It also aims to clarify any points of confusion – such as how RPMs can be treated in relation to this new Framework and how both sets of requirements can be adhered to simultaneously.
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)Dan York
In this talk to the IEPG session at IETF 93 in Prague on 19 July 2015, I outlined some of the challenges associated with deploying new crypto algorithms within DNSSEC and what we potentially need to do to address these challenges.
DNSSEC - Domain Name System Security ExtensionsPeter R. Egli
Overview of DNSSEC protocol.
DNS is a pivotal infrastructure in TCP/IP based networks. An outage of the DNS system would bring entire networks to a grinding halt.
When DNS was devised in the early days of the Internet, security had no importance. Therefore, DNS is entirely unsecured which means it offers countless attack vectors to hack and crack a network.
Common attacks are DNS cache poisoning, i.e. adding false entries in DNS databases thus diverting the unsuspecting user to a malicious server and man in the middle attacks.
To secure DNS, an extension was defined in the form of DNSSEC. It uses state-of-the-art security algorithms to authenticate and digitally sign requests and responses so that a DNS resolver is able to verify legitimate DNS responses.
The adoption rate of DNSSEC is still slow, but is gradually picking up speed.
The CAA-Record for increased encryption securityMen and Mice
The CAA Record (Certification Authority Authorization) is used to signal which certification authority (CA) can issue an x509 certificate for a given domain. CAA creates a DNS mechanism that enables domain name owners to whitelist CAs that are allowed to issue certificates for their hostnames.
Starting from September 2017, certificate issuing CA must support the CAA record.
This explains the CAA record, how it works, how to enter CAA into a zone and how certification authorities are about to use the record.
Early Detection of Malicious Activity—How Well Do You Know Your DNS?Priyanka Aash
The Domain Name System is deceptively simple and often underutilized as a security tool. Once you start looking under the cover there is a wealth of detail that can be used as an early warning system to predict new targeted attacks. In this session Farsight Security CTO Merike Kaeo will provide a detailed look at how DNS information can be used to indicate suspicious activity and prevent attacks.
Learning Objectives:
1: Understand how DNS can be utilized as early warning system for attacks.
2: Understand how to mitigate against attacks utilizing DNS infrastructure.
3: Understand importance of DNS as a security tool.
(Source: RSA Conference USA 2018)
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)Dan York
In this talk to the IEPG session at IETF 93 in Prague on 19 July 2015, I outlined some of the challenges associated with deploying new crypto algorithms within DNSSEC and what we potentially need to do to address these challenges.
DNSSEC - Domain Name System Security ExtensionsPeter R. Egli
Overview of DNSSEC protocol.
DNS is a pivotal infrastructure in TCP/IP based networks. An outage of the DNS system would bring entire networks to a grinding halt.
When DNS was devised in the early days of the Internet, security had no importance. Therefore, DNS is entirely unsecured which means it offers countless attack vectors to hack and crack a network.
Common attacks are DNS cache poisoning, i.e. adding false entries in DNS databases thus diverting the unsuspecting user to a malicious server and man in the middle attacks.
To secure DNS, an extension was defined in the form of DNSSEC. It uses state-of-the-art security algorithms to authenticate and digitally sign requests and responses so that a DNS resolver is able to verify legitimate DNS responses.
The adoption rate of DNSSEC is still slow, but is gradually picking up speed.
The CAA-Record for increased encryption securityMen and Mice
The CAA Record (Certification Authority Authorization) is used to signal which certification authority (CA) can issue an x509 certificate for a given domain. CAA creates a DNS mechanism that enables domain name owners to whitelist CAs that are allowed to issue certificates for their hostnames.
Starting from September 2017, certificate issuing CA must support the CAA record.
This explains the CAA record, how it works, how to enter CAA into a zone and how certification authorities are about to use the record.
Early Detection of Malicious Activity—How Well Do You Know Your DNS?Priyanka Aash
The Domain Name System is deceptively simple and often underutilized as a security tool. Once you start looking under the cover there is a wealth of detail that can be used as an early warning system to predict new targeted attacks. In this session Farsight Security CTO Merike Kaeo will provide a detailed look at how DNS information can be used to indicate suspicious activity and prevent attacks.
Learning Objectives:
1: Understand how DNS can be utilized as early warning system for attacks.
2: Understand how to mitigate against attacks utilizing DNS infrastructure.
3: Understand importance of DNS as a security tool.
(Source: RSA Conference USA 2018)
APNIC Product Manager, Registry Services George Michaelson present on why RPKI really matters at the 2nd ICANN APAC-TWNIC Engagement Forum, held from 15 to 16 April 2021.
ION Tokyo slides for "The Business Case for Implementing DNSSEC" by Dan York (Internet Society).
DNSSEC helps prevent attackers from subverting and modifying DNS messages and sending users to wrong (and potentially malicious) sites. So what needs to be done for DNSSEC to be deployed on a large scale? We’ll discuss the business reasons for, and financial implications of, deploying DNSSEC, from staying ahead of the technological curve, to staying ahead of your competition, to keeping your customers satisfied and secure on the Internet. We’ll also examine some of the challenges operators have faced and the opportunities to address those challenges and move deployment forward.
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSMen and Mice
The focus of this webinar will be to take a deeper look into this local name-resolution system and the implementations for other Unix systems like Linux and FreeBSD. Linux’s new über-Daemon “systemd” supports both mDNS and the Windows LLMNR (Link-Local-Multicast-Name-Resolution). We will also show how well a Systemd-Linux behaves in heterogenous networks running both Windows and macOS.
This is a presentation about DNS Cache Poisoning which was presented to the Grey H@t club at Georgia Tech. It covers the basics of DNS, how DNS is vulnerable, the effect of exploiting DNS, and the Kaminsky attack.
Building an IP Reputation Engine: Tracking the MiscreantsAlienVault
The AlienVault Open Threat Exchange™ (AV-OTX™) is a system for sharing threat intelligence among OSSIM users and AlienVault customers. Go behind the scenes and find out how it works!
Guillermo Grande y Alberto Ortega - Building an IP reputation engine, trackin...RootedCON
La presentación tratará acerca del sistema de reputación IP, accesible de forma libre, desarrollado en Alienvault. Se explicará el funcionamiento de todas sus partes, lo que incluye sus fuentes de información, las metodologías de recopilación de datos y el procesado de los mismos. Se tratarán temas como análisis automatizado de malware, algoritmos para perfilar datos y evitar falsos positivos, la forma de recibir retroalimentación, el uso de recursos muy diferentes en el sistema, así como las dificultades que hemos tenido a la hora de desarrollarlo.
2nd ICANN APAC-TWNIC Engagement Forum: DNS OblivionAPNIC
APNIC Chief Scientist Geoff Huston gives an overview of the complex many-layered model of DNS security, and a new emerging world of choices for protecting traffic, hiding queries, and the future trends in ISP provided, and independent third-party DNS services at the 2nd ICANN APAC-TWNIC Engagement Forum, held from 15 to 16 April 2021.
The Domain Name System (DNS) is a critical part of Internet infrastructure and the largest distributed Internet directory service. DNS translates names to IP addresses, a required process for web navigation, email delivery, and other Internet functions. However, the DNS infrastructure is not secure enough unless the security mechanisms such as Transaction Signatures (TSIG) and DNS Security Extensions (DNSSEC) are implemented. To guarantee the availability and the secure Internet services, it is important for networking professionals to understand DNS concepts, DNS Security, configurations, and operations.
This course will discuss the concept of DNS Operations in detail, mechanisms to authenticate the communication between DNS Servers, mechanisms to establish authenticity, and integrity of DNS data and mechanisms to delegate trust to public keys of third parties. Participant will be involved in Lab exercises and do configurations based on number of scenarios.
APNIC Product Manager, Registry Services George Michaelson present on why RPKI really matters at the 2nd ICANN APAC-TWNIC Engagement Forum, held from 15 to 16 April 2021.
ION Tokyo slides for "The Business Case for Implementing DNSSEC" by Dan York (Internet Society).
DNSSEC helps prevent attackers from subverting and modifying DNS messages and sending users to wrong (and potentially malicious) sites. So what needs to be done for DNSSEC to be deployed on a large scale? We’ll discuss the business reasons for, and financial implications of, deploying DNSSEC, from staying ahead of the technological curve, to staying ahead of your competition, to keeping your customers satisfied and secure on the Internet. We’ll also examine some of the challenges operators have faced and the opportunities to address those challenges and move deployment forward.
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSMen and Mice
The focus of this webinar will be to take a deeper look into this local name-resolution system and the implementations for other Unix systems like Linux and FreeBSD. Linux’s new über-Daemon “systemd” supports both mDNS and the Windows LLMNR (Link-Local-Multicast-Name-Resolution). We will also show how well a Systemd-Linux behaves in heterogenous networks running both Windows and macOS.
This is a presentation about DNS Cache Poisoning which was presented to the Grey H@t club at Georgia Tech. It covers the basics of DNS, how DNS is vulnerable, the effect of exploiting DNS, and the Kaminsky attack.
Building an IP Reputation Engine: Tracking the MiscreantsAlienVault
The AlienVault Open Threat Exchange™ (AV-OTX™) is a system for sharing threat intelligence among OSSIM users and AlienVault customers. Go behind the scenes and find out how it works!
Guillermo Grande y Alberto Ortega - Building an IP reputation engine, trackin...RootedCON
La presentación tratará acerca del sistema de reputación IP, accesible de forma libre, desarrollado en Alienvault. Se explicará el funcionamiento de todas sus partes, lo que incluye sus fuentes de información, las metodologías de recopilación de datos y el procesado de los mismos. Se tratarán temas como análisis automatizado de malware, algoritmos para perfilar datos y evitar falsos positivos, la forma de recibir retroalimentación, el uso de recursos muy diferentes en el sistema, así como las dificultades que hemos tenido a la hora de desarrollarlo.
2nd ICANN APAC-TWNIC Engagement Forum: DNS OblivionAPNIC
APNIC Chief Scientist Geoff Huston gives an overview of the complex many-layered model of DNS security, and a new emerging world of choices for protecting traffic, hiding queries, and the future trends in ISP provided, and independent third-party DNS services at the 2nd ICANN APAC-TWNIC Engagement Forum, held from 15 to 16 April 2021.
The Domain Name System (DNS) is a critical part of Internet infrastructure and the largest distributed Internet directory service. DNS translates names to IP addresses, a required process for web navigation, email delivery, and other Internet functions. However, the DNS infrastructure is not secure enough unless the security mechanisms such as Transaction Signatures (TSIG) and DNS Security Extensions (DNSSEC) are implemented. To guarantee the availability and the secure Internet services, it is important for networking professionals to understand DNS concepts, DNS Security, configurations, and operations.
This course will discuss the concept of DNS Operations in detail, mechanisms to authenticate the communication between DNS Servers, mechanisms to establish authenticity, and integrity of DNS data and mechanisms to delegate trust to public keys of third parties. Participant will be involved in Lab exercises and do configurations based on number of scenarios.
This course provides a strong background about JAVA programming language in the field of computing. The course begins with an introductory overview of the Computer and programs, with distinguishes the terms API, IDE and JDK, and gives a comprehensive knowledge about Java development kits and Java integrative development environments like eclipse and NetBeans. Furthermore, the course prepares student to write, compile, run and develop Java applications which are used to find out the solution for several real life problems, in conjunction with using GUI to obtain input, process and display outputs like message dialog boxes, input dialog boxes, confirmation dialog and so on.
JAVA is a computer programming language that is concurrent, class-based, object-oriented, and specifically designed to have as few implementation dependencies as possible.
The aim of this course is to explore Java programming fundamentals related to write, compile, run and develop Java applications that are used to discover the solution for several real life problems.
The official learning outcome for this course is: Upon successful completion of the course the students:
• Must know the basic concepts related JAVA programming language.
• Must know how to write, compile, run and develop java applications.
A combination of lectures and practical sessions will be used in this course in order to achieve the aim of the course.
By MSc. Karwan Mustafa Kareem
Reid Dennis was among the first American's to set foot in Hiroshima and Nagasaki after the bombing. These are the pictures he brought back from his experience.
Superfunds Magazine - Ready to take on the worldChloe Tilley
What is the true impact of globalisation on Australian equity investing? As globalisation and the rise of technology mean geographical isolation is no longer a barrier to offshore investment, Tim Samway contributes to Superfunds Magazine to take a look at where we are now and where we should be heading.
وصف لتجربة إعداد فيلم لتدريب الطلاب الجدد على استخدام المراجع بجامعة ليدز عام 1986م, إلا أن العرض تطرق لتطور المواد السمعبصرية مرورا بالوسائط المتعددة, ووصولاً للوسائط الفائقة
Demystifying SharePoint Infrastructure – for NON-IT People SPC Adriatics
This talk is specifically for NON-SharePoint infrastructure administrators (or for new ones still figuring things out)! Instead it’s for the rest of the SharePoint team – come learn about the basic building blocks of SharePoint infrastructure – things like DNS, load balancing, AD, high availability and disaster recovery, backup options, database options, and some of the core components of Windows in an understandable way so you can speak the lingo and seem really smart!
Zvonimir Mavretić
Get an overview of the Domain Name System (DNS) one of the pillars of the Internet and understand the internal security issues of the DNS as well as the crucial role it plays in cybersecurity.
Who are you really calling? When we we use VoIP systems, how can we be sure we are talking to the correct people? Particularly as we increasingly move communications to IP? In this presentation at SIPNOC 2013, Dan York introduced the ideas around DNSSEC and DANE and asked questions around how these might potentially be used to add an additionally layer of security for VoIP.
For more info, see:
http://www.internetsociety.org/deploy360/dnssec/
A presentation on DNS concepts. It covers the topics DNS Introduction, DNS Hierarchy, DNS Resolution Process,
DNS Components, DNS Types, DNSSEC, DNS over TLS (DoT) & HTTPS (DoH), Oblivious DNS (ODoH).
Name Collision Mitigation Update from ICANN 49ICANN
Inform the community of the proposal to handle name collision on new TLDs and collect input.
Originally presented during the Name Collision Mitigation Update Session at ICANN 49 in Singapore.
Signing DNSSEC answers on the fly at the edge: challenges and solutionsAPNIC
Signing DNSSEC answers on the fly at the edge: challenges and solutions, by Jono Bergquist.
A presentation given at the APNIC 40 APOPS 2 session on Tue, 8 Sep 2015.
ION Bucharest, 12 October 2016 - DNSSEC helps prevent attackers from subverting and modifying DNS messages and sending users to wrong (and potentially malicious) sites. So what needs to be done for DNSSEC to be deployed on a large scale? We’ll discuss the business reasons for, and financial implications of, deploying DNSSEC, from staying ahead of the technological curve, to staying ahead of your competition, to keeping your customers satisfied and secure on the Internet. We’ll also examine some of the challenges operators have faced and the opportunities to address those challenges and move deployment forward.
ION Islamabad, 25 January 2017
By Champika Wijayatunga, ICANN
DNSSEC helps prevent attackers from subverting and modifying DNS messages and sending users to wrong (and potentially malicious) sites. So what needs to be done for DNSSEC to be deployed on a large scale? We’ll discuss the business reasons for, and financial implications of, deploying DNSSEC, from staying ahead of the technological curve, to staying ahead of your competition, to keeping your customers satisfied and secure on the Internet. We’ll also examine some of the challenges operators have faced and the opportunities to address those challenges and move deployment forward.
HSB - Secure DNS en BGP ontwikkelingen - Benno OvereinderSplend
Betrouwbaar DNS en BGP4 spelen een belangrijke rol bij het veilig afhandelen van Internet verkeer. Bij diverse gerenommeerde instanties (Netherlabs, SIDN Labs en NLnet Labs) zijn veilige versies hiervan ontwikkeld, welke nog dagelijks worden verbeterd. In deze presentatie worden de belangrijkste ontwikkelingen tegen het licht gehouden.
ICANN Expected Standards of Behavior | FrenchICANN
Those who take part in ICANN's multistakeholder process, including Board, staff and all those involved in Supporting Organization and Advisory Committee councils undertake to...
Those who take part in ICANN's multistakeholder process, including Board, staff and all those involved in Supporting Organization and Advisory Committee councils undertake to...
ICANN Expected Standards of Behavior | RussianICANN
Those who take part in ICANN's multistakeholder process, including Board, staff and all those involved in Supporting Organization and Advisory Committee councils undertake to...
ICANN Expected Standards of Behavior | ArabicICANN
Those who take part in ICANN's multistakeholder process, including Board, staff and all those involved in Supporting Organization and Advisory Committee councils undertake to...
ICANN Expected Standards of Behavior | ChineseICANN
Those who take part in ICANN's multistakeholder process, including Board, staff and all those involved in Supporting Organization and Advisory Committee councils undertake to...
ICANN Expected Standards of Behavior | SpanishICANN
Those who take part in ICANN's multistakeholder process, including Board, staff and all those involved in Supporting Organization and Advisory Committee councils undertake to...
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Gen Z and the marketplaces - let's translate their needsLaura Szabó
The product workshop focused on exploring the requirements of Generation Z in relation to marketplace dynamics. We delved into their specific needs, examined the specifics in their shopping preferences, and analyzed their preferred methods for accessing information and making purchases within a marketplace. Through the study of real-life cases , we tried to gain valuable insights into enhancing the marketplace experience for Generation Z.
The workshop was held on the DMA Conference in Vienna June 2024.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
Italy Agriculture Equipment Market Outlook to 2027harveenkaur52
Agriculture and Animal Care
Ken Research has an expertise in Agriculture and Animal Care sector and offer vast collection of information related to all major aspects such as Agriculture equipment, Crop Protection, Seed, Agriculture Chemical, Fertilizers, Protected Cultivators, Palm Oil, Hybrid Seed, Animal Feed additives and many more.
Our continuous study and findings in agriculture sector provide better insights to companies dealing with related product and services, government and agriculture associations, researchers and students to well understand the present and expected scenario.
Our Animal care category provides solutions on Animal Healthcare and related products and services, including, animal feed additives, vaccination
1. Text
Name Collision
Mitigation Update
#ICANN51
15 October 2014
Francisco Arias
Director, Technical Services
Global Domains Division
Karen Lentz
Director, Operations & Policy Research
Global Domains Division
2. Agenda
Text
• Introduction & Background
• Name Collision Occurrence
Management Framework
• Name Collision Occurrence
Assessment
• Rights Protection Mechanisms
• Next Steps
• Q&A
#ICANN51
4. Text
COMPANY.CORP
INTERNAL NETWORK
.EXAMPLE
!
%RE·V7HD+RXVH
www.company.example
RXWORRNFRPSDQH[DPSOH
PUBLIC WIFI
Private network configured in such a
way that could leak the request to the
public Domain Name System (DNS),
triggered by the use of a name in the
private network matching a name in the
public DNS.
PUBLIC DNS
NAME
COLLISION
RXWORRNFRPSDQH[DPSOH
!
NAME
COLLISION
User tries to access a service on a
private network when connected to the
Internet outside of that network.
Name Collision Basics
Private network configured
in such a way that could
“leak” the request to the
public Domain Name
System, when using a
name in a private network
that does not exist in the
public DNS
User tries to access
a service on a
private network
when connected to
the Internet outside
of that network.
company.example
.example does not exist
5. Text Name Collision Basics
COMPANY.CORP
INTERNAL NETWORK
.EXAMPLE
!
%RE·V7HD+RXVH
www.company.example
RXWORRNFRPSDQH[DPSOH
PUBLIC WIFI
Private network configured in such a
way that could leak the request to the
public Domain Name System (DNS),
triggered by the use of a name in the
private network matching a name in the
public DNS.
PUBLIC DNS
NAME
COLLISION
RXWORRNFRPSDQH[DPSOH
!
NAME
COLLISION
User tries to access a service on a
private network when connected to the
Internet outside of that network.
Private network configured
in such a way that could
“leak” the request to the
public Domain Name
System, when using a
name in a private network
that does not exist in the
public DNS
User tries to access
a service on a
private network
when connected to
the Internet outside
of that network.
company.example
.example does not exist
6. Text Name Collision Basics
COMPANY.CORP
INTERNAL NETWORK
.EXAMPLE
!
%RE·V7HD+RXVH
www.company.example
RXWORRNFRPSDQH[DPSOH
PUBLIC WIFI
Private network configured in such a
way that could leak the request to the
public Domain Name System (DNS),
triggered by the use of a name in the
private network matching a name in the
public DNS.
PUBLIC DNS
NAME
COLLISION
RXWORRNFRPSDQH[DPSOH
!
NAME
COLLISION
User tries to access a service on a
private network when connected to the
Internet outside of that network.
Private network configured
in such a way that could
“leak” the request to the
public Domain Name
System, when using a
name in a private network
matching a name in the
public DNS
User tries to access
a service on a
private network
when connected to
the Internet outside
of that network.
company.example
.example exists
7. 30 July NGPC Resolution
Text
1. Adopts the Framework and directs its implementation
2. Directs undertaking a consultation re: RPM
requirements for SLDs in block list, recorded in the
TMCH, which were withheld from allocation during
Sunrise or Claims
3. Consider policy work within GNSO re: long-term plan
to manage name collisions
4. Share information and best practices with ccTLDs
#ICANN51
9. ICANN Implementation of the Framework
Text
• Defer delegating .mail indefinitely (like .corp
and .home) and work within the IETF to reserve
those names permanently
• Produce information materials on name collision
o Make this information available on key web searches
• Work within IETF to identify IPv6 option
• Work with root server operators to measure and
store data that can be used for name collision
studies and prevention in the future
#ICANN51
10. ICANN Implementation of the Framework
Text
• Limit emergency response regarding name
collision where there is clear and present danger to
human life
• EBERO-like mechanism to cover registry
unresponsiveness in regard to name collision
reports
• Last resort procedure to remove TLD causing harm
(i.e., a dotless name) during the Controlled
Interruption period
#ICANN51
12. Name Collision Report Handling
Text
• Required for the first 2 years of the life of the TLD
• Respond within 2 hours of request from ICANN
• Requests to be delivered by ICANN to the Registry’s
emergency contacts by S/MIME signed email from name-collision-
#ICANN51
report@icann.org, followed by phone call
• Requests to temporarily:
1. Place a domain name in serverHold status; or
2. Remove wildcard records from DNS when doing wildcard controlled
interruption
In extraordinary circumstances, other remediation measures may be required
13. Controlled Interruption
Text
• Implement Controlled Interruption for 90 days
o Continuous interruption (i.e., not intermittent)
o Use loopback address (127.0.53.53)
o Add IPv6 option when available
• Names can be allocated and undergo Sunrise and
Claims during this period (subject to other
applicable provisions)
#ICANN51
14. TLD Wildcard Controlled Interruption
Text
• Mandatory for TLDs delegated on or after
18 August 2014 (Alternate Path to Delegation no
longer available)
• Option available to those delegated before
18 August 2014, only if TLD has no active
names (other than “nic”)
• Apex and wildcard A, MX, SRV, and TXT records
• No activation of names until after the 90-day controlled
interruption has been completed
#ICANN51
15. SLD Controlled Interruption
Text
• Aimed at TLDs delegated before 18 August 2014
that have activated names
• Uses A, MX, SRV, and TXT records for the SLDs in
block list during, at least, 90 days
• No other DNS records can be added for the SLDs
until after the 90-day controlled interruption has
been completed
• A TLD cannot switch between SLD and TLD
controlled interruption
#ICANN51
16. SLD Controlled Interruption Variations
Text
• ICANN considered the following requests:
ü Have wildcard records under the SLDs while in SLD
controlled interruption
§ Available since 22-Sep-2014 and strongly recommended
Ø Allow delegation of SLDs in block list to registry name
servers that implement SLD controlled interruption
§ Will be available beginning on 17-Nov-2014 00:00 UTC
#ICANN51
17. Flat SLD CI
Text
At first required “flat” SLD CI:
label.TLD.
3600
IN
A
127.0.53.53
label.TLD.
3600
IN
MX
10
your-‐dns-‐needs-‐immediate-‐
attention.TLD.
label.TLD.
3600
IN
SRV
10
10
0
your-‐dns-‐needs-‐
immediate-‐attention.TLD.
label.TLD.
3600
IN
TXT
Your
DNS
configuration
needs
immediate
attention
see
https://icann.org/namecollision
#ICANN51
18. Wildcard SLD CI
Text
Now strongly recommend adding “Wildcard”:
*.label.TLD.
3600
IN
A
127.0.53.53
*.label.TLD.
3600
IN
MX
10
your-‐dns-‐needs-‐immediate-‐
attention.label.TLD.
*.label.TLD.
3600
IN
SRV
10
10
0
your-‐dns-‐needs-‐
immediate-‐attention.label.TLD.
*.label.TLD.
3600
IN
TXT
Your
DNS
configuration
needs
immediate
attention
see
https://icann.org/namecollision
#ICANN51
19. Controlled Interruption Variations
Text
1. TLD Wildcard CI
2. SLD CI
2.1. In-TLD-Zone, Wildcard SLD CI
2.2. Delegation-to-Self, Wildcard SLD CI
2.3. In-TLD-Zone, Flat SLD CI
2.4. Delegation-to-Self, Flat SLD CI
http://newgtlds.icann.org/sites/default/files/agreements/name-collision-sld-controlled-
#ICANN51
interruption-12sep14-en.htm
20. Registry Agreement Waivers
Text
1) Section 2.2 of Specification 6 (e.g., to allow the use of
wildcard records); and
2) Section 1 of Exhibit A (e.g., to allow the use of A, MX, SRV,
and TXT records in the zone apex and SLDs)
Waivers are only for purposes of implementing the controlled
interruption and will cease upon termination of controlled
interruption in the TLD.
Other obligations remain while in controlled interruption (e.g.,
DNSSEC, providing RDDS services at whois.nic.tld)
#ICANN51
21. Starting Finalizing Controlled Interruption
Text
• Registries do not need to inform ICANN of the start
or end of their controlled interruption
• ICANN will monitor implementation and raise
exceptions with the registry
• Monitoring will be done primarily using the zone
files provided by registry
• Registries should ensure their zone file transfer to
ICANN is working
#ICANN51
22. Controlled Interruption Status Reports
Text
From ICANN CI monitoring:
• 344 TLDs in SLD CI
• 70 TLDs in TLD Wildcard CI
• 4 TLDs have not yet started CI
• https://www.icann.org/sites/default/files/ci-monitoring/
#ICANN51
citld-current.csv
• https://www.icann.org/sites/default/files/ci-monitoring/
citld-complete.csv
23. Web Ads Statistics
Text
Campaign dates: 24 July – 6 Oct 2014
• Impressions: 4,543
• Clicks: 399
• Click through rate: 8.78%
• #1 keyword: 127.0.53.53
#ICANN51
24. Reports of Harm
Text
• Received 13 reports so far
o 7 are search list related
o 4 are non-public DNS names
o 1 caused by configuration typo
o 1 unknown
• No reports involve harm to human life
#ICANN51
25. Next Steps
Text
• Work within the IETF to identify IPv6 option for
controlled interruption
• Work within the IETF to reserve
indefinitely .corp, .home, and .mail
• Work with root server operators to measure and store
data that can be used for name collision studies and
prevention in the future
• Reach out to GNSO regarding a long-term plan to
manage name collisions
• Share information and best practices with ccTLDs
regarding managing name collision risks in new TLDs
#ICANN51
26. Resources
Text
• Guide to Name Collision Identification and Mitigation
for IT Professionals
o https://www.icann.org/en/system/files/files/name-collision-mitigation-
#ICANN51
01aug14-en.pdf
• If suffering name collision, report it to ICANN
o https://forms.icann.org/en/help/name-collision/report-problems
• Report of signed RAs with delegation dates
o https://newgtlds.icann.org/newgtlds.csv
• For further information, consult:
o https://icann.org/namecollision
28. Community Consultation
Text
30 July 14 NGPC resolution directed staff to consult
with the community during the next 90 days from the
publication of these resolutions to address
appropriate rights protection mechanisms for names
included in a Registry Operator’s Alternate Path to
Delegation Report and recorded in the Trademark
Clearinghouse that Registry Operator withheld from
allocation during its Sunrise period or Claims period.
#ICANN51
29. Text Affected Names
In Trademark
Clearinghouse
On Second-level
Domain
Block List
Not made
available for
allocation
during Sunrise
or Claims
Names under
discussion
30. Exclusive Registration Period Proposal
Text
• Proposed by the Business Constituency,
Intellectual Property Constituency, and Registry
Stakeholder Group
• Registry would offer an exclusive registration
period for these names
• Targeted communications to support this process
• 90-day Claims period would not be applied to
release of SLD block list names
#ICANN51
31. Exclusive Registration Period Proposal
Text
RO should be allowed to choose one of two paths:
1) Opt into one of two batched waves of start dates for
exclusive registration periods
o Operate a 30-day exclusive registration period
o Provide 10 days advance notice of intent to join a wave
#ICANN51
30 day exclusive
registration period
30 day exclusive
registration period 10 days notice
32. Exclusive Registration Period Proposal (cont.)
Text
2) Requirements would mirror those of registry’s
original Sunrise:
• Registries not opting into a wave would provide an
exclusive registration period under the same provisions
as their original Sunrise period (i.e., Start-Date or End
Date)
#ICANN51
33. Exclusive Registration Period Proposal (cont.)
Text
• RO to notify the TMCH of registration of domain
names during exclusive registration period (i.e.,
upload of LORDN file)
• Registrations may occur via manual handling
rather than EPP
• Registration policies for exclusive registration
period must mirror those of the Sunrise
o Registries should extend their existing Sunrise Dispute
Resolution Policy
#ICANN51
34. Next Steps
Text
• Per measure II, section C in the Name Collision
Occurrence Assessment, the registry must continue to
withhold the names from allocation while ICANN
consults with the community about appropriate rights
protection mechanisms
- Public Comment Period Reply Phase closed on 7 October 2014
o ICANN to develop and publish requirements on the appropriate
Rights Protection Mechanisms for releasing these names
o The registry will be provided an updated Name Collision
Occurrence Assessment (if applicable) with details about how
to activate these names
#ICANN51
35. GDD + Related Sessions
Text
#ICANN51
Wednesday, 15 October
o Registry Services Update
o Rights Protection Mechanisms: User Feedback
o DNS Risk Framework
o GDD Service Delivery, Customer Service SLAs
o Universal Acceptance
Thursday, 16 October
o DNSSEC Key Rollover Workshop
o Thick WHOIS Implementation (Working Session)
o Deploying the IETF’s WHOIS Replacement
36. Text Engage with ICANN on Web Social Media
twitter.com/icann
facebook.com/icannorg
linkedin.com/company/icann
gplus.to/icann
weibo.com/icannorg
flickr.com/photos/icann
youtube.com/user/ICANNnews icann.org