Secure TLDs - Top Level Domains - PTS-ER-2004:19
14/05/2004
The National Post and Telecom Agency has been assigned by the Government to survey the functions in the operation and administration of TLDs (Top Level Domains) that are of importance for good security of the domain name system.
Access to accurate data from the name servers for TLDs is decisive for access to the web and e-mail by users, whose addresses are found in various second-level domains that are registered by businesses, authorities, organisations and individuals, for example ‘pts.se’. The three most important TLDs, having regard to the number of domain names registered in Sweden, are the .se-domain, .com-domain and the .nu-domain.
An administrator of a TLD is responsible for a complex system with a number of important functions that must be safeguarded to be able to offer and maintain its services. A critical factor to be able to provide a name service with high accessibility is that there are personnel who are sufficiently competent to manage the systems and create protection against unauthorised access and that they are continuously updated about the latest news within their field. It is important that the resources are available to permit technical developments to be monitored and to work preventively to reduce vulnerability to physical and logical attacks and disturbances, and also have an emergency preparedness plan to maintain a high level of service despite difficult stress.
The responsibility for a TLD includes answering, accurately and with sufficient speed, queries to the domain name system concerning the TLD. This is realised in all respects, or to a large part, through its slave servers. It is very important that the same data is available on all slave servers and that it is accurate. In order to safeguard the operation of slave servers, diversity should be applied at different levels. The slave servers should therefore be managed by different contractors with different organisational affiliation in geographically dispersed places in secure premises, where each instance has sufficient server capacity and redundant connection to various Internet operators or the possibility to simply connect to other Internet operators. There should be contracts between the TLD administrators and each slave server operator regulating the commitments of the slave server operators.
An administrator of a TLD is responsible for its part of the Internet, but many other parties are involved in ensuring that the domain name system will work. An absolutely decisive factor is the actual transport of the domain name system information, which is conducted via Internet operators that must provide functional networks.