The Spectre in the Room: Let’s Talk About DNS Abuse

Defining “DNS Abuse” Is Kind of Pointless

"DNS Abuse" as a term covers all forms of online threats related to the DNS, but the exact definition has been a matter of debate for some years. The people running registries and registrars mostly consider it related to registration of domain names, the people from threat intelligence look at how malware uses the DNS, and DNS infrastructure operators think of it as attacks on the DNS infrastructure itself. So, nobody quite agrees on a unified understanding of what the term means.

Turns out though: It doesn't matter. Everyone has their own definition of what it means to them, according to their perspectives and their particular values, but in the end we're all on the same side and we're all trying to protect users on the internet from online threats in some way or another. Whether one entity considers DNS Abuse to cover C2 domains or not isn't important, as long as each entity works to solve for the DNS Abuse they define. At the ICANN75 conference this year it was noted, "the train has left the station." The term DNS Abuse is out there and it means different things to different people, and that's OK.

Everyone’s Talking About It

There's been a lot of activity this year related to DNS Abuse, and it seems to have finally arrived in the spotlight globally.

The EU released a 173-page report on the results of a 7-month study on DNS Abuse, which prompted a lot of discussion worldwide. The European Dialog on Internet Governance (EuroDIG) held a session to discuss the consequences of definitions, and DNS Research Foundation published their thoughts on the topic.

The DNS Abuse Institute was launched by the Public Interest Registry (PIR, responsible for handling the .org TLD), and released their ongoing study of DNS Abuse called DNSAI Compass that shows trends from various areas. The FIRST DNS Abuse SIG released a draft of their model of DNS Abuse techniques, and the international group of registries and registrars, eco, published their initial versions of a table classifying DNS Abuse.

All of this represents the result of months and years of work behind the scenes on many different fronts, but altogether has pushed DNS Abuse into the public consciousness in a way that hasn't really been seen before.

What DNSFilter is Doing

DNSFilter continues to play a key part in the evolving landscape of DNS Abuse. As part of our mission to provide best-in-class DNS security, understanding and taking part in the conversation is fundamental to how DNSFilter can better protect our users while furthering online security for the internet as a whole.

Our Principal Security Researcher, Peter Lowe, presented at the ICANN75 AGM in Kuala Lumpur this year on the topic, after being named DNS Abuse Ambassador for FIRST (the Forum of Incident Responders and Security Teams). He's also continued his work as co-chair of the FIRST DNS Abuse SIG to provide incident responders with a reference point for dealing with ongoing events, as part of a multi-stakeholder group covering a huge range of interested parties.

We're also actively engaging with the DNS Research Foundation to explore their DAP.LIVE platform, and have provided feedback and commentary on eco's topDNS DNS Abuse Table. Evaluations and discussions are also happening with the DNS Abuse Institute on several levels, including their research and analysis, and reporting system that they are aiming to promote.

The Path Ahead

While there's been a lot of activity on various fronts, one of the main things that needs to happen going forward is to bring people together. With so many different perspectives, enabling the conversation itself is as valuable as the work itself on some levels.

Protective DNS is now seen as a basic part of any threat protection profile, and we have unique insight into all levels of DNS Abuse as an industry leader, allowing us to bring people together and remind everyone that we're all fighting the same battle. As part of this, DNSFilter is organizing a number of panels for 2023 at different levels, involving key players from all sectors to highlight the issues we're facing on a global scale.

At the same time, we're continuing to contribute our expertise and knowledge to ongoing work while providing feedback on publishings from other organizations. Every day seems to bring new ideas to the table.

  • There are no suggestions because the search field is empty.
Latest posts
What is Protective DNS? What is Protective DNS?

Cybersecurity best practices are considered to be a mostly stable set of guidelines that advise organizations on the safest way to protect their digital holdings. Every once in a while, however, there are shakeups within these otherwise established best practices. Governing bodies issue new regulations, high-profile cyber attacks expose developing threats, and global events place pressure on existing cybersecurity measures.

Fall 2023 G2 Awards Are Here: 29 Badges and Counting For DNSFilter Fall 2023 G2 Awards Are Here: 29 Badges and Counting For DNSFilter

DNSFilter has been named a leader in Secure Web Gateway, DNS Security, and Web Security categories on G2, earning an impressive 29 badges and named in 29 reports. This includes new badges such as High Performer EMEA and Leader Americas in the Web Security category. 

These accolades are a testament to our commitment to our customers. We are particularly proud of our badges for ease of implementation, administration, and quality support. Providing ...

DNSFilter CEO Reacts to France’s “Bill to Secure and Regulate the Digital Space” DNSFilter CEO Reacts to France’s “Bill to Secure and Regulate the Digital Space”

At the end of June, Vint Cerf, one of the “fathers of the internet” published an article on Medium in response to a drafted bill by the French Republic. You can read the original French proposal here, but we’ll also include a version translated into English at the bottom of this article.

First, let me provide a quick summary of what the bill is proposing:

Spurred on by the proliferation of cyber threats and attacks, the government of France is pr...

Explore More Content

Ready to brush up on something new? We've got even more for you to discover.