Loading..

Technical Standards

Operator of an essential service

Operating the national registry for the .ie namespace requires the highest levels of security, stability and resilience of networks and infrastructure. Our Technical Services team manages and maintains the registry’s high availability systems, mission-critical services and infrastructure in accordance with international best practices.

Managing and maintaining the database of .ie domain names

Our Technical Services team manages and maintains the national registry of .ie domain names. This database is the authoritative record of who has the “right to use” a particular .ie domain name. The database is updated, in real time, for changes requested by Registrars, acting on the instructions of Registrants. Registrars’ APIs can submit requests 24/7/365, so database uptime and resilience is of critical national importance.

WHOIS directory

Technical Services operates and manages the WHOIS directory, an online lookup service which provides data on every .ie domain name. This service is provided free of charge on our website. It’s important to note that we do not show an individual’s personal information, in accordance with GDPR principles and requirements. Access is controlled with daily limits and fair usage policies apply.

Zone file updates

Any changes to a .ie domain’s name server details are sent to computer servers around the globe, in a process known as the zone file update. We run this process 12 times every day, 365 days a year. This is important because it means that changes to your website can always be reached quickly from anywhere in the world. In our Annual Report every year we show a map of our network of secondary name service providers, illustrating the footprint of .ie across the globe.

Internet security and standards

We adhere to RFCs which document the official Internet specifications, communications protocols and procedures published by the Internet Engineering Task Force (IETF), an open international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet.

Members of the Technical Services team have ongoing collaboration with various internet stakeholders through membership of organisations such as the DNS Operations, Analysis and Research Centre (DNS-OARC) group. This group brings together members from the major internet DNS operators, including ICANN and Verisign, as well as implementers and researchers in order to coordinate responses to attacks, share critical information and engage in discussion and analysis.

Resource Public Key Infrastructure (RPKI) can help prevent BGP leaks.  During 2019, ISPs and international registries adopted RPKI as a way of securely signing routes with the original AS record. At .IE, our team successfully built a lab, completed testing and commenced planning for an expected 2020 launch.

Internationally, hackers and bad actors launch attacks which attempt to use the DNS to infiltrate or incapacitate corporate networks and government infrastructure. Across our global network of DNS servers we use Anycast – a security feature that ringfences and localises any DDoS attacks to prevent it spreading to other transnational nodes. In addition, in Ireland our national .ie registry system supports Two Factor Authentication (2FA), Registry Lock and Domain Name System Security Extensions (DNSSEC) which helps reduce the risk to our .ie customers.

Cyber security is of vital importance to the Irish economy and to society. We’re delighted to show our support for Cyber Security Month through our membership of Cyber Ireland and our association with IRISS. Further information can be found on our Cyber Security Month blog.

DNS Security Extensions (DNSSEC)

DNSSEC is important because it strengthens authentication in DNS using digital signatures based on public key cryptography. In order for DNS servers to verify that the information they receive about .ie domains is reliable, we use DNSSEC. It creates a chain of trust within the DNS infrastructure that guarantees that the response you receive has not been tampered with in any way.  This provides an extra layer of trust for domain holders and their customers. If the chain of trust is broken, your browser will notify you with a pop-up warning. From a technical perspective, DNSSEC works by digitally signing records for DNS lookups, using public-key cryptography. The correct DNSKEY record is authenticated via a chain of trust, starting with a set of verified public keys for the DNS root zone, which is the trusted third party.

Operating a trusted namespace for Ireland

 To protect domain holders from any unintended or unwanted changes to their account details, such as changing the name of the domain holder, we offer the Registry Lock service. The service ensures that any modifications are controlled and managed through a manual authorisation process, using preset user-specific pass phrases.

Proactively tackling technical abuse which uses the .ie DNS

We are dedicated to fighting malware and phishing in the .ie namespace. Protecting consumers, our customers and SMEs is of the utmost importance to us and our Registrars. We enlisted the services of Netcraft, an internet services company which provides internet security services, including cybercrime disruption, application security testing and automated vulnerability scanning.  This service allows us to proactively identify online abuse issues, such as websites that are hosting malware, phishing or botnets.

Partnerships in Ireland

Technical Services staff are also actively engaged with the Irish Reporting and Information Security Service (IRISS), the Irish Neutral Internet Exchange (INEX), RIPE, CENTR and others. The team actively participates in international industry events such as CENTR meetings (Technical, Security and R&D), RIPE and ICANN every year, contributing and sharing in order to identify and develop industry best practices. You can find more information on our partners here.