Home / Blogs

How to Prepare for the Day When Your Domain(s) Are Misbehaving

Chris Griffiths

For a number of years, there have been many different high profile incidents where major websites were defaced, taken offline, or crippled due to issues related to their domain registration. Last night, there was an incident where several high profile domains went offline due to issues at their registrar, and they are now coming back online after what I am sure was a few crazy hours for their operations teams and management. (Network Solutions released a statement Thursday afternoon that the attack wasn't malicious.)

Whether through social engineering hacks, defacements, or through operational errors, managing domain portfolios needs consistent management, and a well thought out plan to deal with worst case scenarios. I have spent a number of years designing for these worst case scenarios for many large domain portfolios, and I wanted to provide some high level guidance for domain owners and administrators on how to effectively prepare for such incidents.

Ensure That Your Organization Has A Well Thought Out Plan To Deal With A Domain Failure

Domain failures do happen whether from human error, hijacking, etc. Ensuring that the domain owners' organization has a plan to deal with a failure is critical, and this plan should be shared with the proper areas of the organization so everyone knows how to react when an issue comes up. I would also recommend reviewing this plan yearly at minimum in order to ensure that all people and processes are in alignment with the plan and adjust it accordingly as things can and will change over time.

Know The Right People And Organizations To Contact

When an emergency hits, making sure you have the correct contacts for escalations is key. Whether it's your registrar or your DNS provider's contacts, or your internal teams and escalation points of contact, every minute counts when there is an outage. Make sure you have an updated contact list for anyone that can assist in restoring your domain(s) and services. Also, make sure that your registrar and DNS provider has your organization's contact information and escalation list.

Do Not Use A Single Person To Manage Your Domains

This may seem like a simple concept, but having one person who controls everything can lead to a single point of failure, and open your domains up to various failures when and if that person can no longer participate in the management of the domains. Instead, use a chain of custody for your domains by utilizing several layers of people to approve and implement changes. This allows for multiple people failures (people out on vacation, sick time, etc).

Connect With People And Organizations That Can Help

There are many great people and organizations that work in the domain and DNS industry. Make sure you connect with them so that when, and if, a situation arrives, you can reach out to them for assistance, and in turn, they may just reach out to you as well. They all hold meetings throughout the year and have active email lists that you can participate in. It is a great way to get to know people and companies in the industry, and the relationships you build may come in handy at some point: ICANN, NANOG, RIPE, DNS-OARC

By Chris Griffiths, VP, Labs for Dyn

Related topics: Cyberattack, Cybersecurity, DNS, Domain Names

 
   

Don't miss a thing – get the Weekly Wrap delivered to your inbox.

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

Verisign

Cybersecurity

Sponsored by Verisign
Afilias Mobile & Web Services

Mobile Internet

Sponsored by Afilias Mobile & Web Services
Afilias

DNS Security

Sponsored by Afilias

Promoted Posts

Now Is the Time for .eco

.eco launches globally at 16:00 UTC on April 25, 2017, when domains will be available on a first-come, first-serve basis. .eco is for businesses, non-profits and people committed to positive change for the planet. See list of registrars offering .eco more»

Industry Updates – Sponsored Posts

Global Domain Name Registrations Reach 330.6 Million, 1.3 Million Growth in First Quarter of 2017

.TECH Gets Its Big Hollywood Break

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Why the Record Number of Reverse Domain Name Hijacking UDRP Filings in 2016?

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

UDRP: Better Late than Never - ICA Applauds WIPO for Removing Misguided 'Retroactive Bad Faith'

The Rise and Fall of the UDRP Theory of 'Retroactive Bad Faith'

.PRESS Supports Press Freedom Day for 3rd Consecutive Year

Leading Internet Associations Strengthen Cooperation

5 Afilias Top Level Domains Now Licensed for Sale in China

Radix Announces Largest New gTLD Sale with Casino.Online

2016 Year in Review: The Trending Keywords in .COM and .NET Domain Registrations

Global Domain Name Registrations Reach 329.3 Million, 2.3 Million Growth in Last Quarter of 2016

A Look at How the New .SPACE TLD Has Performed Over the Past 2 Years

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Neustar to be Acquired by Private Investment Group Led by Golden Gate Capital

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service