Trust, credibility, and safety in the .nz domain name space will continue to be a community issue this year. There will be threats and risks to the security and stability of the .nz domain namespace. We need to prevent that through ongoing coordination and collaboration with other trusted agencies.
While most market participants can agree on the need for a strong .nz that doesn’t harbour bad actors, opinions differ on who, how and what measures should be taken in the .nz domain name space to combat domain name abuse.
In the coming weeks, InternetNZ’s .nz policy review panel will be releasing its .nz policy issues paper. It will be a chance for the local Internet community to express their views on how we tackle some of the issues.
Here at DNCL, we will do some thinking on the mechanics of DNS-based enforcement action in the areas of domain name suspensions and stronger dispute resolution mechanisms to contribute to that review. In the meantime, we will continue to use our data validation process to suspend domain names with fake registration details.
To start the year off, the Commission will be supporting the work of NetSafe and participating in Safer Internet Day, by spreading online safety messages and promoting the reporting of any suspicious domain name registrations to firstname.lastname@example.org.
We are also looking forward to our annual meetup with New Zealand’s technical community at the New Zealand Network Operators Group annual meeting 29 - 31 January. In particular, the workshop by Internet pioneer Dr Paul Vixie on threat hunting using passive DNS should bolster our in-house technical skills.
Here’s to a great and safe start to the year.
#ShopSafeNZ campaign review
Between November and January, the Domain Name Commission ran a campaign aimed at educating New Zealanders about potential fake webshops features consumers can look out for to keep themselves safe online.
The Commission would like to thank 12 founding agencies who partnered with the DNCL to bring online safety measures to a wider audience. To anyone that reshared information, distributed and engaged with the campaign, we appreciate your help.
Just a few campaign's highlights:
12 organisations partnered with DNC to spread the word
we've built six gingerbread houses with DNC and InternetNZ teams and delivered 500 gingerbread biscuits to our partner organisations, to add some ginger and sugar power to the campaign
1557 unique visitors landed on fakewebshop.nz page
people found over 1200 pop-up windows on the website with tips about safer online shopping
the campaign was mentioned in 2 media articles
over 38 days of the campaign, our #ShopSafeNZ tweets have got 1.1k impressions a day.
Hopefully, we can make the 2020 campaign even better!
Call for DRS representatives
As part of the co-design process of the dispute resolution service (DRS), the Domain Name Commission has been asked to publish a list of parties that are able to assist complainants/ respondents during there use of the service.
We are currently calling for expressions of interest (EOI) to be added to a list of providers.
If you receive one of phishing emails associated with a .nz domain name please report it to email@example.com.
Data verification and validation
The Domain Name Commission is currently increasing its verification of .nz registrant information. We will be contacting some .nz registrants to verify their registration details. Registrants that do not validate their information when contacted will have their domain name suspended and locked as this is a breach of .nz policy.
If your client contacts you about this, please refer them to firstname.lastname@example.org.
As previously communicated, the Domain Name Commission will continue to send affected registrars a monthly list of domain names cancelled for compliance reasons. These domain names will also be locked and in pending release status, before being released on a first-come, first-serve basis.
The monthly list of cancellations is a useful tool for registrars internal process improvements.
Information for health sector domain name registrants
Following the end of service from the existing provider, the .health.nz DNS managed by the Ministry of Health is moving to the same secure platform currently used for government domain names.
We received a number of inquiries about the provision of UDAIs via Twitter and our contact centre. UDAI is a key used to make changes on a domain name or transfer the management of a domain name to another registrar.
Registrants typically want it when they are changing service providers. UDAIs only last for 30 days for security reasons. Registrants with domain names licensed for more than one month will often need a new UDAI.
The UDAI is sent to a registrant’s email contained in the registration record. If this email belongs to a web designer, a former staff member, or IT contractor, the provision of a UDAI is much harder. Getting one will involve a lot of back and forth emails between registrars, resellers, registrants and the DNCL.
To avoid delays with renewals and transfers, registrants should always have control over the email address listed in their domain name registration record. That way UDAI requests are much more straightforward and changes to a domain name record can happen much faster.
The Domain Name Commission has completed its end of 2019 review of the wholesale and retail pricing for .nz domain names. The results of our review have been added to our pricing table available at https://dnc.org.nz/registrars.