Security Experts:

Five Things you Should know About Domain Names

Domain names are used a trillion times every day. They're part of the plumbing of the Internet and, like regular plumbing, you don't need to worry too much about how it works…it just does. Until it doesn't.

The world of domain names is complex, governed by multiple layers of technological and contractual relationships. Sometimes it can be confusing. Here are five facts about domains names that you may not be aware of, but could affect your business.

If you Forget to Renew your Domain, Don't Panic!

Domain Names

Every webmaster's worst nightmare is to discover a website has gone offline because of his own dumb mistake. Forgetting to renew a domain name can be embarrassing (and costly), but it's not the end of the world. After your registration period expires, the domain will not be deleted for up to 80 days. First, it enters the “Auto-Renew Grace Period” for up to 45 days. If you forget to renew your domain, this is the cheapest time to correct the mistake; note, however, that the actual length of the renewal window depends on your chosen registrar.

After the auto-renew period expires, domains enter a mandatory 30-day Redemption Grace Period (RGP), during which they can still be reactivated by the original registrant. RGP renewals can be expensive compared to the normal cost of registration (due to the manual processing involved at the registrar and the registry) but they're the only way to guarantee that the expiring domain name does not fall into the wrong hands when it expires. For your most valuable domains, consider stronger measures, including 10-year registrations, auto-renewals and other higher security registrar services.

Related Reading: Five DNS Threats You Should Protect Against

Domain Names are now Available in Chinese, Arabic and Hindi

When the Domain Name System was invented in 1985, the Internet was still largely the home of academics, most of them English speakers in the United States. Nobody considered that it would one day grow up to be used by two billion people in more than two hundred countries. Because of this legacy, the DNS today can only understand domain names written in the 26 characters of the Latin alphabet, the 10 numerals and the hyphen.

For speakers of languages like Chinese, Arabic, Hindi, Russian, Hebrew and Greek, this was -- until recently -- a significant barrier to entry. The problem led to the creation of Internationalized Domain Names (IDN), a standardized method of translating non-Latin scripts into DNS-compatible domain names at the application layer. A domain that appears to the user in Arabic or Cyrillic scripts will actually exist in the DNS encoded as a unique ASCII string with the prefix "xn--".

Today, IDNs are supported in all the major browsers, but it was only recently that it became possible to register a domain that uses non-Latin characters to the right of the dot as well as to the left. For more than a year, ICANN has been delegating top-level domains that represent translations or transliterations of Latin country codes in scripts including traditional and simplified Chinese, Arabic, Devanagari and Cyrillic. So far ICANN has received 33 requests for IDN ccTLDs in 22 languages, of which 20 have been approved and delegated.

While billions of people will now be able to surf the Web in their own languages, there's a risk of confusion for those of us accustomed to Latin-only DNS. Be aware that IDN characters can sometimes be confusingly similar to ASCII, which has implications for phishing defenses.

There are defenses to Domain Hijacking

Domain hijacking is a relatively rare but nevertheless serious problem. Companies large and small have awakened to discover that their domain name no longer resolves to their website and that their email no longer works, because a criminal has fraudulently claimed ownership of the domain and redirected it to his own servers. Quite often this is achieved by executing a social engineering attack on the registrar, but it can also occur if the password for your registrar account is, in some way, compromised.

Many registrars now offer extra layers of security for defending against hijacking attempts. Generally, these involve higher levels of manual and automated authentication before DNS records are modified; sometimes they may also involve a Registry Lock, which is designed to prevent even the registrar making changes to records without first being authenticated. These are usually offered as premium services above and beyond the $10 registration fee.

The most Expensive Domain was Sex.com

Thousands of domain names are sold on the secondary market every month, many through auction houses that publicly report their sales. The domain aftermarket regularly reports over $10 million in sales every month, but this is estimated to represent perhaps as little as 30% of all sales. The average price for a .com is $8,900, but every so often a domain name is sold for over a million dollars.

Domains such as business.com and fund.com have changed hands for more than $7 million, but it is perhaps not surprising that "sin" domains command the highest prices. Slots.com and casino.com notably sold for $5.5 million each, while porn.com sold for $9.5 million. The highest-priced aftermarket domain sale of all time, among those that have been publicly reported, was sex.com; that domain has been acquired at least twice, commanding a price tag of $13 million the last time it was sold.

Domain names are valuable assets. Just because you're no longer using a name from your portfolio, letting registrations expire may not be the best option.

New gTLDs Could shake up the Domain name World

The Internet Corporation for Assigned Names and Numbers (ICANN) will soon start to accept applications for new generic top-level domains (gTLDs). For the first time in a decade, organizations will be able to apply to get their own piece of right-of-the-dot Internet real estate. Some companies may want to run their own "dot Brands," such as .microsoft or .ibm, while others may want to own a keyword related to their industry, such as .shoes or .coffee. Governmental organizations will apply for gTLDs representing their capital cities or other place names.

Applying is not cheap; the baseline application fee is $185,000. ICANN will only accept submissions between January 12 and April 12, 2012. It could be many years before another window of opportunity opens. Many experts expect hundreds, possibly thousands, of new gTLDs to be created over the next few years. Companies all over the world will also be able to apply for IDN gTLDs, meaning we could soon see a ".com" in Arabic or a ".shop" in Greek. The new gTLD program is something that needs to be on every organization's radar, whether they plan to apply or not.

Related Reading: The Top Five Worst DNS Security Incidents

Related Reading: Trouble Ahead - The Implementation Challenges for DNSSEC

Related Reading: Deploying DNSSEC - Four Ways to Prepare Your Enterprise for DNSSEC

Related Reading: Five Strategies for Flawless DNSSEC Key Management and Rollover

Related Reading: The Missing Ingredients for DNSSEC Success

Related Reading: Do Recent BGP Anomalies Shed a Light on What's to Come?

Ram Mohan is the Executive Vice President and Chief Technology Officer at Afilias, a global provider of Internet infrastructure services including domain name registry and DNS solutions. Ram also serves as the Security & Stability Advisory Committee's liaison to ICANN’s Board of Directors and has helped direct and write numerous policies effecting domain name registration and DNS security.