Feedback Friday: Industry Experts Comment on Hive Ransomware Takedown

Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Architecture

Five Things you Should know About Domain Names

Domain names are used a trillion times every day. They’re part of the plumbing of the Internet and, like regular plumbing, you don’t need to worry too much about how it works…it just does. Until it doesn’t.

The world of domain names is complex, governed by multiple layers of technological and contractual relationships. Sometimes it can be confusing. Here are five facts about domains names that you may not be aware of, but could affect your business.

If you Forget to Renew your Domain, Don’t Panic!

Domain names are used a trillion times every day. They’re part of the plumbing of the Internet and, like regular plumbing, you don’t need to worry too much about how it works…it just does. Until it doesn’t.

The world of domain names is complex, governed by multiple layers of technological and contractual relationships. Sometimes it can be confusing. Here are five facts about domains names that you may not be aware of, but could affect your business.

If you Forget to Renew your Domain, Don’t Panic!

Domain Names

Every webmaster’s worst nightmare is to discover a website has gone offline because of his own dumb mistake. Forgetting to renew a domain name can be embarrassing (and costly), but it’s not the end of the world. After your registration period expires, the domain will not be deleted for up to 80 days. First, it enters the “Auto-Renew Grace Period” for up to 45 days. If you forget to renew your domain, this is the cheapest time to correct the mistake; note, however, that the actual length of the renewal window depends on your chosen registrar.

After the auto-renew period expires, domains enter a mandatory 30-day Redemption Grace Period (RGP), during which they can still be reactivated by the original registrant. RGP renewals can be expensive compared to the normal cost of registration (due to the manual processing involved at the registrar and the registry) but they’re the only way to guarantee that the expiring domain name does not fall into the wrong hands when it expires. For your most valuable domains, consider stronger measures, including 10-year registrations, auto-renewals and other higher security registrar services.

Related Reading: Five DNS Threats You Should Protect Against

Domain Names are now Available in Chinese, Arabic and Hindi

When the Domain Name System was invented in 1985, the Internet was still largely the home of academics, most of them English speakers in the United States. Nobody considered that it would one day grow up to be used by two billion people in more than two hundred countries. Because of this legacy, the DNS today can only understand domain names written in the 26 characters of the Latin alphabet, the 10 numerals and the hyphen.

For speakers of languages like Chinese, Arabic, Hindi, Russian, Hebrew and Greek, this was — until recently — a significant barrier to entry. The problem led to the creation of Internationalized Domain Names (IDN), a standardized method of translating non-Latin scripts into DNS-compatible domain names at the application layer. A domain that appears to the user in Arabic or Cyrillic scripts will actually exist in the DNS encoded as a unique ASCII string with the prefix “xn--“.

Today, IDNs are supported in all the major browsers, but it was only recently that it became possible to register a domain that uses non-Latin characters to the right of the dot as well as to the left. For more than a year, ICANN has been delegating top-level domains that represent translations or transliterations of Latin country codes in scripts including traditional and simplified Chinese, Arabic, Devanagari and Cyrillic. So far ICANN has received 33 requests for IDN ccTLDs in 22 languages, of which 20 have been approved and delegated.

While billions of people will now be able to surf the Web in their own languages, there’s a risk of confusion for those of us accustomed to Latin-only DNS. Be aware that IDN characters can sometimes be confusingly similar to ASCII, which has implications for phishing defenses.

There are defenses to Domain Hijacking

Domain hijacking is a relatively rare but nevertheless serious problem. Companies large and small have awakened to discover that their domain name no longer resolves to their website and that their email no longer works, because a criminal has fraudulently claimed ownership of the domain and redirected it to his own servers. Quite often this is achieved by executing a social engineering attack on the registrar, but it can also occur if the password for your registrar account is, in some way, compromised.

Many registrars now offer extra layers of security for defending against hijacking attempts. Generally, these involve higher levels of manual and automated authentication before DNS records are modified; sometimes they may also involve a Registry Lock, which is designed to prevent even the registrar making changes to records without first being authenticated. These are usually offered as premium services above and beyond the $10 registration fee.

The most Expensive Domain was Sex.com

Thousands of domain names are sold on the secondary market every month, many through auction houses that publicly report their sales. The domain aftermarket regularly reports over $10 million in sales every month, but this is estimated to represent perhaps as little as 30% of all sales. The average price for a .com is $8,900, but every so often a domain name is sold for over a million dollars.

Domains such as business.com and fund.com have changed hands for more than $7 million, but it is perhaps not surprising that “sin” domains command the highest prices. Slots.com and casino.com notably sold for $5.5 million each, while porn.com sold for $9.5 million. The highest-priced aftermarket domain sale of all time, among those that have been publicly reported, was sex.com; that domain has been acquired at least twice, commanding a price tag of $13 million the last time it was sold.

Domain names are valuable assets. Just because you’re no longer using a name from your portfolio, letting registrations expire may not be the best option.

New gTLDs Could shake up the Domain name World

The Internet Corporation for Assigned Names and Numbers (ICANN) will soon start to accept applications for new generic top-level domains (gTLDs). For the first time in a decade, organizations will be able to apply to get their own piece of right-of-the-dot Internet real estate. Some companies may want to run their own “dot Brands,” such as .microsoft or .ibm, while others may want to own a keyword related to their industry, such as .shoes or .coffee. Governmental organizations will apply for gTLDs representing their capital cities or other place names.

Applying is not cheap; the baseline application fee is $185,000. ICANN will only accept submissions between January 12 and April 12, 2012. It could be many years before another window of opportunity opens. Many experts expect hundreds, possibly thousands, of new gTLDs to be created over the next few years. Companies all over the world will also be able to apply for IDN gTLDs, meaning we could soon see a “.com” in Arabic or a “.shop” in Greek. The new gTLD program is something that needs to be on every organization’s radar, whether they plan to apply or not.

Related Reading: The Top Five Worst DNS Security Incidents

Related Reading: Trouble Ahead – The Implementation Challenges for DNSSEC

Related Reading: Deploying DNSSEC – Four Ways to Prepare Your Enterprise for DNSSEC

Related Reading: Five Strategies for Flawless DNSSEC Key Management and Rollover

Related Reading: The Missing Ingredients for DNSSEC Success

Related Reading: Do Recent BGP Anomalies Shed a Light on What’s to Come?

Written By

Click to comment

Expert Insights

Related Content

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Big-game malware hunters at Volexity are shining the spotlight on a sophisticated Chinese APT caught recently exploiting a Sophos firewall zero-day to plant backdoors...

Incident Response

Implementation of security automation can be overwhelming, and has remained a barrier to adoption

Endpoint Security

Apple has launched a new security research blog and website, which will also be the new home of the company’s bug bounty program.

Application Security

Password management software firm LastPass has suffered a data breach that led to the theft of source code and proprietary technical information.

ICS/OT

The White House announced on Wednesday that the Industrial Control Systems (ICS) Cybersecurity Initiative has been expanded to include the chemical sector.