SIDN Labs annual review 2024: our top 10 results
New insights and technologies that make the internet more secure
Chose your color
Frequently visited
Frequently asked questions
The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.
On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.
To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.
To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.
When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.
One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.
Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.
Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.
Domain names
New insights and technologies that make the internet more secure
The original blog post is in Dutch, this is the English translation of it.
Authors: the SIDN Labs team
At the end of each year, we produce a report on the main results achieved by SIDN Labs during the preceding 12 months, for the benefit of the users, registrants and registrars of .nl domain names, and for the wider internet community in the Netherlands. In this review of 2024, we distinguish between 2 types of research results. First, those that provide policymakers and others with new insights into the security of the internet. We've labelled those results with an 'I'. Second, results relating to the development of new technologies and the improvement of internet security, which are useful mainly to people such as DNS and network operators. Those results are labelled 'T'. Links to related blogs published during 2024 are provided for anyone who wants to read up on the technical details. The review ends with a brief summary of our plans for 2025. If you've got any feedback, we would (as always) love to hear from you.
Table 1. Our main results in 2024 (with links). Within each column, results are listed in roughly chronological order, with the earliest results first.
In partnership with NLnet Labs, we undertook a contract research project for the root server operators Verisign and ISC. The assignment was to independently verify measurements made by ICANN, apparently indicating that the root server system often failed to achieve the required level of availability.
Our measurements showed that the problems were to a large extent attributable to ICANN's measurement platform, or to the network path between that platform and the root servers. We also identified and fixed a bug in the measurement software, which made the root servers' response times appear poorer than they actually were. The root server operators were pleased with the project outcome.
This was our third study of the security and stability of the DNS root, and it emphasised that we are now regarded as experts in this field. Last year, ICANN commissioned us to investigate how re-naming the root servers was likely to affect name servers and resolvers.
The BGP (Border Gateway Protocol) is used to route data from A to B across the 75,000-plus networks that together make up the internet. The security of the BGP is vital to the entire internet, including core systems such as the DNS. Unfortunately, however, the existing technologies used to increase BGP security don't resolve all the problems with the protocol. In 2024, we therefore added BGP security to our research portfolio.
We developed a research agenda for BGP security and built up our collaboration with the University of Twente in this field. For example, we teamed up with the university to demonstrate that the internet has a longstanding problem with 'serial hijackers': networks that persistently seek to divert traffic intended for other networks to themselves. We also showed that the networks on the paths between critical infrastructure operators in the Netherlands and Microsoft's popular mail service don't always use an important security technology called 'route origin validation'. Finally, we investigated which routing implementations support BGPsec, and how we could set up a local BGPsec testbed for experimental use. We'll be sharing our findings in a blog early in 2025.
We investigated the resilience of the DNS infrastructures of 700 organisations and 6.2 million .nl domain names for the benefit of policymakers, CTOs and others. The project involved testing the relevant domains' public DNS servers to see whether 3 proven measures for boosting availability were in use. The measures we looked at were distribution of the DNS servers across multiple networks, use of multiple IP prefixes, and use of anycast.
Our results show that most organisations in the Netherlands are already using the measures, but that there's still room for improvement – in the hospital sector, for example. We've made our test software available as open-source code, so that other organisations can check their own DNS resilience. Our findings were also presented at the ECP Annual Festival.
In collaboration with the registries for Belgium's .be domain and Ireland's .ie domain and 4 universities (Twente, Delft, Leuven and Grenoble Alps), we published a peer-reviewed article reporting a joint study of the evolution of phishing attacks in .nl, .be and .ie. Carried out in the latter part of 2023, the supporting research involved the analysis of 28,754 phishing reports issued by the security service provider Netcraft in the period 2013 to 2023. We also compared the registration and mitigation policies for .nl, .be and .ie, as input for the possible acceleration of phishing mitigation for .nl.
We went on to present the study's results at several gatherings of the operator community (e.g. RIPE, DNS-OARC and CENTR meetings) and at ACM Computer and Communications Security – a renowned academic conference, for which our paper was accepted.
We analysed DNS data to assess the effectiveness of EU sanctions against news outlets such as Russia Today. The work was undertaken in collaboration with teams from the University of Twente, the University of Illinois at Chicago, the Open Observatory of Network Interference and the University of Amsterdam.
Our findings were summarised in a peer-reviewed paper, which one of our partners presented at a conference called Free and Open Communications on the Internet. The study was a multidisciplinary effort, in which internet measurements were used in combination with expertise in fields such as European and media studies. It also illustrates how internet measurements can support policy evaluation, in this case the evaluation of EU policy.
We made an empirical evaluation of the impact of post-quantum cryptography (PQC) on the DNS using a testbed we developed called Post-quantum Algorithm Testing and Analysis for the DNS (PATAD). (In Dutch, the acronym is a light-hearted wink at a PQC algorithm known as MAYO.)
One of the important milestones we passed this year was making our testbed software available as open-source code, so that other DNS researchers and operators can experiment with the use of PQC algorithms in the DNS (to assess their performance, for example). The software includes extensions for the integration of 3 PQC algorithms (MAYO, Falcon and SQISign) within PowerDNS resolvers and authoritative DNS servers, for use in DNSSEC. It also supports the systematic and dynamic set-up of realistic DNS topologies, with features such as a root and top-level domains like .nl. Before releasing the software, we performed various experiments in our testbed, including a comparison of the signing of several zone files using 2 PQC algorithms (MAYO and Falcon) and 2 traditional algorithms (RSA and ECDSA). We'll be sharing more information about the project early in 2025.
Autocast ('automation of anycast') is a dashboard concept for DNS operations teams such as SIDN's. It makes automated recommendations about interventions such as enabling or disabling anycast nodes or sites on the basis of much more detailed data than that used by traditional monitoring systems, including country, region and round-trip time. The input data used by Autocast is active and passive internet measurements from ENTRADA and Verfploeter.
We improved insight into the round-trip times of .nl queries using ENTRADA data, and we worked with SIDN's DNS team to perform active daily measurements from .nl's production name servers. The results shed additional light on .nl's status within the DNS, and provide extra data to guide the further optimisation of .nl's name server location.
Next year, we'll open-source the Autocast dashboards and the supporting data model as an ENTRADA extension. A blog about the project is planned for early 2025.
The RESTful Provisioning Protocol (RPP) is a standard for a new domain name registration API, whose development we initiated. As well as being easier for registrars to use than the traditional EPP, RPP will help domain registries by increasing scalability and improving performance and security. Being stateless, RPP is also a better fit with modern software engineering technologies such as containerisation and Kubernetes. The project is a restart of a 2012 initiative. (That's not a typo!)
At IETF121 in Dublin, we hosted a successful 'Birds of a Feather' meeting with engineers interested in RPP, including people from fellow European registries. Sufficient consensus was found to start a new IETF working group, for which we're now devising a charter with the wider community. We'll be helping to draft the protocol in 2025.
Registration Checker (RegCheck) is a machine learning system that assigns risk scores to new domain name registrations, so that potentially malicious domain names (e.g. names intended for phishing sites) can be identified at the time of registration. The system's output is then used by SIDN's support team for more proactive investigation, such as registrant checks. RegCheck also dovetails with the NIS2 Directive, which will require registries to monitor domain name registrations more closely.
During the year, we switched to a new classification algorithm based on decision trees. We also made the dashboard more user-friendly and interfaced RegCheck with Dynamics, so that SIDN's support team can use RegCheck scores to initiate registrant checks more promptly. Finally, we modernised and automated the rollout and training of RegCheck using techniques such as containerisation, so that it's suitable for use on any modern computing platform.
The DDoS Clearing House is a platform for essential and other service providers (e.g. banks, ISPs and government bodies) to continuously share information about DDoS attacks with each other in the form of 'DDoS fingerprints'. Recipients can then use the fingerprint data to inform their own defensive preparations.
In April, the Dutch National Anti-DDoS Coalition (NL ADC) adopted the DDoS Clearing House for production use at NBIP. Over the last few years, we've led the underlying research and the development of the Clearing House, working closely with SURF, the University of Twente and other partners. Our article about the DDoS Clearing House was accepted for the respected peer-reviewed technical journal IEEE Communications Magazine. A new NL ADC Intel and Attribution Working Group will use DDoS fingerprints for intelligence and attribution purposes.
As well as undertaking research, we contribute to the safety of the internet infrastructure by sharing our expertise through internet expert groups and university research teams, for example. Our team members' various contributions in 2024 are listed in Table 2.
Table 2. Community contributions made by SIDN Labs in 2024.
Role | Team member | Research partner / organisation |
---|---|---|
Technical expert | Maarten en Marco | RPP Working Group, IETF |
Caspar, Elmer, Ralph | PQC in DNS, IETF | |
Marco | Internet.nl | |
Thijs | SIDN Fund | |
Moritz | ICANN RSSAC caucus | |
Cristian | Cyber Security Council (representing the scientific community) | |
Working Group Co-Chair | Moritz | DNS Working Group, RIPE |
Thymen | R&D Working Group, CENTR | |
Embedded researcher | Giovane | Delft University of Technology |
Moritz, Cristian | University of Twente | |
Ralph | University of Amsterdam | |
Lecturer | Giovane | Delft University of Technology |
Cristian | University of Twente | |
PhD supervisor | Moritz en Cristian | University of Twente |
M.Sc. supervisor | Moritz, Ralph, Caspar and Thymen | Radboud University (students: Damianos and Alessandra), University of Amsterdam (Lisa) and Universität Münster (Pascal), TU Delft (Nathan) |
Lisa Bruder joined our team in November. Having read Security and Network Engineering at the University of Amsterdam, Lisa did her thesis research under the supervision of Ralph and Moritz. We're very pleased to have her on the team.
Our research plans for 2025 are outlined below in relation to our 3 research lines: domain name security, infrastructure security and emerging internet technologies. For 2025, we also have a new work field: research infrastructure operations, which will involve activities relating to the management and continuous improvement of our research network.
We plan to continue developing Autocast by adding an Observability Dashboard to an Anycast Control Centre for SIDN's DNS team and similar teams elsewhere, to facilitate tasks such as improving anycast platform catchments. In relation to BGP security, we'll be investigating how we can increase the resilience of the RPKI. To that end, we'll measure the connectivity of the publication points and evaluate best common practices, for example. In connection with NTP, we plan to study the (in)accuracy of existing internet time synchronisation, about which good information is currently lacking. Another focus will be the further specification and testing of RPP, with a view to addressing the problems associated with EPP's scalability.
In 2025, we plan to build on the success of RegCheck and our first foray into representation learning by using DNS query information to enhance RegCheck. We'll also investigate the scope for using information from our DMAP web crawler to speed up the identification of phishing sites and other malicious websites. A follow-up to our phishing study is in the pipeline too, this time taking in .eu and .br as well as .nl .ie and .be. Finally, we intend to build up internal collaboration with the Business & Support Department by carrying out a joint study of domain name cancellations.
In partnership with SURF and the University of Twente, we'll carry out tests to identify any new but as yet unstandardised PQC algorithms that could be suitable for DNSSEC, with a view to feeding the findings back to NIST and the wider community. To support that work, our PATAD testbed will be extended. The results and the associated analysis are to be published in 1 or more peer-reviewed papers or tech reports.
We're planning to relocate our research infrastructure to the Nikhef research institute in Amsterdam. The move has various advantages, including an AS of our own, which we can use to independently install and experiment with BGPsec software. The DNS query data we use for our research will be stored at SURF, the operator of the Netherlands' research and educational network. We'll make the data accessible on our servers at Nikhef via a high-speed link with SURF.
We'd like to thank all our SIDN colleagues and our research partners in the Netherlands and beyond for working with us to achieve so much in 2024, and we look forward to further fruitful collaboration in 2025.
The SIDN Labs team
Article by:
Share this article