Skip to main content
Shaping Europe’s digital future
Report / Study | Publication

Results of study on Domain Name System (DNS) Abuse

The study assessed the scope, magnitude and impact of Domain Name System (DNS) abuse, providing input for policy measures on the basis of identified gaps.

Browsing online. Man using smartphone with virtual blank search bar

iStock images - Prostock-Studio

The DNS

The Domain Name System (DNS) translates human-friendly domain names into numerical Internet Protocol (IP) addresses needed to route traffic across the Internet to the proper destination.

The EU’s Cybersecurity Strategy for the Digital Decade has described the DNS as one of the key parts of the core of the Internet. The European Commission’s recent legislative proposal on cybersecurity measures (the Proposal for NIS 2 Directive) has also highlighted that upholding and preserving a reliable, resilient and secure DNS is a key factor in maintaining the integrity of the Internet and is essential for its continuous and stable operation, on which the digital economy and society depend.

About DNS Abuse

Malicious activities on the DNS have been a frequent and serious issue for years, affecting online security, causing harm to users and third parties and, thus, undermining their trust in the Internet. Generally referred to as DNS abuse, these activities make use of domain names or the DNS protocol. They include cybersecurity threats and the distribution of illegal and harmful materials. There is, however, no consensus among stakeholders on the definition of DNS abuse and on what should be collectively done to prevent or fight DNS abuse.

To date, the response to DNS abuse in terms of preventive and reactive measures includes a broad set of voluntary and prescriptive instruments, ranging from technical measures and contractual clauses, to cooperation between DNS operators and competent authorities, and to regulatory actions. However, past initiatives are fragmented and, as data shows, have not yet resulted in a significant reduction of DNS abuse.

The study

This study, through direct measurement and the analysis of broad input from a wide variety of stakeholders and experts, assessed the scope, magnitude and impact of DNS abuse and provided input for possible policy measures. The study’s technical measurements provided solid data about the health status of the DNS. As an example, it proved that European Union country code TLDs (Top level Domains such as .de and .eu) are by far the least abused while the newly introduced generic TLDs (such as xyz. , .online and .top) are the most abused group of TLDs in relative terms.

The recommendations

Based on the findings, the study proposes a set of recommendations to prevent, detect and mitigate DNS abuse. These recommendations are addressed to different actors depending on their role, and include TLD registries, registrars, resellers, hosting providers and Internet Service Providers. The recommendations cover the issues of DNS metadata, WHOIS and contact information, abuse reporting, protection of DNS operations awareness, knowledge building, and collaboration at EU level.

The study provides ample ground, supported by solid data, to discuss with European and international DNS actors whether the exclusive recourse to voluntary measures to tackle DNS abuse are appropriate and sufficient or whether a new combination of policies and practices is needed. The study’s findings also provide useful insights for EU policies regarding the DNS as a crucial element of the core of the Internet that needs to be upheld and preserved (EU’s Cybersecurity Strategy).

For more information, consult the full study