On May 9-10, Istanbul (Turkey) hosted the ICANN Middle East DNS Forum (MEDNSF 2023). The Forum discussed a wide range of topics related not only to the regional Internet community, but also to the global Internet: Internet Fragmentation, Universal Acceptance, Network Security, the second round of the New gTLD program and other issues.
During MEDNSF 2023, there was a very interesting discussion of the advantages and disadvantages of using the DNSSEC extension in the technical section DNSSEC Validation: Why Does it Matter?" The DANE (DNS-based Authentication of Named Entities) specification set, which allows for the transfer of a trustworthy certificate that was previously unknown to the client over DNS with obligatory DNS response authentication using DNSSEC, was specifically discussed by the attendees. The section also discussed the problem of amplifying a distributed DoS attack using DNS amplification DDoS attacks and the impact of using the DNS DNSSEC protocol extension on this type of attack. The principle of the attack is that the attacker starts sending requests to DNS servers with a fake return address - the address of the target of the DDoS attack. The DNS server response is substantially larger than the query, and having DNSSEC data in it further increases the size. As a result, the victim's resource can no longer cope with many such responses coming from different DNS servers. The discussion of this problem was led by the remark of Vadim Mikhailov, an infrastructure consultant for the Coordination Center for TLD .RU/.РФ, that in the future the use of increasingly complex cryptographic algorithms in DNSSEC (for example, post-quantum cryptography) will lead to an increase in key sizes and, as a result, to an increase in DNS responses that can be used by attackers for malicious purposes.
The panel discussion "Universal Acceptance for Registries, Registrars, and ISPs to Support a Multilingual Internet" focused on supporting internationalized domain names and email addresses at all levels. The panelists shared examples of implementing internationalization support and talked about the difficulties encountered in this process, as well as discussed aspects of IDN security in terms of the problem associated with the use of similar characters (homoglyphs and homographs) in IDNs and email addresses for different malicious purposes such as phishing, as well as ways to mitigate such risks at the level of registries, registrars and domain name administrators.
At the "Opening the Domain Namespace for New Extensions" panel, Patrick Jones, ICANN Vice President of Global Stakeholder Engagement, shared the news on the upcoming new round of New gTLD registrations. He said that the development of recommendations on the policy of holding a new round is planned to be completed by August 1 this year. According to him, internationalized New gTLDs will also be allowed to register.
The main postulates of the panel discussion on the problem of Internet Fragmentation were the statements that the sources of processes that can lead to fragmentation of the global network lie not in the technical, but in the political field, and, according to the founder of the DNS Research Federation, Emily Taylor, there are three such sources: standards, regulatory and sanctions.
During ICANN's presentation "ICANN’s Multifaceted Approach to Mitigating Domain Name System (DNS) Abuse", dedicated to ICANN's developments in the field of DNS abuse mitigation, it is worth noting the new INFERMAL (Inferential Analysis of Maliciously Registered Domains) project, which aims to develop methods to counter registration of malicious domains. The project is part of ICANN's overall program to improve DNS security and combat DNS abuse.
The ICANN Middle East DNS Forum is now in its ninth year. The forum was first held in 2014 in Dubai (UAE). It brings together experts and stakeholders to discuss the latest developments in the global domain name market and ways to strengthen the Domain Name System (DNS) industry in the Middle East.
The Middle East DNS Forum is part of ICANN's ecosystem of regional events that enable the regional Internet community to learn more about new developments in DNS-related standards and technologies, better understand ICANN's role in shaping the future of the Internet, and learn how to be a part of it. Regional forums also include the Eastern European DNS Forum (EE DNS FORUM), which was held from 2016 to 2020: in Kiev, Minsk, Moscow, Yerevan and Tbilisi (virtual forum in connection with the pandemic). The possibility of holding the EE DNS FORUM in 2024 is currently being discussed.
