Login
Today, the latest issue of The Domain Name Industry Brief Quarterly Report was released by DNIB.com, showing the fourth quarter of 2023 closed with 359.8 million domain name registrations across all top-level domains (TLDs), an increase of 0.6 million domain name registrations, or 0.2%, compared to the third quarter of 2023. Domain name registrations also increased by 8.9 million, or 2.5%, year over year.
Check out the latest issue of The Domain Name Industry Brief Quarterly Report to see domain name stats from the fourth quarter of 2023, including:
DNIB.com and The Domain Name Industry Brief Quarterly Report are sponsored by Verisign. To see past issues of the quarterly report, interactive dashboards and learn about DNIB.com’s statistical methodology, please visit DNIB.com.
The post Domain Name Industry Brief Quarterly Report: DNIB.com Announces 359.8 Million Domain Name Registrations in the Fourth Quarter of 2023 appeared first on Verisign Blog.
Today, the latest issue of The Domain Name Industry Brief Quarterly Report was released by DNIB.com, showing the third quarter of 2023 closed with 359.3 million domain name registrations across all top-level domains (TLDs), an increase of 2.7 million domain name registrations, or 0.8%, compared to the second quarter of 2023. Domain name registrations also increased by 8.5 million, or 2.4%, year over year.
Check out the latest issue of The Domain Name Industry Brief Quarterly Report to see domain name stats from the third quarter of 2023, including:
DNIB.com and The Domain Name Industry Brief Quarterly Report are sponsored by Verisign. To see past issues of the quarterly report, interactive dashboards, and learn about DNIB.com’s statistical methodology, please visit DNIB.com.
The post Domain Name Industry Brief Quarterly Report: DNIB.com Announces 359.3 Million Domain Name Registrations in the Third Quarter of 2023 appeared first on Verisign Blog.
Today, the latest issue of The Domain Name Industry Brief Quarterly Report was released by DNIB.com, showing the second quarter of 2023 closed with 356.6 million domain name registrations across all top-level domains (TLDs), an increase of 1.7 million domain name registrations, or 0.5%, compared to the first quarter of 2023. Domain name registrations also increased by 4.3 million, or 1.2%, year over year.
Check out the latest issue of The Domain Name Industry Brief Quarterly Report to see domain name stats from the second quarter of 2023, including:
With the launch of the DNIB.com dashboards, 16 additional TLDs have been included in applicable calculations. The applicable current and historical data presented in this edition of the quarterly report have been adjusted accordingly, and applicable quarterly and year-over-year trends have been calculated using those adjusted figures. More information is available at DNIB.com.
DNIB.com and the Domain Name Industry Brief Quarterly Report are sponsored by Verisign. To see past issues of the quarterly report, interactive dashboards, and learn about DNIB.com’s statistical methodology, please visit DNIB.com.
The post Domain Name Industry Brief Quarterly Report: DNIB.com announces 356.6 Million Domain Name Registrations in the Second Quarter of 2023 appeared first on Verisign Blog.
Verisign today announced the launch of DNIB.com, the new Domain Name Industry Brief (DNIB) website.
Sponsored by Verisign, DNIB.com is a source for insights and analysis from subject-matter experts on key topics relevant to the global Domain Name System (DNS). DNIB.com will offer insight on policy, governance, technology, security, and business trends relevant to analysts, entrepreneurs, policymakers, and anyone with an interest in the DNS. The website features a collection of new, searchable, and interactive dashboards tracking relevant DNS data and trends, that is designed to be a valuable day-to-day resource for industry stakeholders, and anyone interested in learning more about global domain name operations.
DNIB.com is also the new home of the DNIB quarterly report, which Verisign has published for more than a decade, providing a trusted and valued resource for stakeholders across the globe seeking to understand the dynamism and trends of the domain name industry.
The report will be published each quarter at DNIB.com, summarizing the state of the domain name industry through a variety of statistical and analytical research. The new and expanded DNIB.com dashboards take that statistical data to the next level, enabling exploration of trend data across the industry, providing additional history and depth, and offering expert insights and commentary.
The post Announcing the Launch of DNIB.com, a New Source for DNS News, Information, Research, and Analysis appeared first on Verisign Blog.
Today, we released the latest issue of The Domain Name Industry Brief, which shows that the first quarter of 2023 closed with 354.0 million domain name registrations across all top-level domains (TLDs), an increase of 3.5 million domain name registrations, or 1.0%, compared to the fourth quarter of 2022.1,2 Domain name registrations also increased by 3.5 million, or 1.0%, year over year.1,2
Check out the latest issue of The Domain Name Industry Brief to see domain name stats from the first quarter of 2023, including:
This issue of the Domain Name Industry Brief includes a correction to the March 2023 issue, which incorrectly reported the number of domain name registrations in the .eu ccTLD.2 This was the result of a one-time error in the .eu domain name registration data, provided by ZookNIC, which has since been resolved.
To see past issues of The Domain Name Industry Brief, please visit https://verisign.com/dnibarchives.
The post Verisign Domain Name Industry Brief: 354.0 Million Domain Name Registrations in the First Quarter of 2023 appeared first on Verisign Blog.
This blog was co-authored by Verisign Distinguished Engineer Mike Hollyman and Verisign Director – Engineering Hasan Siddique. It is based on a lightning talk they gave at NANOG 87 in February 2023, the slides from which are available on the NANOG website.
At Verisign, we believe that continuous improvements to the safety and security of the global routing system are critical for the reliability of the internet. As such, we’ve recently embarked on a path to implement Resource Public Key Infrastructure (RPKI) within our technology ecosystem as a step toward building a more secure routing system. In this blog, we share our ongoing journey toward RPKI adoption and the lessons we’ve learned as an operator of critical internet infrastructure.
While RPKI is not a silver bullet for securing internet routing, practical adoption of RPKI can deliver significant benefits. This will be a journey of deliberate, measured, and incremental steps towards a larger goal, but we believe the end result will be more than worth it.
Under the Border Gateway Protocol (BGP) – the internet’s de-facto inter-domain routing protocol for the last three decades – local routing policies decide where and how internet traffic flows, but each network independently applies its own policies on what actions it takes, if any, with data that connects through its network. For years, “routing by rumor” served the internet well; however, our growing dependence upon the global internet for sensitive and critical communications means that internet infrastructure merits a more robust approach for protecting routing information. Preventing route leaks, mis-originations, and hijacks is a first step.
Verisign was one of the first organizations to join the Mutually Agreed Norms for Routing Security (MANRS) Network Operator Program in 2017. Ever since the establishment of the program, facilitating routing information – via an Internet Routing Registry (IRR) or RPKI – has been one of the key “actions” of the MANRS program. Verisign has always been fully supportive of MANRS and its efforts to promote a culture of collective responsibility, collaboration, and coordination among network peers in the global internet routing system.
Just as RPKI creates new protections, it also brings new challenges. Mindful of those challenges, but committed to our mission of upholding the security, stability, and resiliency of the internet, Verisign is heading toward RPKI adoption.
In his March 2022 blog titled “Routing Without Rumor: Securing the Internet’s Routing System,” Verisign EVP & CSO, Danny McPherson, discussed how “RPKI creates new external and third-party dependencies that, as adoption continues, ultimately replace the traditionally autonomous operation of the routing system with a more centralized model. If too tightly coupled to the routing system, these dependencies may impact the robustness and resilience of the internet itself.” McPherson’s blog also reviewed the importance of securing the global internet BGP routing system, including utilizing RPKI to help overcome the hurdles that BGP’s implicit trust model presents.
RPKI Route Origin Validation (ROV) is one critical step forward in securing the global BGP system to prevent mis-originations and errors from propagating invalid routing information worldwide. RPKI ROV helps move the needle towards a safer internet. However, just as McPherson pointed out, this comes at the expense of creating a new external dependency within the operational path of Verisign’s critical Domain Name System (DNS) services.
At NANOG 87, we shared our concerns on how systemic and circular dependencies must be acknowledged and mitigated, to the extent possible. The following are some concerns and potential risks related to RPKI:
Additional considerations include:
These items require careful consideration before implementing RPKI, not afterwards.
To better manage potential risks in our journey towards RPKI adoption, we established “day zero” requirements. These included firm conditions that must be met before any further testing could occur, including monitoring data across multiple protocols, coupled with automated ROA/IRR provisioning.
The deliberate decision to take a measured approach has proved rewarding, leaving us better positioned to manage and maintain our data and critical RPKI systems.
Investing engineering cycles in building robust monitoring and automation has increased our awareness of trends and outages based on global and local observability. As a result, operations and support teams benefit from live training on how to respond to RPKI-related events. This has helped us improve operational readiness in response to incidents. Additionally, automation reduces the risk of human error and, when coupled with monitoring, introduces stronger guardrails throughout the provisioning process.
Verisign’s core mission is to enable the world to connect online with reliability and confidence, anytime, anywhere. This means that as we adopt RPKI, we must adhere to strict design principles that don’t risk sacrificing the integrity and availability of DNS data.
Our path to RPKI adoption is just one example of how we continuously strive for improvement and implement new technology, all while ensuring we protect Verisign’s critical DNS services.
While there are obstacles ahead of us, at Verisign we strongly advocate for consistent, focused discipline and continuous improvement. This means our course is set – we are firmly moving toward RPKI adoption.
Our goal is to improve internet routing security programs through efforts such as technology implementation, industry engagement, standards development, open-source contributions, funding, and the identification of shared risks which need to be understood and managed appropriately.
Implementing RPKI at your own organization will require broad investment in your people, processes, and technology stack. At Verisign specifically, we have assigned resources to perform research, increased budgets, completed various risk management tasks, and allocated significant time to development and engineering cycles. While RPKI itself does not address all security issues, there are incremental steps we can collectively take toward building a more resilient internet routing security paradigm.
As stewards of the internet, we are implementing RPKI as the next step in strengthening the security of internet routing information. We look forward to sharing updates on our progress.
The post Building a More Secure Routing System: Verisign’s Path to RPKI appeared first on Verisign Blog.
Today, we released the latest issue of The Domain Name Industry Brief, which shows that the fourth quarter of 2022 closed with 350.4 million domain name registrations across all top-level domains (TLDs), an increase of 0.5 million domain name registrations, or 0.1%, compared to the third quarter of 2022.1,2 Domain name registrations have increased by 8.7 million, or 2.6%, year over year.1,2
Check out the latest issue of The Domain Name Industry Brief to see domain name stats from the fourth quarter of 2022, including:
• Top 10 Largest TLDs by Number of Reported Domain Names
• Top 10 Largest ccTLDs by Number of Reported Domain Names
• ngTLDs as Percentage of Total TLDs
• Geographical ngTLDs as Percentage of Total Corresponding Geographical TLDs
To see past issues of The Domain Name Industry Brief, please visit https://verisign.com/dnibarchives.
The post Verisign Domain Name Industry Brief: 350.4 Million Domain Name Registrations in the Fourth Quarter of 2022 appeared first on Verisign Blog.
Today, we released the latest issue of The Domain Name Industry Brief, which shows that the third quarter of 2022 closed with 349.9 million domain name registrations across all top-level domains, a decrease of 1.6 million domain name registrations, or 0.4%, compared to the second quarter of 2022.1,2 Domain name registrations have increased by 11.5 million, or 3.4%, year over year.1,2
Check out the latest issue of The Domain Name Industry Brief to see domain name stats from the third quarter of 2022, including:
• Top 10 Largest TLDs by Number of Reported Domain Names
• Top 10 Largest ccTLDs by Number of Reported Domain Names
• ngTLDs as Percentage of Total TLDs
• Geographical ngTLDs as Percentage of Total Corresponding Geographical TLDs
To see past issues of The Domain Name Industry Brief, please visit verisign.com/dnibarchives.
The post Verisign Domain Name Industry Brief: 349.9 Million Domain Name Registrations in the Third Quarter of 2022 appeared first on Verisign Blog.
Today, we released the latest issue of The Domain Name Industry Brief, which shows that the second quarter of 2022 closed with 351.5 million domain name registrations across all top-level domains, an increase of 1.0 million domain name registrations, or 0.3%, compared to the first quarter of 2022.1,2 Domain name registrations have increased by 10.4 million, or 3.0%, year over year.1,2
Check out the latest issue of The Domain Name Industry Brief to see domain name stats from the second quarter of 2022, including:
• Top 10 Largest TLDs by Number of Reported Domain Names
• Top 10 Largest ccTLDs by Number of Reported Domain Names
• ngTLDs as Percentage of Total TLDs
• Geographical ngTLDs as Percentage of Total Corresponding Geographical TLDs
To see past issues of The Domain Name Industry Brief, please visit verisign.com/dnibarchives.
The post Verisign Q2 2022 Domain Name Industry Brief: 351.5 Million Domain Name Registrations in the Second Quarter of 2022 appeared first on Verisign Blog.
Today, we released the latest issue of The Domain Name Industry Brief, which shows that the first quarter of 2022 closed with 350.5 million domain name registrations across all top-level domains, an increase of 8.8 million domain name registrations, or 2.6%, compared to the fourth quarter of 2021.1,2 Domain name registrations have increased by 13.2 million, or 3.9%, year over year.1,2
Check out the latest issue of The Domain Name Industry Brief to see domain name stats from the first quarter of 2022, including:
• Top 10 Largest TLDs by Number of Reported Domain Names
• Top 10 Largest ccTLDs by Number of Reported Domain Names
• ngTLDs as Percentage of Total TLDs
• Geographical ngTLDs as Percentage of Total Corresponding Geographical TLDs
To see past issues of The Domain Name Industry Brief, please visit verisign.com/dnibarchives.
The post Verisign Q1 2022 Domain Name Industry Brief: 350.5 Million Domain Name Registrations in the First Quarter of 2022 appeared first on Verisign Blog.
Today, we released the latest issue of The Domain Name Industry Brief, which shows that the fourth quarter of 2021 closed with 341.7 million domain name registrations across all top-level domains, an increase of 3.3 million domain name registrations, or 1.0%, compared to the third quarter of 2021.1,2 Domain name registrations have increased by 1.6 million, or 0.5%, year over year.1,2
Check out the latest issue of The Domain Name Industry Brief to see domain name stats from the fourth quarter of 2021, including:
• Top 10 Largest TLDs by Number of Reported Domain Names
• Top 10 Largest ccTLDs by Number of Reported Domain Names
• ngTLDs as Percentage of Total TLDs
• Geographical ngTLDs as Percentage of Total Corresponding Geographical TLDs
To see past issues of The Domain Name Industry Brief, please visit verisign.com/dnibarchives.
The post Verisign Q4 2021 The Domain Name Industry Brief: 341.7 Million Domain Name Registrations in the Fourth Quarter of 2021 appeared first on Verisign Blog.
When an outage affects a component of the internet infrastructure, there can often be downstream ripple effects affecting other components or services, either directly or indirectly. We would like to share our observations of this impact in the case of two recent such outages, measured at various levels of the DNS hierarchy, and discuss the resultant increase in query volume due to the behavior of recursive resolvers.
During the beginning of October 2021, the internet saw two significant outages, affecting Facebook’s services and the .club top level domain, both of which did not properly resolve for a period of time. Throughout these outages, Verisign and other DNS operators reported significant increases in query volume. We provided consistent responses throughout, with the correct delegation data pointing to the correct nameservers.
While these higher query rates do not impact Verisign’s ability to respond, they raise a broader operational question – whether the repeated nature of these queries, indicative of a lack of negative caching, might potentially be mistaken for a denial-of-service attack.
On Oct. 4, 2021, Facebook experienced a widespread outage, lasting nearly six hours. During this time most of its systems were unreachable, including those that provide Facebook’s DNS service. The outage impacted facebook.com, instagram.com, whatsapp.net and other domain names.
Under normal conditions, the .com and .net authoritative name servers answer about 7,000 queries per second in total for the three domain names previously mentioned. During this particular outage, however, query rates for these domain names reached upwards of 900,000 queries per second (an increase of more than 100x), as shown in Figure 1 below.
Figure 1: Rate of DNS queries for Facebook’s domain names during the 10/4/21 outage.
During this outage, recursive name servers received no response from Facebook’s name servers – instead, those queries timed out. In situations such as this, recursive name servers generally return a SERVFAIL or “server failure” response, presented to end users as a “this site can’t be reached” error.
Figure 1 shows an increasing query rate over the duration of the outage. Facebook uses relatively low Time-to-Lives (TTLs), a setting that tells DNS resolvers how long to cache an answer on their DNS records before issuing a new query, of from one to five minutes. This in turn means that, five minutes into the outage, all relevant records would have expired from all recursive resolver caches – or at least from those that honor the publisher’s TTLs. It is not immediately clear why the query rate continues to climb throughout the outage, nor whether it would eventually have plateaued had the outage continued.
To get a sense of where the traffic comes from, we group query sources by their autonomous system number. The top five autonomous systems, along with all others grouped together, are shown in Figure 2.
Figure 2: Rate of DNS queries for Facebook’s domain names grouped by source autonomous system.
From Figure 2 we can see that, at their peak, queries for these domain names to Verisign’s .com and .net authoritative name servers from the most active recursive resolvers – those of Google and Cloudflare – increased around 7,000x and 2,000x respectively over their average non-outage rates.
On Oct. 7th, 2021, three days after Facebook’s outage, the .club and .hsbc TLDs also experienced a three-hour outage. In this case, the relevant authoritative servers remained reachable, but responded with SERVFAIL messages. The effect on recursive resolvers was essentially the same: Since they did not receive useful data, they repeatedly retried their queries to the parent zone. During the incident, the Verisign-operated A-root and J-root servers observed an increase in queries for .club domain names of 45x, from 80 queries per second before, to 3,700 queries per second during the outage.
Figure 3: Rate of DNS queries to A and J root servers during the 10/7/2021 .club outage.
Similar to the previous example, this outage also demonstrated an increasing trend in query rate during the duration of the outage. In this case, it might be explained by the fact that the records for .club’s delegation in the root zone use two-day TTLs. However, the theoretical analysis is complicated by the fact that authoritative name server records in child zones use longer TTLs (six days), while authoritative name server address records use shorter TTLs (10 minutes). Here we do not observe a significant amount of query traffic from Google sources; instead, the increased query volume is largely attributable to the long tail of recursive resolvers in “All Others.”
Figure 4: Rate of DNS queries for .club and .hsbc, grouped by source autonomous system.
Earlier this year Verisign implemented a botnet sinkhole and analyzed the received traffic. This botnet utilizes more than 1,500 second-level domain names, likely for command and control. We observed queries from approximately 50,000 clients every day. As an experiment, we configured our sinkhole name servers to return SERVFAIL and REFUSED responses for two of the botnet domain names.
When configured to return a valid answer, each domain name’s query rate peaks at about 50 queries per second. However, when configured to return SERVFAIL, the query rate for a single domain name increases to 60,000 per second, as shown in Figure 5. Further, the query rate for the botnet domain name also increases at the TLD and root name servers, even though those services are functioning normally and data relevant to the botnet domain name has not changed – just as with the two outages described above. Figure 6 shows data from the same experiment (although for a different date), colored by the source autonomous system. Here, we can see that approximately half of the increased query traffic is generated by one organization’s recursive resolvers.
Figure 5: Query rates to name servers for one domain name experimentally configured to return SERVFAIL.
Figure 6: Query rates to botnet sinkhole name servers, grouped by autonomous system, when one domain name is experimentally configured to return SERVFAIL.
These two outages and one experiment all demonstrate that recursive name servers can become unnecessarily aggressive when responses to queries are not received due to connectivity issues, timeouts, or misconfigurations.
In each of these three cases, we observe significant query rate increases from recursive resolvers across the internet – with particular contributors, such as Google Public DNS and Cloudflare’s resolver, identified on each occasion.
Often in cases like this we turn to internet standards for guidance. RFC 2308 is a 1998 Standards Track specification that describes negative caching of DNS queries. The RFC covers name errors (e.g., NXDOMAIN), no data, server failures, and timeouts. Unfortunately, it states that negative caching for server failures and timeouts is optional. We have submitted an Internet-Draft that proposes updating RFC 2308 to require negative caching for DNS resolution failures.
We believe it is important for the security, stability and resiliency of the internet’s DNS infrastructure that the implementers of recursive resolvers and public DNS services carefully consider how their systems behave in circumstances where none of a domain name’s authoritative name servers are providing responses, yet the parent zones are providing proper referrals. We feel it is difficult to rationalize the patterns that we are currently observing, such as hundreds of queries per second from individual recursive resolver sources. The global DNS would be better served by more appropriate rate limiting, and algorithms such as exponential backoff, to address these types of cases we’ve highlighted here. Verisign remains committed to leading and contributing to the continued security, stability and resiliency of the DNS for all global internet users.
This piece was co-authored by Verisign Fellow Duane Wessels and Verisign Distinguished Engineers Matt Thomas and Yannis Labrou.
The post Observations on Resolver Behavior During DNS Outages appeared first on Verisign Blog.
Today, we released the latest issue of The Domain Name Industry Brief, which shows that the third quarter of 2021 closed with 364.6 million domain name registrations across all top-level domains, a decrease of 2.7 million domain name registrations, or 0.7%, compared to the second quarter of 2021.1,2 Domain name registrations have decreased by 6.1 million, or 1.6%, year over year.1,2
Check out the latest issue of The Domain Name Industry Brief to see domain name stats from the third quarter of 2021, including:
The Domain Name Industry Brief this quarter also includes an overview of the ongoing community work to mitigate DNS security threats.
To see past issues of The Domain Name Industry Brief, please visit verisign.com/dnibarchives.
The post Verisign Q3 2021 The Domain Name Industry Brief: 364.6 Million Domain Name Registrations in the Third Quarter of 2021 appeared first on Verisign Blog.
Businesses today have many options for interacting with customers online. The findings of our independent survey of online consumers suggest that websites and branded email continue to be critical components of many businesses’ online presence, essential to supporting consumer confidence and enabling effective interaction with customers.
The quantitative study, commissioned by Verisign and conducted in December 2019 and January 2020 by 451 Research, now a part of S&P Global Market Intelligence, surveyed 5,450 online consumers across key markets in North America, Latin America, Europe and Asia to help understand their sentiments on interacting with businesses online.
The survey was designed to arm service providers and registrars with an understanding of how the resources they provide to businesses can help create trust and deliver value to their customers.
Among those surveyed, approximately two-thirds (66%) agreed that a business with its own website is more credible than one without. Likewise, a majority indicated that they would expect it to be more difficult to verify the identity of (56%), find online (55%) and contact (54%) a business that does not have its own website.
Certainly, this doesn’t suggest that businesses should abandon other online channels, such as social media and search engine efforts, to focus on a website-only approach. Instead, 64% of respondents said that a business with many points of online presence is more credible than a business with few.
Still, the study suggests that other online resources should complement, rather than replace, a small business’s own website. Respondents identified a business’s own website as being one of the most popular online methods for learning about (69%) and conducting transactions with (57%) businesses. Further, 71% of respondents reported being more likely to recommend a business with a professional website.
Taken together, these findings suggest that a website can help add credibility and drive new business.
Trust is central to the relationship between a business and customers. This may be particularly true for online transactions (95% of survey respondents said they actively make purchases online), which require consumers to trust not only that the business will deliver the product or service for which they have paid, but also that it will not misuse payment or personal information.
A branded email address may be able to help, as an overwhelming number of respondents (85%) agreed that a business with a branded email address is more credible than one that uses a free email account. Respondents were more likely to have used a business’s branded email address (67%), than the telephone (56%) or social media (40%), to communicate with a business during the prior 12 months.
For a small business, failing to be perceived as credible online could mean lost business not just today, but also in the future. A website and branded email address can help businesses add credibility and more effectively engage with consumers online.
Service providers offer a variety of website-building tools, email hosting solutions, and domain name registration services that can help businesses – whether just starting or well-established – to have a website and use a branded email.
Detailed survey results are available in 451 Research’s Black & White Paper Websites, Branded Email Remain Key to SMB Internet Services.
Verisign is a global wholesale provider of some of the world’s most recognized top-level domains, including .com and .net. For website building tools and email hosting solutions, contact a registrar. You can find a registrar here.
The post Websites, Branded Email Remain Key to SMB Internet Services appeared first on Verisign Blog.
Today, we released the latest issue of The Domain Name Industry Brief, which shows that the second quarter of 2021 closed with 367.3 million domain name registrations across all top-level domains (TLDs), an increase of 3.8 million domain name registrations, or 1.0%, compared to the first quarter of 2021.1,2 Domain name registrations have decreased by 2.8 million, or 0.7%, year over year.1,2
Check out the latest issue of The Domain Name Industry Brief to see domain name stats from the second quarter of 2021, including:
This quarter’s The Domain Name Industry Brief also includes an overview of how Registration Data Access Protocol (RDAP) improves upon the legacy WHOIS protocol.
To see past issues of The Domain Name Industry Brief, please visit verisign.com/dnibarchives.
1. The figure(s) includes domain names in the .tk ccTLD. .tk is a ccTLD that provides free domain names to individuals and businesses. Revenue is generated by monetizing expired domain names. Domain names no longer in use by the registrant or expired are taken back by the registry and the residual traffic is sold to advertising networks. As such, there are no deleted .tk domain names. https://www.businesswire.com/news/home/20131216006048/en/Freenom-Closes-3M-Series-Funding#.UxeUGNJDv9s.
2. The generic top-level domain (gTLD), new gTLD (ngTLD) and ccTLD data cited in the brief: (i) includes ccTLD Internationalized Domain Names (IDNs), (ii) is an estimate as of the time this brief was developed and (iii) is subject to change as more complete data is received. Some numbers in the brief may reflect standard rounding.
The post Verisign Q2 2021 The Domain Name Industry Brief: 367.3 Million Domain Name Registrations in the Second Quarter of 2021 appeared first on Verisign Blog.
Note: This article originally appeared in Verisign’s Q1 2021 Domain Name Industry Brief.
This article expands on observations of a botnet traffic group at various levels of the Domain Name System (DNS) hierarchy, presented at DNS-OARC 35.
Addressing DNS abuse and maintaining a healthy DNS ecosystem are important components of Verisign’s commitment to being a responsible steward of the internet. We continuously engage with the Internet Corporation for Assigned Names and Numbers (ICANN) and other industry partners to help ensure the secure, stable and resilient operation of the DNS.
Based on recent telemetry data from Verisign’s authoritative top-level domain (TLD) name servers, Verisign observed a widespread botnet responsible for a disproportionate amount of total global DNS queries – and, in coordination with several registrars, registries and ICANN, acted expeditiously to remediate it.
Just prior to Verisign taking action to remediate the botnet, upwards of 27.5 billion queries per day were being sent to Verisign’s authoritative TLD name servers, accounting for roughly 10% of Verisign’s total DNS traffic. That amount of query volume in most DNS environments would be considered a sustained distributed denial-of-service (DDoS) attack.
These queries were associated with a particular piece of malware that emerged in 2018, spreading throughout the internet to create a global botnet infrastructure. Botnets provide a substrate for malicious actors to theoretically perform all manner of malicious activity – executing DDoS attacks, exfiltrating data, sending spam, conducting phishing campaigns or even installing ransomware. This is the result of the malware’s ability to download and execute any other type of payload the malicious actor desires.
Malware authors often apply various forms of evasion techniques to protect their botnets from being detected and remediated. A Domain Generation Algorithm (DGA) is an example of such an evasion technique.
DGAs are seen in various families of malware that periodically generate a number of domain names, which can be used as rendezvous points for botnet command-and-control servers. By using a DGA to build the list of domain names, the malicious actor makes it more difficult for security practitioners to identify what domain names will be used and when. Only by exhaustively reverse-engineering a piece of malware can the definitive set of domain names be ascertained.
The choices made by miscreants to tailor malware DGAs directly influences the DGAs’ ability to evade detection. For instance, electing to use more TLDs and a large number of domain names in a given time period makes the malware’s operation more difficult to disrupt; however, this approach also increases the amount of network noise, making it easier to identify anomalous traffic patterns by security and network teams. Likewise, a DGA that uses a limited number of TLDs and domain names will generate significantly less network noise but is more fragile and susceptible to remediation.
Botnets that implement DGA algorithms or utilize domain names clearly represent an “abuse of the DNS,” opposed to other types of abuse that are executed “via the DNS,” such as phishing. This is an important distinction the DNS community should consider as it continues to refine the scope of DNS abuse and how remediation of the various abuses can be effectuated.
The remediation of domain names used by botnets as rendezvous points poses numerous operational challenges and insights. The set of domain names needs to be identified and investigated to determine their current registration status. Risk assessments must be evaluated on registered domain names to determine if additional actions should be performed, such as sending registrar notifications, issuing requests to transfer domain names, adding Extensible Provisioning Protocol (EPP) hold statuses, altering delegation records, etc. There are also timing and coordination elements that must be balanced with external entities, such as ICANN, law enforcement, Computer Emergency Readiness Teams (CERTs) and contracted parties, including registrars and registries. Other technical decisions also need to be considered, designed and deployed to achieve the desired remediation goal.
After coordinating with ICANN, and several registrars and registries, Verisign registered the remaining available botnet domain names and began a three-phase plan to sinkhole those domain names. Ultimately, this remediation effort would reduce the traffic sent to Verisign authoritative name servers and effectively eliminate the botnet’s ability to use command-and-control domain names within Verisign-operated TLDs.
Figure 1 below shows the amount of botnet traffic Verisign authoritative name servers received prior to intervention, and throughout the process of registering, delegating and sinkholing the botnet domain names.
Phase one was executed on Dec. 21, 2020, in which 100 .cc domain names were configured to resolve to Verisign-operated sinkhole servers. Subsequently, traffic at Verisign authoritative name servers quickly decreased. The second group of domain names contained 500 .com and .net domain names, which were sinkholed on Jan. 7, 2021. Again, traffic volume at Verisign authoritative name servers quickly decreased. The final group of 879 .com and .net domain names were sinkholed on Jan. 13, 2021. By the end of phase three, the cumulative DNS traffic reduction surpassed 25 billion queries per day. Verisign reserved approximately 10 percent of the botnet domain names to remain on serverHold as a placebo/control-group to better understand sinkholing effects as they relate to query volume at the child and parent zones. Verisign believes that sinkholing the remaining domain names would further reduce authoritative name server traffic by an additional one billion queries.
This botnet highlights the remarkable Pareto-like distribution of DNS query traffic, in which a few thousand domain names that span namespaces containing more than 165 million domain names, demand a vastly disproportionate amount of DNS resources.
What causes the amplification of DNS traffic volume for non-existent domain names to occur at the upper levels of the DNS hierarchy? Verisign is conducting a variety of measurements on the sinkholed botnet domain names to better understand the caching behavior of the resolver population. We are observing some interesting traffic changes at the TLD and root name servers when time to live (TTL) and response codes are altered at the sinkhole servers. Stay tuned.
In addition to remediating this botnet in late 2020 and into early 2021, Verisign extended its already four-year endeavor to combat the Avalanche botnet family. Since 2016, the Avalanche botnet had been significantly impacted due to actions taken by Verisign and an international consortium of law enforcement, academic and private organizations. However, many of the underlying Avalanche-compromised machines are still not remediated, and the threat from Avalanche could increase again if additional actions are not taken. To prevent this from happening, Verisign, in coordination with ICANN and other industry partners, is using a variety of tools to ensure Avalanche command-and-control domain names cannot be used in Verisign-operated TLDs.
Botnets are a persistent issue. And as long as they exist as a threat to the security, stability and resiliency of the DNS, cross-industry coordination and collaboration will continue to lie at the core of combating them.
This piece was co-authored by Matt Thomas and Duane Wessels, distinguished engineers at Verisign.
The post Industry Insights: Verisign, ICANN and Industry Partners Collaborate to Combat Botnets appeared first on Verisign Blog.
Today, we released the latest issue of the Domain Name Industry Brief, which shows that the first quarter of 2021 closed with 363.5 million domain name registrations across all top-level domains (TLDs), a decrease of 2.8 million domain name registrations, or 0.8%, compared to the fourth quarter of 2020.1,2 Domain name registrations have decreased by 3.3 million, or 0.9%, year over year.1,2
Check out the latest issue of the Domain Name Industry Brief to see domain name stats from the first quarter of 2021, including:
This quarter’s Domain Name Industry Brief also includes a look at a recent collaboration between Verisign, ICANN and industry partners to combat botnets.
To see past issues of the Domain Name Industry Brief, please visit verisign.com/dnibarchives.
1. The figure(s) includes domain names in the .tk ccTLD. .tk is a ccTLD that provides free domain names to individuals and businesses. Revenue is generated by monetizing expired domain names. Domain names no longer in use by the registrant or expired are taken back by the registry and the residual traffic is sold to advertising networks. As such, there are no deleted .tk domain names. https://www.businesswire.com/news/home/20131216006048/en/Freenom-Closes-3M-Series-Funding#.UxeUGNJDv9s.
2. The generic top-level domain (gTLD), new gTLD (ngTLD) and ccTLD data cited in the brief: (i) includes ccTLD Internationalized Domain Names (IDNs), (ii) is an estimate as of the time this brief was developed and (iii) is subject to change as more complete data is received. Some numbers in the brief may reflect standard rounding.
The post Verisign Q1 2021 Domain Name Industry Brief: 363.5 Million Domain Name Registrations in the First Quarter of 2021 appeared first on Verisign Blog.
At Verisign we have a commitment to making a positive and lasting impact on the global internet community, and on the communities in which we live and work.
This commitment guided our initial efforts to help these communities respond to and recover from the effects of the COVID-19 pandemic, over a year ago. And at the end of 2020, our sense of partnership with our local communities helped shape our efforts to alleviate COVID-related food insecurity in the areas where we have our most substantial footprint. This same sense of community is reflected in our partnership with Virginia Ready, which aims to help individuals in our home State of Virginia access training and certification to pivot to new careers in the technology sector.
We also believe that our team is one of our most important assets. We particularly value the diverse origins of our people; we have colleagues from all over the world who, in turn, are closely connected to their own communities both in the United States and elsewhere. A significant proportion of our staff are of either Asian American and Pacific Islander (AAPI) or South Asian origin, and today we are pleased to announce two charitable contributions, via our Verisign Cares program, directly related to these two communities.
First, Verisign is pleased to associate ourselves with the Stand with Asian Americans initiative, launched by AAPI business leaders in response to recent and upsetting episodes of aggression toward their community. Verisign supports this initiative and the pledge for which it stands, and has made a substantial contribution to the initiative’s partner, the Asian Pacific Fund, to help uplift the AAPI community.
Second, and after consultation with our staff, we have directed significant charitable contributions to organizations helping to fight the worsening wave of COVID-19 in India. Through Direct Relief we will be helping to provide oxygen and other medical equipment to hospitals, while through GiveIndia we will be supporting families in India impacted by COVID-19.
The ‘extended Verisign family’ of our employees, and their families and their communities, means a tremendous amount to us – it is only thanks to our talented and dedicated people that we are able to continue to fulfill our mission of enabling the world to connect online with reliability and confidence, anytime, anywhere.
The post Verisign Support for AAPI Communities and COVID Relief in India appeared first on Verisign Blog.
Today, we released the latest issue of the Domain Name Industry Brief, which shows that the fourth quarter of 2020 closed with 366.3 million domain name registrations across all top-level domains (TLDs), a decrease of 4.4 million domain name registrations, or 1.2 percent, compared to the third quarter of 2020.1,2 Domain name registrations have grown by 4.0 million, or 1.1 percent, year over year.1,2
Check out the latest issue of the Domain Name Industry Brief to see domain name stats from the fourth quarter of 2020, including:
This quarter’s Domain Name Industry Brief also includes a closer look at encryption and what new DNS capabilities may be possible with a “minimize at the root and top-level domain, encrypt when needed elsewhere” approach to DNS encryption.
To see past issues of the Domain Name Industry Brief, please visit Verisign.com/DNIBArchives.
1. The figure(s) includes domain names in the .tk ccTLD. .tk is a ccTLD that provides free domain names to individuals and businesses. Revenue is generated by monetizing expired domain names. Domain names no longer in use by the registrant or expired are taken back by the registry and the residual traffic is sold to advertising networks. As such, there are no deleted .tk domain names. https://www.businesswire.com/news/home/20131216006048/en/Freenom-Closes-3M-Series-Funding#.UxeUGNJDv9s.
2. The generic top-level domain (gTLD), new gTLD (ngTLD) and ccTLD data cited in the brief: (i) includes ccTLD Internationalized Domain Names (IDNs), (ii) is an estimate as of the time this brief was developed and (iii) is subject to change as more complete data is received. Some numbers in the brief may reflect standard rounding.
The post Verisign Q4 2020 Domain Name Industry Brief: 366.3 Million Domain Name Registrations in the Fourth Quarter of 2020 appeared first on Verisign Blog.
As we begin a new year, it is important to look back and reflect on our accomplishments and how we can continue to improve. A significant positive the DNS community could appreciate from 2020 is the receptiveness and responsiveness of the Chromium team to address the large amount of DNS queries being sent to the root server system.
In a previous blog post, we quantified that upwards of 45.80% of total DNS traffic to the root servers was, at the time, the result of Chromium intranet redirection detection tests. Since then, the Chromium team has redesigned its code to disable the redirection test on Android systems and introduced a multi-state DNS interception policy that supports disabling the redirection test for desktop browsers. This functionality was released mid-November of 2020 for Android systems in Chromium 87 and, quickly thereafter, the root servers experienced a rapid decline of DNS queries.
The figure below highlights the significant decline of query volume to the root server system immediately after the Chromium 87 release. Prior to the software release, the root server system saw peaks of ~143 billion queries per day. Traffic volumes have since decreased to ~84 billion queries a day. This represents more than a 41% reduction of total query volume.
This type of broad root system measurement is facilitated by ICANN’s Root Server System Advisory Committee standards document RSSAC002, which establishes a set of baseline metrics for the root server system. These root server metrics are readily available to the public for analysis, monitoring, and research. These metrics represent another milestone the DNS community could appreciate and continue to support and refine going forward.
Rightly noted in ICANN’s Root Name Service Strategy and Implementation publication, the root server system currently “faces growing volumes of traffic” from legitimate users but also from misconfigurations, misuse, and malicious actors and that “the costs incurred by the operators of the root server system continue to climb to mitigate these attacks using the traditional approach”.
As we reflect on how Chromium’s large impact to root server traffic was identified and then resolved, we as a DNS community could consider how outreach and engagement should be incorporated into a traditional approach of addressing DNS security, stability, and resiliency. All too often, technologists solve problems by introducing additional layers of technology abstractions and disregarding simpler solutions, such as outreach and engagement.
We believe our efforts show how such outreach and community engagement can have significant impact both to the parties directly involved, and to the broader community. Chromium’s actions will directly aide and ease the operational costs to mitigate attacks at the root. Reducing the root server system load by 41%, with potential further reduction depending on future Chromium deployment decisions, will lighten operational costs incurred to mitigate attacks by relinquishing their computing and network resources.
In pursuit of maintaining a responsible and common-sense root hygiene regimen, Verisign will continue to analyze root telemetry data and engage with entities such as Chromium to highlight operational concerns, just as Verisign has done in the past to address name collisions problems. We’ll be sharing more information on this shortly.
This piece was co-authored by Matt Thomas and Duane Wessels, Distinguished Engineers at Verisign.
The post Chromium’s Reduction of Root DNS Traffic appeared first on Verisign Blog.
The COVID-19 pandemic, when it struck earlier this year, ushered in an immediate period of adjustment for all of us. And just as the challenges posed by COVID-19 in 2020 have been truly unprecedented, Verisign’s mission – enabling the world to connect online with reliability and confidence, anytime, anywhere – has never been more relevant. We are grateful for the continued dedication of our workforce, which enables us to provide the building blocks people need for remote working and learning, and simply for keeping in contact with each other.
At Verisign we took early action to adopt a COVID-19 work posture to protect our people, their families, and our operations. This involved the majority of our employees working from home, and implementing new cleaning and health safety protocols to protect those employees and contractors for whom on-site presence was essential to maintain key functions.
Our steps to address the pandemic did not stop there. On March 25 we announced a series of measures to help the communities where we live and work, and the broader DNS community in which we operate. This included, under our Verisign Cares program, making contributions to organizations supporting key workers, first responders and medical personnel, and doubling the company’s matching program for employee giving so that employee donations to support the COVID-19 response could have a greater impact.
Today, while vaccines may offer signs of long term hope, the pandemic has plunged many families into economic hardship and has had a dramatic effect on food insecurity in the U.S., with an estimated 50 million people affected. With this hardship in mind, we have this week made contributions totaling $275,000 to food banks in the areas where we have our most substantial footprint: the Washington DC-Maryland-Virginia region; Delaware; and the canton of Fribourg, in Switzerland. This will help local families put food on their tables during what will be a difficult winter for many.
The pandemic has also had a disproportionate, and potentially permanent, impact on certain sectors of the economy. So today Verisign is embarking on a partnership with Virginia Ready, which helps people affected by COVID-19 access training and certification for in-demand jobs in sectors such as technology. We are making an initial contribution of $250,000 to Virginia Ready, and will look to establish further partnerships of this kind across the country in 2021.
The post Meeting the Evolving Challenges of COVID-19 appeared first on Verisign Blog.
FreshRSS 