On 23 January, Afnic the French domain name registry held its Registrar Day, an event aimed primarily at the registrars. Like every year, it was an opportunity to look back over the past year and look ahead to the current one.
The figures drawn up by Afnic for 2023 show an excellent dynamic. Indeed, the .FR extension has passed the 4.1 million domain names, ranking 7th among country-code Top level domains globally and still 3rd among the 27 Top level domains of the European Union. With a renewal rate of over 83% in 2023 and a 6.4% increase in new domains, the .FR domain has flattering figures for 2023.
Afnic has also drawn up an overview of its registrars. Above all, it shows increased concentration, which can also be seen in other Internet extensions and, more generally, in the domain names industry as a whole. Two figures to illustrate this: the number of accredited registrars has fallen by 40% in 10 years, and 38% of accredited registrars now account for 99.5% of the domain names managed by the French Registry.
For 2024, Afnic wants to continue to strengthen the visibility and awareness of the French Top level domain .FR. This will of course involve digital communication and in traditional media. But it also involves enhancing the accuracy and reliability of contact data associated with domain names and stepping up the fight against malicious uses with measures involving registrars. The aim of these two initiatives is to improve the reputation of, and confidence in the .FR domains, and also to honour commitments made to the French State, its mandator.
The European NIS2 directive on cybersecurity, due to come into force in October 2024, is never far away either. Indeed the directive explicitly targets the activities of the DNS and domain name stakeholders. Let’s hope that the increase in the price of the .FR domain names on 1 March does not dampen this positive momentum.
In this article published on October 4, 2023, we announced that the opening of the .TR extension in CATEGORY 3 will probably be in February.
Applications for the 3rd Category, where transactions will be carried out within the scope of the “a.tr Transition Process”, start on February 14, 2024.
In this category, holders of one of the following extensions: kep.tr, av.tr, dr.tr, com.tr, org.tr, net.tr, gen.tr, web.tr, name.tr, info.tr, tv.tr, bbs.tr and tel.tr will be given priority for .TR registration.
Following the application process, which starts on February 14, 2024 and will last for 3 months, it is expected that the evaluation process will be completed and the allocation procedures will be completed within 1 month (14-May-14 June 2024).
The date of your application between 14 February and 14 May 2024 is not important in the evaluation process. If the necessary conditions are met, the evaluation will be made taking into account the extension hierarchy.
Valentine’s Day is a wonderful day to make an analysis of your Turkish domain names portfolio!
DNSSEC is the protocol that guarantees the integrity of DNS resolution by establishing a chain of trust all the way back to the root. Data security is ensured by a mechanism of cryptographic keys that sign DNS zone records. Historically, DNS operators have used RSA keys (RSASHA256 algorithm), renowned for their robustness.
As an alternative to this asymmetric cryptographic algorithm, there are elliptic curve algorithms. In the case of DNSSEC, the “ECDSA Curve P-256 with SHA-256” algorithm (RFC 6605 and 8624) offers a higher level of security with smaller key sizes.
The ECDSA algorithm is increasingly being implemented by major players in the domain names industry, such as Verisign and AFNIC, and aims to become the standard.
This has several advantages over our current implementation:
Smaller signatures and smaller zone files (approx. -33%);
Faster zone transfer and reload;
Improved signing performance;
Potentially faster DNS requests (less reliance on IP fragmentation);
Reduced amplification factor of DDoS attacks based on DNS.
For all these reasons, Nameshield has chosen to use this algorithm by default to secure its own domain names and those of its customers.
The end-of-year holidays often announce the upsurge of fraudulent mass e-mails campaigns. Indeed, cybercriminals take advantage of this period, when vigilance can be particularly low, to launch phishing e-mails.
What are phishing and slamming?
Phishing is used by cybercriminals to obtain personal information in order to commit an identity theft.
In the world of phishing, slamming is a well-known variant that consists in encouraging domain names holders to renew their annuity with another registrar, by arguing the emergency and criticality of the concerned name’s loss. Concretely, this is an e-mail pushing its recipient to contract an unsolicited service and to proceed to the payment of this latter without delay.
Thus, the slamming may take the form of a fraudulent renewal invoice, usually associated with intimidating terms like “Expiration notice”. Under the pressure of such e-mail, generally well built, it happens that the recipient then proceeds to the payment and finds himself debited with an important amount for the so-called renewal.
In the same way, the slamminge-mail may also indicate that a “customer” of the sender, posing as a fake registrar, intends to register domain names identical or similar to your brand. Then the fraudster proposes to register them for you in order to protect you from these troublesome registrations, of course, in exchange for an urgent payment.
Another kind of attack, the suspicious e-mail attachment!
Be careful of fraudulent e-mails with infectious attachments: a single entry point is enough to destroy a network!
The aim of a trap and thus malicious attachment is to pose as a legitimate file (PDF, Word document, JPG image…), while hosting and hiding a malicious code: this is what we generally call Trojans.
Some simple rules to protect against them
Always stay alert when someone asks you your personal data;
Do not ever open an attachment from an unknown sender, or from one who is not entirely trustworthy;
Check the links by hovering the cursor over them (without clicking) to ensure that they link to trustworthy websites;
Never reply under the pressure of this kind of solicitation and of course do not proceed to any payment;
If there is any doubt, do not reply to the e-mail and contact the sender through another method who will confirm whether it really is a fraud attempt or not.
To remind you of this more often, you can find a wallpaper to download on the Nameshield website:
Google and Yahoo recently announced significant changes to their e-mails authentication requirements. The aim of these adjustments is to strengthen the security of online communications, a major issue in the current context of cybercrime.
The two giants are emphasizing the adoption of advanced authentication protocols, in particularDMARC (Domain-based Message Authentication, Reporting, and Conformance). DMARC relies on the existing SPF and DKIM standards, providing a robust method for verifying e-mails’ authenticity and reducing the risk of identity theft and phishing.
To implement these new requirements, Google and Yahoo will adjust their algorithms to give priority to e-mails from domains that have correctly implemented DMARC. The aim of this measure is to improve the deliverability of authenticated e-mails, reinforcing users’ trust in the security of their e-mail inboxes.
The new guidelines will apply from February 1, 2024 to all senders who send more than 5,000 emails per day. They underline Google and Yahoo’s commitment to fight against online threats, in particular phishing, a common method used by cybercriminals to deceive users and gain access to their sensitive information. By adopting stricter e-mails authentication requirements, these companies are strengthening users’ protection against malicious attacks.
It is now essential for domains holders and players in the digital world to comply with these new guidelines, in order to contribute to the creation of a safer and more secure Internet for all.
In the world of websites and domain names, it is common to want to redirect the use of a domain name to another – e.g. in the address bar of a browser – to access a website. For example:
Redirect a-great-website.com to www.a-great-website.com
Redirect www.to-be-redirected.com to www.a-great-website.com
However, it is not always easy to understand how all of this works, nor how to configure these redirects. Do I have to configure redirection at DNS level? At my web server level? Both? One or the other?
The purpose of this article is to detail the distinction between DNS «redirect» and HTTP redirect, and to present how these two protocols work together.
In the rest of the article, we will not distinguish between HTTP and HTTPS (HTTP protocol secured by a certificate). Everything that is said here is valid for both.
Understanding the difference between DNS and HTTP
DNS and HTTP are two internet protocols that are both essential to the proper functioning of the web, but do not have the same purpose.
Let’s take the example of a user who wants to access blog.nameshield.com. He enters blog.nameshield.com in the address bar of his favorite browser.
Before the browser can send a request to obtain the content of the website’s home page, it must know to which IP address it must send the request. This is where DNS comes in. The browser sends a DNS query (using DNS protocol) to a resolver: «Give me the IP address associated with blog.nameshield.com». It gets back an IP address (81.92.84.102) configured on an authoritative DNS server. We’re talking about the resolution of the blog.nameshield.com domain name.
The browser can then send the HTTP request (using HTTP protocol) to the HTTP server (or web server) whose IP address it has just obtained: «Give me the content of the web page blog.nameshield.com». In return, it receives the content of the page to display.
The DNS protocol offers types of records that allow to «redirect» one domain to another: especially the CNAME type. Although DNS “redirect” is easily referred to, the term “alias” is more appropriate. Strictly speaking, this does not redirect, but indicates that the domain we are resolving is an alias of another domain. You must then resolve this other domain to obtain the IP address you are looking for.
Let’s say we want to create a redirect from www.to-be-redirected.com to www.a-great-website.com. If we configure the DNS zone of to-be-redirected.com with a CNAME record of this type: www.to-be-redirected.com CNAME www.a-great-website.com, that basically means : “You want to know the IP address associated with www.to-be-redirected.com? Well, look for the one associated with www.a-great-website.com and you’ll get your answer.” Another DNS query will be sent to resolve www.a-great-website.com and obtain the IP address. The browser will have the IP address of the HTTP server we are interested in (the one hosting the website www.a-great-website.com), but this will not change the content of the HTTP request sent by the browser: “Give me the content of the web page www.to-be-redirected.com”.
You may notice that the HTTP request sent by the browser contains the name of the website (or host – here www.to-be-redirected.com) that you want to access. Indeed, a single server (and therefore a single IP address) can host dozens of different websites. It will only respond positively to HTTP requests containing a host for which it is configured. Knowing the IP address of the web server is not enough, one must also address an HTTP request to which it is able to respond. Sending a request http://www.to-be-redirected.com to some server configured only to respond to http://www.a-great-website.com will not work!
The HTTP protocol also offers a redirection system (here it is the appropriate term). An HTTP server can be configured to redirect one host to another. For example, if it receive HTTP requests “Give me the content of the web page www.to-be-redirected.com.”, it will answer “This resource is redirected to http://www.a-great-website.com.” Then the browser will repeat the following steps:
DNS lookup of www.a-great-website.com
Send a request http://www.a-great-website.com to the IP address obtained
Display the web page obtained
How to make DNS and HTTP redirects work well together?
Let’s recap:
DNS is used to resolve a domain name to obtain an IP address.
HTTP requests are sent to an IP address, and contain the host of the website you want to access.
HTTP servers can return different contents depending on the host present in the request: a web page they host, a redirect for which they have been configured, or an error if the host is unknown to them.
So, to make a redirect work correctly (still using the same example), you must have:
A DNS record in the to-be-redirected.com zone to associate the www host with the IP address of a web server…
…web server on which a redirect from http://www.to-be-redirected.com to http://www.a-great-website.com must be configured.
How Nameshield can help you
Nameshield offers an HTTP (and HTTPS) redirect service that simplifies the configuration of these redirections, which you can use from the moment Nameshield is the DNS provider of your domain to be redirected. Simply go to the technical configuration interface of your domain name, then in the tab «HTTP redirections». You can then create a new redirect on the host of your choice, specifying various parameters (such as the repercussion of directories and query parameters). Our system will then automatically:
Update the DNS zone to add records (A/AAAA or CNAME depending on the host) to point to the IP address of the Nameshield HTTP redirect server. In the zone configuration interface, a dedicated icon makes it easy to distinguish these automatically added records.
Configure a new redirect on our HTTP server (with an anycast architecture if you have a premium offer) according to the requested parameters.
Your redirect is then operational, you have nothing more to do. No changes are necessary with your web hosting provider.
If you want to change the destination of an existing HTTP redirect, you just have to modify the existing redirection from the same interface (no need to delete it and then to create a new one). No changes are expected on the DNS, since the host already points to our HTTP redirect server. Our system will modify the HTTP server configuration, and your new redirect will be effective in a few minutes.
If you have any questions about this article, please contact your customer support team.
In October 2023, Afnic, the French Association for Cooperative Internet Naming, which manages the .fr domain, carried out a survey on the perception of .fr among 502 tradespersons, retailers or VSE/SME managers selected on the basis of company size. Here are the results of the survey:
For 70.9% of French VSEs and SMEs, the .fr extension is spontaneously cited, that’s 6.2 points more than in 2022, ahead of .com (69.1%) and .org (20.5%).
61% of French VSEs and SMEs consider that .fr has a very good reputation (that’s 11 points higher than .com) and 38% consider it to have a fairly good reputation.
And finally, for 88% of French VSEs and SMEs, .fr is perceived as the extension that enables them to promote French expertise in France and abroad.
For more information and to register your .FR domain name, don’t hesitate to contact a Nameshield consultant.
From 21 to 26 October, Hamburg in Germany, hosted the 78th ICANN Summit, the Internet’s regulatory body. Hamburg, the connected city par excellence and Germany’s leading intelligent city, succeeds Berlin as the second German city to host such a summit. Berlin hosted ICANN2 in 1999. This 78th edition brought together more than 1,600 participants from 175 countries and territories. It also marked the 25th anniversary of ICANN and the 20th anniversary of the Generic Names Supporting Organization (GNSO), the body responsible for policies applying to domain names in generic extensions.
ICANN faces new challenges
“On 30 September 1998, ICANN was incorporated as a private, not-for-profit organisation in the State of California”. With these words, Tripti Sinha, the Chair of ICANN’s Board of Directors, began a dense speech at the Welcome ceremony of ICANN78. She reminded us that most of today’s Internet tools, including smartphones, have been developed and launched during this period, and that while “25 years is not much”, “the world has changed remarkably” in the meantime. Today, it is the context of wars and technological transformations, in particular “artificial intelligence and quantum technology”, that constitute major challenges for the multiparty model. To these can be added alternatives to domain names that use the DNS, such as blockchain domains, which are outside the scope of ICANN. These were highlighted at ICANN78. Their protagonists like to call them “domain names”, while others would like to differentiate them by talking about “wallet domains”. ICANN’s interim President, Sally Costerton, made a point of emphasising the word “trust” in her introductory speech. “Trust is a fragile thing” she said, “difficult to build and easy to lose”.
On the subject of trust, Sally Costerton pointed out during the ICANN Board’s question and answer session that significant progress has been made on a number of important issues since her appointment in December 2022. In March of this year, for example, the first international Universal Acceptance Day was held, or how to make the Internet more inclusive and thus closer to the way its users use it. At the ICANN76 summit, also in March, the next series of new generic extensions was confirmed. More recently, the Registration Data Request Service (RDRS), a prototype of the future System for Standardized Access to Domain name registration data (SSAD) for legitimate requests, was launched. And the year 2023 will have seen a concrete proposal to strengthen the means of combating abuse of the DNS after years of fruitless exchanges. A proposal to revise the contracts of registry operators and registrars is currently being put to a vote by the parties concerned, with adoption expected between December 2023 and January 2024.
Registration Data Policy: Let it go let it go
The fact that ICANN represents numerous sensibilities whose interests are often divergent, but also that it operates with consensus as its totem, partly explains why the finish line is often far removed in time from the starting line. The Registration Data consensus Policy has not escaped this reality. This policy is intended to replace a Temporary Specification implemented as a matter of urgency on 17 May 2018, eight days before the General Data Protection Regulation (GDPR) came into force thus to integrate the GDPR requirements into the DNS ecosystem. The Registration Data Consensus Policy is the culmination of phase 1 of a Policy Development Process (PDP) initiated on this occasion. While a final report with a view to its implementation was issued at the beginning of this year, it was ICANN78 that enabled the implementation review team work to be concluded. The blocking point on the wording relating to the deadlines granted to operators to deal with urgent requests for access to registration data in the event of law enforcement, could be removed. The policy, which now has a permanent framework, will now be implemented by the parties concerned, registry operators and registrars.
The next round of new generic extensions
The next round of new generic extensions remained another major topic of this edition. While ICANN is now putting forward the date of April 2026 for the next application window (editor’s note: the previous window took place between January and April 2012), ICANN78 highlighted the progress made in implementing the recommendations arising from the Policy Development Process known as “PDP Subpro” (editor’s note: Subsequent Procedures). Earlier in March, some thirty recommendations had not been adopted by the ICANN Board and had been referred to the GNSO for clarification. Thanks to the work of a Small team, 12 additional recommendations have just been adopted by the ICANN Board, bringing the total number of adopted recommendations to 104. 13 remain in the balance and 7 have been rejected. For the latter, we will now have to assess their impact and consider remedies. The implementation team can therefore make progress on just over 80% of the recommendations arising from the Subpro PDP. The revised guide for future applicants is progressing in line with initial forecasts with at least 18 months to go.
The issue of closed generic extensions and diacritical letters
Considered but not proposed due to a lack of consensus in 2012, then discussed for five years, the topic of closed generic extensions was relaunched in 2022 with a view to a new series of generic extensions. In practice, they would allow organisations under certain conditions to use a generic term (editor’s note: for example .CHARITY) with the same rights as a brand extension. Access to the extension to create new domain names would therefore be very restricted. A year ago, a discussion group comprising the Governmental Advisory Committee (GAC), which represents governments, the At-Large Advisory Committee (ALAC), which represents end-users, and the GNSO was set up to try to address this issue. Last July, they proposed a framework detailing the many aspects to be considered to introduce this new type of extensions. However, at the end of their work, each body sent a separate letter to the ICANN Board of Directors, proof that their positions remained far apart. Barring any surprises, there should therefore be no closed generic extensions in the next round.
Québec, whose .QUEBEC was integrated into the DNS root in April 2014, has also invited itself into the discussions concerning the next series of new generic extensions. In 2012, Québec announced its wish to obtain .QUEBEC as well as .QUÉBEC. Although in the end they only applied for the non-accented version, they had hoped to be able to use .QUÉBEC as well. They were not granted this right because of a risk of similarity. ICANN78 highlighted the fact that perceptions remain different depending on whether or not .QUÉBEC is a variant of .QUEBEC. The pronunciation for French speakers is the same, but the presence of a diacritical letter (editor’s note: letters to which signs such as the acute accent, the grave accent, the circumflex accent, the umlaut are added) makes encoding in ASCII characters different and technically feasible. While their request has little chance of success, it has also served to focus attention on important issues for registry operators, where the answers provided are often ill-suited to their needs.
ICANN78 was ICANN’s last annual summit. All eyes now turn to 2024. A new year is approaching, which may or may not see the conclusion of contractual amendments to registry and registrar contracts, with specific obligations to remedy malicious use, the continuation of implementation work on the next series of generic extensions, the likely launch of an ICANN holistic review or even the prospect of the scheduled Sunset of the Whois protocol in early 2025.
For Europeans and companies operating on European territory, it is the NIS2 directive that will crystallise all attention, as it must be transposed into the national laws of the Member States by October 2024. On this subject, ICANN representatives indicated at the traditional closing Public Forum that the policies for generic extensions are not “in contradiction with the NIS2 directive and that the parties concerned have the latitude to implement measures to comply”. The European Top Level Domain Information Sharing and Analysis Center (European TLD ISAC) is to be commended on this point, as it will be a useful relay in implementing the NIS2 Directive in the domain name industry.
Nameshield, an independent European company that has been ISO 27001 certified since 2017, will comply with the directive and will be keen to help its customers to comply. Nameshield also has the expertise to manage your projects for new generic extensions.
Finally, in terms of leadership, the GNSO, the body responsible for generic extensions, now has a new Council team appointed at ICANN78, while ICANN Org will be appointing a new president in 2024. See you next year.
Google enriches its catalog as a registry and launches two new extensions: .ING and .MEME.
Launch of .ING
With .ing, unleash your creativity and put your domain names into action: design.ing, writ.ing, lov.ing, eat.ing…
.ING launch schedule
Sunrise phase: from 20/09/2023 to 24/10/2023
Phase reserved for holders of trademarks registered in the TMCH.
Early Access Period (EAP): from 31/10/2023 to 05/12/2023
Anyone can register available domains in .ing for an extra fee, which decreases leading up to General Availability.
General availability: as of 05/12/2023
Registration of .ing domain names is open to all, on a “first come, first served” basis.
Launch of .MEME
Funny and easy to share, “memes” are phenomena that have been massively reproduced and adapted, and are driving the web today. With .meme, use the codes of web culture for your online presence.
.MEME launch schedule
Sunrise phase: from 20/09/2023 to 24/10/2023
Phase reserved for holders of trademarks registered in the TMCH.
Limited Registration Period(LRP): from 31/10/2023 to 28/11/2023
Reserved for content creators specializing in the creation and distribution of Internet memes.
Early Access Period (EAP): from 28/11/2023 to 05/12/2023
Anyone can register available domains in .meme for an extra fee, which decreases leading up to General Availability.
General availability: as of 05/12/2023
Registration of .meme domain names is open to all, on a “first come, first served” basis.
If you have any questions about registering your .ING or .MEME domain name, please contact your Nameshield consultant.
It’s now a project to open .TR live. The allocation of .TR will be carried out according to a defined schedule with categories under a process called “a.tr Transition Process“:
BTK announces the opening according to these 3 categories:
CATEGORY 1: since 14/09/2023 for a period of 2 months (end of period November 2023):
In this category, priority is given to holders of domain names with the extensions .gov.tr, .edu.tr, .tsk.tr, .bel.tr, .pol.tr and .k12.tr respectively.
For example, for the domain name turkiye.tr, the holder of the domain name turkiye.gov.tr has the right of priority allocation.
CATEGORY 2: from November 2023 to February 2024
In this category, priority will be given to holders of domain names with the “org.tr” extension assigned before 25.08.2023.
The category will be given priority to the following institutions (holder of .org.tr):
Professional organizations that are public institutions,
Public interest associations and foundations benefiting from tax exemption,
Professional organizations of employees or employers.
CATEGORY 3: the date has not yet been announced, but we can deduce that it will be from February 2024.
In this category, holders of domain names under these extensions will have priority: .com.tr, .net.tr, .gen.tr, .web.tr, .info.tr. For this last category, the rules have not yet been defined.
We will keep a close eye on future announcements of the registry and will keep you informed as soon as we have more precise dates for the last category. Please note that the dates of the different periods can be modified if necessary.
Nameshield wishes to use cookies to ensure the proper performance of the website and, with our partners, to monitor its audience. More information in our Cookie Policy 🍪.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-advertisement
1 year
Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent
1 year
Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Cookie
Duration
Description
_ga
2 years
The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_25904574_14
1 minute
Set by Google to distinguish users.
_gid
1 day
Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Cookie
Duration
Description
NID
6 months
NID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.