19.10.2022

What is DNS Abuse – And What is Not?

The eco topDNS Initiative has published an Abuse Table to provide guidance on which cyber threats are considered to be abuse of the Domain Name System – and which are not.

DNS Abuse, i.e. the abuse of the Domain Name System, has become a catch-all term for many attacks and harmful behaviour by cybercriminals on the Internet. It is often not the Domain Name System itself that is targeted by the attackers. But practically all activities on the Internet, including harmful ones, run through the DNS. As a kind of telephone book of the Internet, it translates human-readable Internet addresses into machine-readable IP addresses.

“With the eco topDNS Initiative, we have classified the various threats on the Internet and precisely delimited where the DNS is actually abused and where, on the other hand, there is no DNS abuse,” says Thomas Rickert, Director Names & Numbers Forum in the eco Association. In close cooperation with the eco Anti-Abuse Competence Group, experts have described more than 50 threats on the Internet to determine whether they can be considered DNS abuse and how and by whom the corresponding attacks can be prevented.

topDNS Initiative provides assistance in understanding DNS Abuse

“It is not always easy to distinguish DNS abuse as a form of misuse of central functions of the Internet from other abuse attacks by cybercriminals,” Patrick Ben Koetter, Head of the eco Anti-Abuse Competence Group, points out. “With the DNS Abuse Table, we would like to initiate a discussion about who can and should contribute to the protection of the Internet and its users.

For example, intellectual property infringement, i.e. the violation of intellectual property rights. This is the case, for example, when a private blogger posts a photo online that is protected by copyright. Users would not be able to visit the blog without the DNS. But is the DNS really being abused here? What measures are possible and what measures are appropriate to end the infringement?

Interventions in the DNS should remain the exception

“It is important to take a differentiated view of abuse attempts in order to take targeted action against them,” says Thomas Rickert. “Interfering with the DNS only makes sense where it is obviously being manipulated or abused. Often, liability issues resulting from DNS intervention are unresolved – for example, if individual Internet addresses can no longer be visited. For online shops or news sites, the financial consequences of such interventions are immense. “There must be no arbitrary censorship of websites. DNS blocking should always be a last resort and only considered in cases of real abuse of the Domain Name System,” says Rickert. The first version of the Abuse Table of the eco topDNS Initiative now helps to detect such abuse beyond doubt.

Download topDNS Abuse Table

The Abuse Table is a living document. It does not claim to be complete, nor does it claim to do justice to all intermediaries and players in the DNS ecosystem. With this table, the topDNS Initiative would simply like to lay the groundwork for an open discussion among all those involved who can contribute to the fight against abuse – in order to make the Internet a little safer for everyone.

What is DNS Abuse – And What is Not?