The Domain Name System (DNS) is a critical part of the Internet, including mapping domain names to IP addresses. Malicious threat actors use domain names, their corresponding technical resources, and other parts of the DNS infrastructure, including its protocols, for their malicious cyber operations. CERTs are confronted with reported DNS abuse on a continuous basis, and rely heavily on DNS analysis and infrastructure to protect their constituencies. Understanding the international customary norms applicable for detecting and mitigating DNS abuse from the perspective of the global incident response community is critical for the open Internet’s stability, security and resiliency.
We currently have a regularly scheduled weekly meeting on Thursdays at 13:00 UTC. Most regular communication is done through the Slack channel, but we also have a mailing list for members which is used for more official discussion and in cases where we need to reach the entire SIG.
FIRST members are automatically approved to join the SIG, and outside members are welcome to apply from the technical and academic communities in research or operational roles that work with DNS and DNS Abuse. Applications from non-FIRST members must be approved by the SIG chairs.
In general, the SIG is a technical group rather than a policy group. Policy items that impact anti-abuse efforts are obviously relevant to SIG work, however the scope of SIG work is primarily technical advice about how to navigate the existing policy landscape.
If you're interested in joining, please check out the policies page, which includes details on sharing information and our Code of Conduct.