Afnic commits to DNS security at the international level

I have had the pleasure of being Vice President of the TLD-OPS Group since June 2018. I actively participate in the dissemination of the work of the group through communication operations at international events within the community (talks at ICANN meetings, Centr, AfTLD, APTLD, etc.) and in the organization of joint workshops.

As a cornerstone of Internet architecture, DNS services are subject to numerous cyber-attacks (denial of service attacks, poisoning of cached servers, amplification, etc.). The technical teams at Afnic, the French national registry for the .fr TLD and Overseas French namespaces for more than 20 years have acquired genuine expertise that over that time has meant they have had to confront a number of real cases of cyber-attacks using effective counter-measures, allowing us to maintain the very high level of service of the DNS.

Backed by that experience, Afnic joined the international TLD-OPS group at its launch in 2015. It is an initiative of the ccNSO (Country Code Names Supporting Organization) within ICANN.

The pro bono work by the national registries for country code top-level domains (ccTLDs) has the following main objectives:

• to create contacts between operations managers (DSI, ISSMs and line managers) guaranteeing the security of the national registries for country code top-level domains and the DNS through a protected mailing list;
• to share strategic information about security breaches and attacks to warn and support registries in cases of identified problems;
• to participate in workshops to produce good practice guides for registries with limited means to produce operational action plans and adequate counter-measures.

Naturally, its purpose is not to supplant the technical teams in place but to provide additional support through networking with peers in the profession, including with the committee in charge of security aspects within ICANN, the Security and Stability Advisory Committee (SSAC).

Collectively, ccTLDs are better equipped to fight cyberattacks. At present, nearly 70% of the national domain name registries have joined the TLD-OPS group across all five continents. A special communication effort is being made to continue to integrate the remaining ccTLDs; it is necessary both to demonstrate the usefulness of the group’s work and to reassure all those involved about the security of exchanges within the community.

Necessarily, in this group, trust is a fundamental value. In the age of social networks and the immediate dissemination of information, it is essential to protect discussions between registries of domain names to fight effectively against cyberattacks. This is why a strict check is done before adding a ccTLD to the group. In addition, face-to-face meetings serve to build lasting relationships between stakeholders that are much stronger than e-mail.

To find out more

• For more information on TLD-OPS Group activities, please visit https://ccnso.icann.org/en/resources/tld-ops-secure-communication.htm

• or download the brochure https://ccnso.icann.org/fr/workinggroups/tld-ops-enhanced-incident-response-capabilities-cctlds-27nov17-fr.pdf