The Spectre in the Room: Let’s Talk About DNS Abuse

Defining “DNS Abuse” Is Kind of Pointless

"DNS Abuse" as a term covers all forms of online threats related to the DNS, but the exact definition has been a matter of debate for some years. The people running registries and registrars mostly consider it related to registration of domain names, the people from threat intelligence look at how malware uses the DNS, and DNS infrastructure operators think of it as attacks on the DNS infrastructure itself. So, nobody quite agrees on a unified understanding of what the term means.

Turns out though: It doesn't matter. Everyone has their own definition of what it means to them, according to their perspectives and their particular values, but in the end we're all on the same side and we're all trying to protect users on the internet from online threats in some way or another. Whether one entity considers DNS Abuse to cover C2 domains or not isn't important, as long as each entity works to solve for the DNS Abuse they define. At the ICANN75 conference this year it was noted, "the train has left the station." The term DNS Abuse is out there and it means different things to different people, and that's OK.

Everyone’s Talking About It

There's been a lot of activity this year related to DNS Abuse, and it seems to have finally arrived in the spotlight globally.

The EU released a 173-page report on the results of a 7-month study on DNS Abuse, which prompted a lot of discussion worldwide. The European Dialog on Internet Governance (EuroDIG) held a session to discuss the consequences of definitions, and DNS Research Foundation published their thoughts on the topic.

The DNS Abuse Institute was launched by the Public Interest Registry (PIR, responsible for handling the .org TLD), and released their ongoing study of DNS Abuse called DNSAI Compass that shows trends from various areas. The FIRST DNS Abuse SIG released a draft of their model of DNS Abuse techniques, and the international group of registries and registrars, eco, published their initial versions of a table classifying DNS Abuse.

All of this represents the result of months and years of work behind the scenes on many different fronts, but altogether has pushed DNS Abuse into the public consciousness in a way that hasn't really been seen before.

What DNSFilter is Doing

DNSFilter continues to play a key part in the evolving landscape of DNS Abuse. As part of our mission to provide best-in-class DNS security, understanding and taking part in the conversation is fundamental to how DNSFilter can better protect our users while furthering online security for the internet as a whole.

Our Principal Security Researcher, Peter Lowe, presented at the ICANN75 AGM in Kuala Lumpur this year on the topic, after being named DNS Abuse Ambassador for FIRST (the Forum of Incident Responders and Security Teams). He's also continued his work as co-chair of the FIRST DNS Abuse SIG to provide incident responders with a reference point for dealing with ongoing events, as part of a multi-stakeholder group covering a huge range of interested parties.

We're also actively engaging with the DNS Research Foundation to explore their DAP.LIVE platform, and have provided feedback and commentary on eco's topDNS DNS Abuse Table. Evaluations and discussions are also happening with the DNS Abuse Institute on several levels, including their research and analysis, and reporting system that they are aiming to promote.

The Path Ahead

While there's been a lot of activity on various fronts, one of the main things that needs to happen going forward is to bring people together. With so many different perspectives, enabling the conversation itself is as valuable as the work itself on some levels.

Protective DNS is now seen as a basic part of any threat protection profile, and we have unique insight into all levels of DNS Abuse as an industry leader, allowing us to bring people together and remind everyone that we're all fighting the same battle. As part of this, DNSFilter is organizing a number of panels for 2023 at different levels, involving key players from all sectors to highlight the issues we're facing on a global scale.

At the same time, we're continuing to contribute our expertise and knowledge to ongoing work while providing feedback on publishings from other organizations. Every day seems to bring new ideas to the table.

Search
  • There are no suggestions because the search field is empty.
Latest posts
Maximizing Efficiency and Security: The Art of Safe Automation Maximizing Efficiency and Security: The Art of Safe Automation

Automation is no longer optional for companies looking to scale and operate their cyber defenses. It enables organizations to do more with less, eliminating rote and mundane tasks to free up valuable human resources for more strategic initiatives. However, if not used carefully, automation can amplify existing problems, making something bad even worse. So, how can we use automation effectively and safely?

Revving Up the Fun: DNSFilter's IndyCar Experience Recap — Nashville Edition Revving Up the Fun: DNSFilter's IndyCar Experience Recap — Nashville Edition

Our final race weekend at the Music City Grand Prix was an adrenaline-pumping experience that perfectly blended speed, technology, and unforgettable moments. It was a weekend full of thrills, camaraderie, and lightning-fast Wi-Fi in Nashville. Here’s a rundown of the highlights:

Ensuring Safety from Digital Threats in Educational Environments Ensuring Safety from Digital Threats in Educational Environments

As education relies more heavily on technology, the importance of ensuring the safety and media literacy of students continues to grow. Educational environments must navigate a complex landscape of online content, balancing the need for open access to information with the necessity of protecting students from harmful, inappropriate, or inaccurate material. Digital safety encompasses protecting students from online threats such as cyberbullying, m...

Explore More Content

Ready to brush up on something new? We've got even more for you to discover.