Home / Blogs

How to Prepare for the Day When Your Domain(s) Are Misbehaving

Chris Griffiths

For a number of years, there have been many different high profile incidents where major websites were defaced, taken offline, or crippled due to issues related to their domain registration. Last night, there was an incident where several high profile domains went offline due to issues at their registrar, and they are now coming back online after what I am sure was a few crazy hours for their operations teams and management. (Network Solutions released a statement Thursday afternoon that the attack wasn't malicious.)

Whether through social engineering hacks, defacements, or through operational errors, managing domain portfolios needs consistent management, and a well thought out plan to deal with worst case scenarios. I have spent a number of years designing for these worst case scenarios for many large domain portfolios, and I wanted to provide some high level guidance for domain owners and administrators on how to effectively prepare for such incidents.

Ensure That Your Organization Has A Well Thought Out Plan To Deal With A Domain Failure

Domain failures do happen whether from human error, hijacking, etc. Ensuring that the domain owners' organization has a plan to deal with a failure is critical, and this plan should be shared with the proper areas of the organization so everyone knows how to react when an issue comes up. I would also recommend reviewing this plan yearly at minimum in order to ensure that all people and processes are in alignment with the plan and adjust it accordingly as things can and will change over time.

Know The Right People And Organizations To Contact

When an emergency hits, making sure you have the correct contacts for escalations is key. Whether it's your registrar or your DNS provider's contacts, or your internal teams and escalation points of contact, every minute counts when there is an outage. Make sure you have an updated contact list for anyone that can assist in restoring your domain(s) and services. Also, make sure that your registrar and DNS provider has your organization's contact information and escalation list.

Do Not Use A Single Person To Manage Your Domains

This may seem like a simple concept, but having one person who controls everything can lead to a single point of failure, and open your domains up to various failures when and if that person can no longer participate in the management of the domains. Instead, use a chain of custody for your domains by utilizing several layers of people to approve and implement changes. This allows for multiple people failures (people out on vacation, sick time, etc).

Connect With People And Organizations That Can Help

There are many great people and organizations that work in the domain and DNS industry. Make sure you connect with them so that when, and if, a situation arrives, you can reach out to them for assistance, and in turn, they may just reach out to you as well. They all hold meetings throughout the year and have active email lists that you can participate in. It is a great way to get to know people and companies in the industry, and the relationships you build may come in handy at some point: ICANN, NANOG, RIPE, DNS-OARC

By Chris Griffiths, VP, Labs for Dyn

Related topics: Cyberattack, DNS, Domain Names, Security

 
   
WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Promoted Post

Boston Ivy Gets Competitive With Its TLDs, Offers Registrars New Wholesale Pricing

With a mission to make its top-level domains available to the broadest market possible, Boston Ivy has permanently reduced its registration, renewal and transfer prices for .Broker, .Forex, .Markets and .Trading. more»

Industry Updates – Sponsored Posts

Radix Announces Largest New gTLD Sale with Casino.Online

2016 Year in Review: The Trending Keywords in .COM and .NET Domain Registrations

Global Domain Name Registrations Reach 329.3 Million, 2.3 Million Growth in Last Quarter of 2016

A Look at How the New .SPACE TLD Has Performed Over the Past 2 Years

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Neustar to be Acquired by Private Investment Group Led by Golden Gate Capital

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

MarkMonitor Supports Brand Holders' Efforts Regarding .Feedback Registry

Don't Gamble With Your DNS

8 Tips to Find Your Perfect .COM Domain Name

Why .com is the Venture Capital Community's Power Player

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Radix Launches Startup League at TechCrunch

Celebrating One Year of .online

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

Sponsored Topics