In the domain names’ world, the rules applied by many registries of “first come, first served” often lead to many cases of abusive registrations and of cybersquatting in particular. This is a practice that consists in taking a domain name by registering it, using or mentioning a trademark, a business name, a patronym or any name on which the applicant has any right, in order to make material or moral profit from its current or future notoriety.
In order to fight against these fraudulent actions and to assert their rights, brands’ owners can implement a targeted action to recuperate or suppress the cybersquatted domain name, called UDRP procedure (Uniform Domain Name Dispute Resolution Policy). This procedure is administered by an Arbitration Center like the one of the WIPO, the World Intellectual Property Organization.
According to the WIPO’s General Director, Francis
Gurry: “Domain names involving fraud and
phishing or counterfeit goods pose the most obvious threats, but all forms of
cybersquatting affect consumers. WIPO’s UDRP caseload reflects the continuing
need for vigilance on the part of trademark owners around the world.”
UDRP complaints filed with WIPO in 2018*
On March 15, 2019, the WIPO published its last annual report on domain names’ disputes.
In 2018, the WIPO’s Arbitration and Mediation Center received a record of 3447 UDRP cases filed by brands’ owners, i.e a rise of 12% compared to the previous year.
Source: WIPO Statistics Database
However these disputes concerned 5655 domain
names, a decrease comparing to 2017 which counted 6371 names.
The main gTLDs in the cases filed with WIPO are unsurprisingly, the .COM (far ahead with 72.88%), the .NET (4.62%), the .ORG (3.50%) and the .INFO (2.23%).
Regarding the disputes on the domain names registered in the new extensions, they represent nearly 13% of the disputes, mostly in .ONLINE, .LIFE and .APP domains.
And lastly, nearly 500 complaints regarding names registered in ccTLDs have been filed, nearly 15% of all the disputes administered by the WIPO in 2018.
The 3 main sectors of complainant activity are
the sectors of banking and finance, biotechnology and pharmaceuticals, and
Internet and IT.
Geographically, France is placed second with 553 cases filed with the WIPO, just behind the United States (976 complaints) and is one the most reactive countries on this subject.
Note that on all the UDRP cases filed in 2018, Nameshield ranks second in the filing world complaints with 343 cases filed and 66 represented customers**.
Our teams are of course at your disposal to inform you on the possibilities of contentious domain names recovery actions.
*Source: WIPO Statistics Database
**Source: Nameshield’s report on UDRP procedures, 2018
On the article dated from February 22, 2019, we discussed about the Brexit’s consequences on the .EU domain names and the publication of the action plan by EURid, the .EU registry, following two scenarios, in case of no deal or in case of a withdrawal agreement between the United Kingdom and the European Union.
In short, as a result of the Brexit, companies and individuals, holders
of a .EU will no longer be able to renew or register names in .EU if they are
not residing in the European Union.
In case of no deal, .EU domain names’ holders will have 2 months from March 30, 2019 to demonstrate their eligibility or to transfer their name to an
eligible registrant (whose country code isn’t either GB/GI). All registrants
who did not demonstrate their eligibility will be deemed ineligible and their
domain names will be withdrawn.
In case there is a withdrawal agreement, this plan of actions will be
implemented as of January
1, 2021.
Due to ongoing uncertainties over the United Kingdom’s withdrawal from the European Union, EURid announced on March 22, 2019, that this plan would be placed on hold while waiting for an official update from the European Commission.
Remember, in June 2014, Nominet, the registry of .CO.UK, launched the
opening of the .UK registrations. At the time of the extension’s launch, the
registry applied a 5 years restriction during which the .UK registration rights
were restricted to the holders of the corresponding names in .CO.UK, .ORG.UK,
.ME.UK, .NET.UK, .LTD.UK or .PLC.UK.
The 1st of July 2019 will mark the end of the period when .UK extensions were blocked from registration if the .CO.UK was not already registered. The names will then be opened to all! If you are already a .CO.UK domain name’s holder, don’t hesitate to contact your Nameshield’s consultant before the end of the priority period to reserve your corresponding name in .UK and thus prevent a third party to do it on the general availability period.
After the launches of the .APP and .PAGE,
Google launched .DEV on January 16, its new extension dedicated to developers
and technology, following the calendar below:
Sunrise period: from 2019/01/16 to 2019/02/19
EAP (Early Access
Program): from 2019/02/19 to 2019/02/28
General availability: from 2019/02/28
Since February 28, 2019, the .DEV is in general availability and already
has more than 64 000 domain names’ registrations according to Domain Name
Wire.
To promote this new extension and for the Google I/O 2019 , its annual event for developers (which will be held on May 7-9, 2019 at the Shoreline Amphitheatre in Mountain View), Google proposes the free registration for 1 year of a .DEV domain name for all ticket booked. But the registrations resulting of this promotional campaign only represent a small part of the 64 000 .DEV domain names registered.
During the last months, Google itself has launched or relaunched many of
its websites in .DEV: web.dev, opensource.dev, flutter.dev…
Other companies have also chosen to register their domain names in .DEV
like Mozilla with mdn.dev, Salesforce with crm.dev and Level Access with
accessibility.dev.
The HTTPS mandatory for all .DEV domain names
As mentioned in a previous article by Christophe GERARD, Nameshield’s Security Product Manager, as reminder, Google in its goal of a more secure Internet, makes HTTPS encryption mandatory for all its new extensions: .APP, .PAGE, .HOW, .DEV… (More details in this article).
Thus, .DEV extension is included on the HSTS pre-upload list, requiring
HTTPS protocol on all .DEV domain names.
Therefore, in order to use a .DEV domain name, you will need to acquire
a SSL certificate and deploy HTTPS.
From tools to platforms, programming languages to blogs, this extension
will allow you to present your projects. Don’t hesitate to contact a Nameshield’s
consultant for any questions regarding the conditions for the registration of
your .DEV.
Image source : Nick Youngson CC BY-SA 3.0 Alpha Stock Images
Launched in 1999, the UDRP process (Uniform Domain Name Policy) is today the fastest and the most affordable solution for resolving clear cases of cybersquatting.
Indeed, UDRP offers to brands
owners a transparent process, carried out by independent experts allowing them
to retrieve or delete a domain name infringing their brands. It is important to
note that the expert cannot allocate the damages and interests to the requester.
MARQUES, a European association representing brand owners’ interests, raised,
on the 1st of February 2019 in a letter addressed to ICANN, the issue of the
costs supported by the brands owners for the defense of their brands in case of
cybersquatting.
The association collected several information regarding UDRP complaints
registered with seven Arbitrage Centers providing or having provided this
process, and in particular the ones concerning the number of UDRP complaints
filed and the associated costs.
In particular, between 1999 and December 2018, the WIPO (World
Intellectual Property Organization) registered 42 535 complaints filings. Knowing that the cost of the
arbitration fees of the WIPO (besides the representation fees) is at least
$1,500 USD, WIPO then collected at least $63,802,500
USD from administrative fees over nearly 20 years.
Furthermore, MARQUES proceeded to an estimation of the costs regarding
complaint filings by taking into account the fees of the representation by a
legal consultation and concluded that the cost of a UDRP complaint filing would
be $5,000 USD. Knowing the
arbitration fees, the representation fees by a legal consultation would then be
$3,500 USD.
Thus MARQUES estimates the costs (which regroup administrative fees and
legal consultation fees) supported by the trademarks owners are $360,190,000 USD for the period 1999 to
the end of 2018.
However, some members of the association, think that this is a low
estimation and that it would not take into account other expenses related to
the protection of their rights (revenue loss, monitoring costs, defensive
registration, lifting anonymity, research, etc).
Last weekend, the media has widely communicated on the consequences of
an unprecedented attack that targeted the domain names.
Indeed, during the night of 22-23 February ICANN reported the large-scale attacks on the domain names: it is DNS hijacking. These attacks consist in “replacing the authorized servers addresses” with “addresses of machines controlled by the attackers”, as explained by the organization, allowing the attackers to examine the data in order to find passwords, email addresses etc., even to completely capture the traffic towards their servers.
A wave of attacks that began in November 2018
Actually, this is not an attack but a wave of attacks that the domain
names system has endured for several weeks now.
Since the end of November 2018, an attack has targeted Lebanon and the
United Arab Emirates and affected .GOV domain names. In this attack, the
cybercriminals have proceeded with DNS hijacking.
At the beginning of January 2019, the company FireEye reported in an article, a wave of DNS hijacking that has affected domain names belonging to government, telecommunications and internet infrastructure entities across the Middle East and North Africa, Europe and North America.
If the attackers were then not identified, the initial research
suggested the attacks could be conducted by persons based in Iran.
Important fact regarding the attack of February 22: this time, it
struck, sometimes successfully, important actors of the Internet.
What are these attacks?
The method used is the DNS hijacking deployed on a large scale. This is
a malicious attack, also called DNS redirection. Its aim: overwrite the TCP/IP
parameters of a computer in order to redirect it towards a fraudulent DNS
server instead of the configured official DNS server. To do this, the attacker
takes control of the targeted machine through different techniques to alter the
DNS configurations.
The American government, among others, recently warned about these
series of highly sophisticated attacks of which the aim would be to siphon a
large volume of passwords. These attacks would target more specifically
governments and private companies.
Between DNS hijacking and cyber espionage
According to Talos’ article of November 2018, the attackers behind these attacks would have collected emails and connection information (login credentials – passwords) by hijacking the DNS, so that the traffic of the emails and the VPN (Virtual Private Networking) of the targeted institutions would be redirected to a server controlled by the cybercriminals.
Once the connectors collected, other attacks can be launched for
espionage purposes, like the Man-In-The-Middle.
Then how to effectively protect yourself?
You must be aware that if these attacks essentially aim the domain names
system, we can never say it enough, the
first entry point of your domain names portfolio for an attacker is your access
to the management platform.
The first and utmost recommendation is to protect your access
For many years, Nameshield has developed securing measures for the access to the domain names management platform (IP filter, ACL, HTTPS) and in addition proposes the 2 factors authentication and the SSO.
If these complementary solutions are still not implemented, Nameshield
strongly recommends to implement them, in particular the 2 factors
authentication in order to fight against passwords thefts.
To implement the DNSSEC protocol
The implementation of DNSSEC, if it was more widely deployed, would prevent or at least lessen the impact of these attacks by limiting their consequences.
It’s becoming increasingly urgent that DNSSEC is adopted on a massive
scale, for both resolvers and authoritative servers.
To protect your domain names
The implementation of a registry lock on your strategic names will prevent their fraudulent modifications.
Although no perfect solution exists today to fully protect the infrastructures from cyberattacks, it is the implementation of several preventive measures combined that will allow to reduce the vulnerabilities (so) easily exploited by the pirates.
On February 13, 2019, the Duma (lower Chamber of the Russian Parliament)
has begun to study a draft legislation with the aim to create a “sovereign
Internet” in Russia, meaning an ability to function in total independence if
Russia was cut from the major global servers. To achieve this, it will be
necessary to create an “infrastructure allowing to ensure the functioning of
the Russian Internet resources in case of the impossibility for the Russian
operators to connect to the foreign sources Internet servers”.
The Internet providers will have to implement systems allowing a
“centralized control of the traffic” on their networks.
The measures proposed would allow the Russian Internet (RuNet) to ensure
that the Russian part of the Internet functions efficiently. In other words,
the test will allow Russia to ensure that its domestic networks can operate in
full autonomy.
A response to the penalty threats?
If Russia talks about an assurance for a maintained
local availability, particularly in case of a large-scale cyberattack, this
draft legislation is also and clearly presented as a response to the
“aggressive nature of the new American cybersecurity strategy adopted in
September 2018” [mentioning Russia as a threat]. Indeed, Russia is the object
of many accusations regarding cyberattacks and cyber espionage (disruptions of
the American presidential elections in 2016 -exhortation of Stuart Peach, Chief
of the UK Defence staff in NATO, to take measures against Russia in December
2017, after the Russian submarines were detected near the Atlantic submarine
cables, which carry the communications between Europe and the USA – in January
2018, the Minister of UK Defence, Gavin Williamson, also accuses Russia of
spying the critical infrastructure of his country with the aim to create a “total
chaos” which could “result in thousands and thousands of deaths”, etc). NATO
and its allies have then threatened to punish Russia for these cyberattacks.
It’s in this context that Russia is planning a
full-scale test of disconnection of the global Internet network.
A full-scale test
For several years, this test has been prepared
by Russian authorities, who planned a DNS local backup (tested in 2014 and in
2018).
Indeed, the law plans the creation of Russia’s
internal DNS system, which would ensure the link between web address and IP
address of the corresponding web servers, without resting on the root servers
of the global Internet.
Validated by president Poutine, the draft
legislation has all its chances to be quickly adopted despite the reluctance of
some branches of the government because of the potential expenses entailed. On
the Russian Internet providers’ side, they seem to agree with the draft
legislation, as mentioned in the Russian press, but to this date, they do not
validate its technical implementation, which could create important
disturbances and other traffic disruptions in Russia.
Of course, it is easy to see that this
experience will simultaneously test the Internet providers‘ ability to direct
data towards routing points controlled by the Russian government, since a
filter would be implemented to stop the flow of data towards foreign servers.
Would Russia move towards a system of traffic
filtering, beyond ensuring a national intranet that maintains an operational
connection inside the borders even in case of a massive cyberattack? It is reminiscent
of the significant Chinese firewall (Internet monitoring and censorship project
managed by the Ministry of Public Security of the People’s Republic of China,
initiated in 1998 and of which activities began in November 2003).
The Russian test could happen on the 1st of
April 2019. To be
continued.
In a previous article, we discussed the Brexit’s consequences on .EU domain names, the European Commission announced on 28 March 2018 that companies and individuals, holders of a .EU will no longer be able to renew or register names in .EU if they are not residing in the European Union.
With the Brexit’s date approaching, EURid, .EU registry, has recently published its action plan that has two scenarios depending on the case there is no deal or the case there is a withdrawal agreement between the United Kingdom and the European Union. In the second case, it will be the same actions but they will be implemented on different dates (from December 2020).
Scenario 1: The United
Kingdom leaves the European Union with no deal on 30 March 2019
New registrations
From 30 March 2019: EURid will not allow the
registration of any new domain name from registrant declaring an address in Great
Britain (country code GB) or in Gibraltar (country code GI).
.EU domain names that have GB/GI as the registrant country code within WHOIS, at the time of UK withdrawal
On 23 March 2019: EURid will notify by email both
GB/GI registrants and their registrars about the forthcoming non-compliance of
the data associated to their domain name within the .EU regulatory framework.
On 30 March 2019: EURid will again notify by email
both GB/GI registrants and their registrars that their domain name is not in compliance
with the .EU regulatory framework.
Before 30 May 2019: Registrants will be given the
possibility to demonstrate their compliance with the .EU regulatory framework
by updating their contact data.
During this two months period, the domain names in question will remain active and the following actions are possible:
-Contact data changes including updates to existing contact details pertaining to phone number, email address, postal address and country code;
-Updating a contact or linking a new contact;
-Name server and DNSSEC changes;
-Transfer the domain name to a non GB/GI registrant.
During this two months period, the following actions arenot possible:
-Transfer the domain name to a GB/GI registrant;
-Term extension, unless accompanied by a transfer request to an eligible registrant;
-Automatic renewal for domain names that expire in the period between 30 March 2019 and 30 May 2019.
As of 30 May 2019: All registrants who did not
demonstrate their eligibility will be deemed ineligible and their domain names
will be withdrawn.
On 30 March 2020, i.e. twelve months after the UK
withdrawal: All the affected domain names will become available for general registration.
For. EU domain names that are in the ON-HOLD status at the time of UK withdrawal: They will remain registered until there is an outcome of the court case. However, they will be suspended and will cease to function as of 30 May 2019.
-If a court ruling establishes a transfer to an eligible party, that decision will be implemented in the usual way.
-If the domain name stays with the GB/GI registrant, the domain name will be withdrawn.
For .EU domain names that are in the
SUSPENDED status at the time of UK withdrawal: Evaluation by the registry on a case-by-case
basis, moving forward if appropriate, with the withdrawal of the domain name.
For .EU domain names that are in the QUARANTINE status at the time of UK withdrawal:
-No transfer to GB/GI registrants from quarantine will be possible during the two months period.
-Transfer to a non-GB/GI registrant will be possible.
Scenario 2: The United
Kingdom leaves the European Union with a planned transitional period on 31
December 2020
It will be the same actions but they will be
implemented on different dates.
New registrations
From 1 January 2021: EURid will not allow the
registration of any new domain name from registrant whose country code is
either GB/GI.
.EU domain names that have GB/GI as the registrant country code within WHOIS, at the time of UK withdrawal
23 December 2020: First email sent about the
non-compliance of the data associated to the domain name.
1 January 2021: Second email sent about the
non-compliance.
Before 2 March 2021: Possibility for the registrants to
demonstrate their compliance with the .EU regulatory framework by updating
their contact data.
As of 2 March 2021: All registrants who did not
demonstrate their eligibility will be deemed ineligible and their domain names
will be withdrawn.
On 1 January 2022: All the affected domain names will
become available for general registration.
The actions planned in the first scenario
regarding the different status « ON HOLD », « SUSPENDED » and « QUARANTINE »,
will also be applied in the second scenario.
The Brexit’s consequences thus force the
British to rethink their domain names strategy. Indeed, the loss of their .EU domain
names will be an opportunity for cybersquatters who reside in the E.U. and meet
the eligibility criteria, they would then have the rights to register these .EU
domain names.
Nameshield’s team is at your disposal to reply
to all your questions and to propose you the best recommendations regarding
your domain names’ portfolio management.
This is a recurrent question from our customers: does the use of the
DNS, whether it is good or bad, have an impact on the websites’ SEO? We have
already discussed about the impact of a HTTPS website on the SEO, this is now
the occasion to focus on the side of the DNS.
The DNS is an invisible process, implemented in the background, it’s
difficult to comprehend why it can help or affect a website’s performance and
the ranking in search engines, more particularly on Google.
This article will approach the possible impact of the DNS in response to
the following questions:
Does the modification of
a DNS record affect the SEO?
Does the change of the
DNS provider affect the SEO?
Which part of the DNS
plays in a website’s migration?
Does the change of a
website’s IP address affect the website’s SEO?
Quid of the DNSSEC
implementation?
Can a DNS breakdown
affect the SEO?
Can a faster DNS increase
the SEO?
Does the change at the DNS level affect the SEO?
1. Modification of a DNS record, be careful of the TTL
The domain name’s redirection towards the corresponding web server often
passes through the creation of a A type record (IPv4 address). The A record
will then direct the traffic towards the IP address of the destination web
server. The modification of this record can lead to performance problems.
Indeed, to optimize the response time, the DNS system allows the information caching with the DNS resolver
servers for a given time, the duration of the TTL (Time to live) defined by the
technical manager of the domain name, during its configuration. The usual TTL,
like the one recommended by ANSSI, is several hours for the usual uses of
domain names (websites). In the case of a A record modification, this one could
be taken into account only at the end of the TTL. Then web users could still
access to the former record configurations for a few minutes or even several
hours after the modifications.
Thus it’s important to
reduce the TTL, even temporarily during these modifications.
But does that affect the SEO? Yes, it does and no, it doesn’t. In the
case of users being sent towards a destination that no longer exists, Google
will consider this as a 404 error. Beyond the negative user experience, this is
not directly a SEO factor. However be careful of the possible existence of backlinks
and the too high numbers of 404 errors. A low TTL allows to limit the impact
during these modifications.
2. Modification of the DNS declared for a domain name
A domain name is associated to the name servers (NS/Name Servers) which allow
the right DNS resolution. The DNS service searches the information on these NS.
These NS can be modified during the change of the provider managing the domain
name, or simply to pass from a DNS infrastructure to another. Will the change
of the name server affect the SEO?
Depending on the provider and the chosen infrastructure, the resolution
time could be more or less short with a possible impact of improvement or
decrease regarding the SERP (Search Engine Result Page). Indeed, the resolution
time is taken into account by Google (see after).
And like for a record change, it is recommended to reduce the lifespan
of the records before modifying the name servers, so the DNS resolvers don’t
keep in cache the former information.
3. Risk associated to the DNS during the website’s migration
This is the same principle discussed previously. The modifications of
the DNS configurations don’t directly affect the SEO, but can lead to a bad
user’s experience. The TTL should also be seen as a useful mean to take into
consideration.
Which specific cases to consider?
Change of web hosting provider
Change of DNS hosting
provider?
Move the traffic of www.
towards a “nude domain” (without www.)
Move your domain towards
a CDN (content diffusion network)
4. Change of the destination IP address
No. During the modification of a record pointing from a termination
point to another, the SEO is not affected. The only (very rare) exception to
this rule would be to point a domain towards a termination point that would
have been already identified as a spam server (for example, the IP address of a
shared server).
However, be careful of the IP address in question, one of the (many)
rules of Google’s SEO is that an IP address used for a website should be
located near the final user.
5. DNSSEC implementation
DNSSEC allows to authenticate the DNS resolution through a chain of
trust between the different DNS servers of this resolution. Just like for the
HTTPS, this is an additional security layer to implement. And like for the
HTTPS, the pages’ loading time is affected, and therefore potentially the
associated SEO. To put this into perspective, DNSSEC is essential to web users’
surfing and it is recommended to implement it.
Most companies that propose security audit regarding domain names
consider DNSSEC as necessary and then as a notation criteria.
Do faster DNS increase the SEO?
Google admitted that the loading time of a web page has an impact on the
SERP results. The times of the DNS research are in general less than a second,
they can nevertheless affect the loading of a webpage in the following cases:
1. Recurring breakdowns on the DNS infrastructure
When a DNS cannot resolve or takes more time than usual, it can add many
seconds to the time of a page loading. In case of lack of reliability and
recurring unavailability, the impact on SEO is proved… Not mentioning the user
experience in front of these repetitive failures (increase of the bounce rate,
decrease of customers’ retention and impact on the trust in the brand, if not
revenue loss). It is important to rely on a reliable and trustworthy
infrastructure.
2. Quality of the network and points of presence
This is purely and simply physics, the nearest a names server is to the
final user, the less time is needed to respond to its request. The DNS networks
called “anycast” (optimized addressing and routing towards “the nearest” or the
“more efficient” server) with many points of presence in the world, allow to
optimize the response time depending on the geographical location.
Another important point is to have at least three names servers that are
authority (SOA) for a domain name, ideally based on different domain names and
TLDs, in order to reduce the risk of SPOF (Single Point of Failure) of an
infrastructure. Indeed, if an infrastructure relies on the same domain name, an
unavailability of this domain name, for whatever the reason, leads to the
unavailability of the DNS infrastructure. Likewise, at the TLDs’ level and even
if it is less likely, a problem of registry availability would affect all the
DNS infrastructure.
3. Be careful of “extended” DNS configurations
It’s not unusual to have DNS configurations which send towards a final
destination through several steps like in the example below. As a consequence, the resolution time is
affected and potentially, the performance in terms of SEO.
fr.wikipedia.org. IN
CNAME text.wikimedia.org.
text.wikimedia.org. IN
CNAME text.esams.wikimedia.org.
text.esams.wikimedia.org.
IN A 91.198.174.232
Conclusion
The SEO is a science to consider as a whole. Thus, as we have seen
through the impact of the HTTPS adoption of a website, this is a referencing
factor among others and all things being equal, then this is particularly
important in order to achieve a competitive edge on the first page of results.
The same applies to the impact of DNS on the SEO. Can the DNS have an
impact? Yes, it clearly can in the case of incorrect configurations, or in the
case that the DNS infrastructures do not allow response times fast enough. A
DNS infrastructure called anycast is essential for any domain name carrying an
important web traffic, even more at an international level. This is a data to
integrate in a whole, and this thinking should be in a global approach of the
SEO with the web marketing team.
Lately, the DNS keeps being talked about! After the first KSK rollover
of October 2018, then the deactivation of the former KSK key on last January
11, here comes the time of the DNS Flag
Day!
DNS Flag Day: What is it all about?
The Flag day is an expression used in IT to indicate the deadline and/or
radical change.
Let us remember that when it was created, the weight of cybercrime
threats affecting the DNS infrastructure didn’t exist. If the security was
relegated to the background, the evolution of attacks have made it absolutely
necessary: The DNS must be strengthened!
It’s in this context that the EDNS standard has been created in 1999 (updated in 2013 in the RFC6891). EDNS has particularly allowed the implementation of DNSSEC, the DNS’ geolocation and other measures aiming to strengthen the security.
This transition was not without difficulties. Abusive EDNS standard
adoptions, lack of updates, bypasses have led to the creation of many patches
and accommodations of the recursive servers’ code (particularly, in order to be
able to differentiate DNS servers which cannot properly support EDNS from the
ones unreachable for other reasons).
Two decades later, the maintenance of all these patched software has
become more than difficult and leads to bugs that can compromise the DNS
security. Obviously, the weight of these patches affects the speed of the
response times.
It’s time for this standard to be implemented by all, or they will no
longer be able to efficiently deal with new DNS attacks, like amplification or
layer 7 attacks.
That’s why, major IT actors (Google, Cloudfare, Facebook, Cisco..), of which the developers of recursive servers decided as one to no longer support DNS servers that do not respect the EDNS standard as of February 1, 2019. The Flag Day arrives!
And concretely?
From the DNS Flag Day, on
February 1, all the DNS servers not in
compliance with the EDNS standard (or not functioning because of a firewall
incompatible with EDNS), thus not responding to EDNS requests will be considered as unreachable;
accommodations and other patches being removed from the new versions of the DNS
software.
To simplify, not placed on compatible DNS, your domain name may no
longer respond.
How to anticipate?
That is why it is important to ensure that DNS servers hosting your
names‘ zones are compatible EDNS, in particular if they are not placed on
Nameshield’s DNS infrastructure or if your company maintains its own
infrastructure.
The DNS Flag Day website also allows to test the compliance of your name: https://dnsflagday.net/
Of course, our team is at your disposal for any question.
Nameshield uses cookies
Nameshield wishes to use cookies to ensure the proper functioning of the site and, with our partners, to measure its audience🍪.
Nameshield wishes to use cookies to ensure the proper performance of the website and, with our partners, to monitor its audience. More information in our Cookie Policy 🍪.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-advertisement
1 year
Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent
1 year
Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Cookie
Duration
Description
_ga
2 years
The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_25904574_14
1 minute
Set by Google to distinguish users.
_gid
1 day
Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Cookie
Duration
Description
NID
6 months
NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.
