Download - Validation Dnp
-
8/3/2019 Validation Dnp
1/21
-
8/3/2019 Validation Dnp
2/21
+
What is domain name?
What is domain name system?
What is domain name protection?
-
8/3/2019 Validation Dnp
3/21
+Host name
IP Addresses are great for computers
IP address includes information used for routing.
IP addresses are tough for humans to remember.
IP addresses are impossible to guess.
-
8/3/2019 Validation Dnp
4/21
+
-
8/3/2019 Validation Dnp
5/21
+Purpose of the DNS
The purpose of the DNS is to enable Internet applications and their
users to name things that have to have a globally unique name.
The obvious benefit is easily memorizable names for things likeweb pages and mailboxes, rather than long numbers or codes. Less
obvious but equally important is the separation of the name of
something from its location.
Things can move to a totally different location in the network fullytransparently, without changing their name. www.isoc.org can be
on a computer in Virginia today and on another computer in
Geneva tomorrow without anyone noticing.
-
8/3/2019 Validation Dnp
6/21
+
In order to achieve this separation, names must be translatedinto other identifiers which the applications use to communicate
via the appropriate Internet protocols. Let's look at what
happens when you send a mail message to me at
[email protected]. A mail server trying to deliver the
message has to find out where mail for mailboxes at 'ripe.net'has to be sent. This is when the DNS comes into play.
The mail server transmits this question, called a 'query' in DNS
terminology to the DNS. Quickly it receives as answer:
ripe.net. 1800 IN MX 100 postman.ripe.net.
ripe.net. 1800 IN MX 150 postboy. ripe.net.
"Mail for 'ripe.net' should be sent first to the computer called
'postman.ripe.net'. If 'postman.ripe.net' is not available, try
'postboy.ripe.net'".
-
8/3/2019 Validation Dnp
7/21
+
The mail server will now make a connection with
'postman.ripe.net'. In order to do this it needs to know the
numeric Internet address for 'postman.ripe.net'. This numeric
address is sufficient to send Internet packets directly to the
computer called 'postman.ripe.net' from anywhere in the
Internet. Again the DNS is queried and it returns '193.0.0.199'.
postman.ripe.net. 172800 IN A 193.0.0.199
From here on, the mail server delivering your message can
directly communicate with the mail server that receives and
stores my mail for me to collect later on.
-
8/3/2019 Validation Dnp
8/21
+So how does this work?
Let us follow the DNS query starting from your computer. Yourcomputer knows the address of a nearby DNS "caching server"
and will send the query there. These caching servers are usually
operated by the people that provide Internet connectivity to you.
This can be your Internet Service Provider (ISP) in a residential
setting or your corporate IT department in an office setting. Your
computer may learn the address of the available caching servers
automatically when connecting to the network or have it
statically configured by your network administrator
When the query arrives at the caching server there is a good
chance that this server knows the answer already because it has
remembered it, "cached" in DNS terminology, from a previous
transaction
-
8/3/2019 Validation Dnp
9/21
+
So if someone using the same caching server has sent mail to
someone at 'ripe.net' recently, all the information that is needed
will already be available and all the caching server has to do is
to send the cached answers to your computer. You can see howcaching speeds up responses to queries for popular names
considerably. Another important effect of caching is to reduce
the load on the DNS as a whole, because many queries do not
go beyond the caching servers.
-
8/3/2019 Validation Dnp
10/21
+As a domain owner, one should be aware
of and protect themself against the
following three scenarios..1. Inadvertent domain expiration
The owner does not renew the name in time and it is snatched up by a
domain speculator. This is often caused by failure to receive renewal
notices because of out of date contact information.
Most registrars no longer send out renewal notices via postal
mail. This means that if your e-mail address is out of date, you will
not receive renewal notices. This problem is further compounded by
your registrar's inability to warn you that your domain is about to bedeleted.
Once deleted, domains are commonly snatched up within seconds
by speculators running automated programs. Some speculators
offer to sell them back to the original owners for greatly inflated
prices.
-
8/3/2019 Validation Dnp
11/21
+2. Domain hijacking or theft
A domain hijacker effectively 'steals' the domain by submitting
a fraudulent registrar transfer request and tricking an
unsophisticated domain owner or registrar into giving them
control of the name.
Once the hijacker has control of the name, they will usuallyassume ownership of the domain and start redirecting it to their
own web sites
At this point, legal options can be expensive and time
consuming. Since the domain has been transferred away from
the domain owner's original registrar, this registrar is often
powerless in assisting. Domain hijackers are aware of this and
commonly transfer domains to countries far away from the
original owner - making legal recourse cost prohibitive.
-
8/3/2019 Validation Dnp
12/21
+3. Inaccurate contact information
Your name can be cancelled if your domain information is not
accurate and you fail to respond to a registrar's inquiries within
fifteen days?
From October 2003, ICANN is requiring all registrars to contact
their customers on a yearly basis to verify domain information.
If your information has changed and you have not taken the
time to update it, your domains may be at risk of being
deleted.
-
8/3/2019 Validation Dnp
13/21
-
8/3/2019 Validation Dnp
14/21
+
How to protect ???
2. Be careful who is listed in your contact information.
You or your organization should always be listed as theorganization and administrative contact.
When registering corporate domain names, make sure that the
company name is listed as the owner of the domain. Do not
allow an outside web site designer or host to be listed as eitherthe domain owner or administrative contact. If possible, the
business owner or a senior executive should be listed as
administrative contact since this person will be authorized to
modify or change ownership of company domain names.
-
8/3/2019 Validation Dnp
15/21
+
How to protect ???3. Be careful when using free e-mail addresses
From services like Hotmail. Many free e-mail services will
automatically suspend or delete your e-mail account if you do
not log in frequently enough. Once your e-mail account isdeleted, a domain hijacker can sign up for your same e-mail
address and use it to give permission to transfer your domains
away from you.
If possible, avoid using a free e-mail address on your domain
records. If you are using a Hotmail account, you may want to
consider paying to upgrade your account to exempt you from
their inactivity policy.
-
8/3/2019 Validation Dnp
16/21
+
How to protect ???4. Place a registrar lock on your domain.
This will lock your domain record at the registry level and
prevent it from being transferred, modified or deleted by a third
party. This feature is very helpful in protecting your name againstunauthorized transfers and hijacking.
If your registrar does not offer this feature, consider transferring
your domains to one who does. Since a 'registrar lock' can also
make it more difficult for you to transfer away from a registrar,
you should look for a registrar that gives you the ability to
automatically unlock your domain names at any time without
having to call or e-mail them.
-
8/3/2019 Validation Dnp
17/21
+
How to protect ???
5. Do not reply (or click on any links) in any domain related
e-mail correspondence you do not recognize.
Also be careful not to reply to any 'official looking' renewalnotices you receive in the mail from companies you do not
recognize. Domain hijackers and unscrupulous registrars have
been known to submit mass amounts of transfers hoping that a
small percentage of confused registrants will accidentallyconfirm the transfers. When in doubt, contact your original
registrar to verify any suspicious messages.
-
8/3/2019 Validation Dnp
18/21
+
How to protect ???
6. Add your registrar's domain name to your spam filter's
approved sender list.
If you (or your ISP) are using a spam blocking service, yourun the risk of not receiving domain renewal notices from your
registrar if they are incorrectly categorized. You can prevent
this from occuring by adding your registrar to your list of
'approved senders'. This will automatically bypass any filteringand ensure that all renewal notices make it straight to your
inbox.
-
8/3/2019 Validation Dnp
19/21
+
How to protect ???
7. Consider renewing domain name early and for a longer
amount of time.
If your domain name is critical to your business and is one youwill want for years to come, consider renewing your domain
registration in five year increments. This will avoid yearly
registration hassles and prevent your domain from accidentally
expiring.
-
8/3/2019 Validation Dnp
20/21
+References..
http://www.betterwhois.com/domainhijacking.htm
http://www.isoc.org/briefings/016/
http://laughingsquid.com/the-importance-of-dns-the-
internet-domain-name-system/
-
8/3/2019 Validation Dnp
21/21
+
TU