Hi All, Thank you for your contributions to this email chain. The information has been both valuable and educational regarding the policy issues and coordination options (particularly helpful as I am relatively new to the group). Count me in for the upcoming Zoom session, whether through NARALO or VSIG… Looking forward to it! Best regards, Ana Teresa On Wed, Mar 25, 2026 at 4:21 PM Glenn McKnight via NA-Discuss < na-discuss@icann.org> wrote:
Hi All No response from staff or Greg on the open discussion with NARALO. My impression is that NARALO is looking for community members to discuss the policy issues . If they don't want to do it. I am prepared to organize our own ZOOM call within VSIS Please confirm the main topic for a ZOOM call. I will create a promotional flyer and book the zoom meeting Please confirm your willingness for this separate session
Also Zulgar and I spoke about the expressed limits of the ICANN board on the issues of UA and I think given our friday event perhaps we can do a special purpose call in response on this issue in detail or we can add it to the above Zoom discussion. We have a NARALO ALAC person Kathleen Sloggin perhaps she too can join us.
Speakers Evan Mohibul Kathleen Glenn( Moderator Avri
Comments?
G
Glenn McKnight, MA Virtual School of Internet Governance Chief Information Officer www.virtualsig.org *YOUR SOURCE FOR INTERNET GOVERNANCE EDUCATION * *Mobile 437-237-4655*
On Wed, 25 Mar 2026 at 10:08, Glenn McKnight <mcknight.glenn@gmail.com> wrote:
Hi All I understand that Greg would be very interested in a presentation on this subject. I will reach out to him and Rookayya on a special session open to all ALAC I will send it today Glenn Glenn McKnight, MA Virtual School of Internet Governance Chief Information Officer www.virtualsig.org *YOUR SOURCE FOR INTERNET GOVERNANCE EDUCATION * *Mobile 437-237-4655*
On Wed, 25 Mar 2026 at 01:33, Mohibul Mahmud <mohibul.mahmud@gmail.com> wrote:
Subject: Re: DNS Abuse & AI – Proposed NARALO Action: Member Guide
Hi Evan, Glenn, and all,
I wanted to add one more relevant development to our discussion that I believe significantly strengthens the case for the member guide we have been building.
On March 19, 2026, NIST published SP 800-81r3 — the Secure Domain Name System (DNS) Deployment Guide — the first update to this foundational document in over twelve years:
• Official NIST page: https://csrc.nist.gov/pubs/sp/800/81/r3/final
• Direct PDF download: https://doi.org/10.6028/NIST.SP.800-81r3
For the NARALO community and the end-users we represent, this is a landmark moment. Here are four takeaways directly relevant to our work:
1. DNS is Now Officially a "First Line of Defense"
Rather than being viewed merely as a lookup service, DNS is now officially positioned as an active enforcement layer capable of detecting and mitigating threats in real time. This gives NARALO the policy weight to advocate for Protective DNS as a standard recommendation for schools, local governments, and small businesses across North America — exactly the practical guidance our proposed member guide would provide.
2. Encrypted DNS is Now a Federal Standard
SP 800-81r3 addresses encrypted DNS through three key protocols — DNS over TLS (DoT), DNS over HTTPS (DoH), and DNS over QUIC (DoQ) — and mandates encrypted DNS for US federal civilian agencies wherever technically feasible. This directly validates what Evan highlighted: encrypted DNS is not just a privacy preference but a recognized federal standard. It also reinforces the case for CIRA Canadian Shield and Quad9 (9.9.9.9) as the practical implementations we would feature in our guide.
3. DNSSEC Recommendations Have Been Modernized
The publication updates DNSSEC signing recommendations to reflect current cryptographic standards. For end-users, this reinforces the importance of domain owners signing their zones — preventing website hijacking and fake site redirects that disproportionately harm non-technical users.
4. Zero Trust for Everyday Users
SP 800-81r3 integrates DNS into Zero Trust Architecture, positioning DNS as both a policy enforcement point and a source of information when evaluating access requests. In plain language: every connection should be verified before being trusted — a principle that becomes essential as AI-driven phishing grows more sophisticated.
I believe NIST SP 800-81r3 gives our proposed member guide an authoritative US federal policy foundation — one that did not exist just one week ago.
Best regards,
Mohibul Mahmud
NARALO Member
On Sun, Mar 22, 2026 at 11:26 PM Mohibul Mahmud < mohibul.mahmud@gmail.com> wrote:
Hi Evan, Glenn, and all,
Thank you, Evan — this is a wonderful and highly relevant addition to the discussion. CIRA's Canadian Shield is something I was not previously aware of, and it strengthens the case for our proposed guide considerably. The combination of DNSSEC support, encrypted DNS over TLS and HTTPS, and the privacy protections you highlighted makes it a compelling recommendation for Canadian members specifically — alongside Quad9 for the broader North American audience.
I think we now have the foundation for a genuinely useful resource. The outline is taking shape naturally from this thread:
• ICANN's official DNS abuse definitions as the policy anchor • Quad9 (9.9.9.9) for general international users • CIRA Canadian Shield for Canadian users • RBLs such as Spamhaus for email protection • Optional advanced protections including DNS over TLS and HTTPS
I would love to see this move forward as a NARALO initiative. I am happy to contribute to the effort and look forward to discussing next steps with the group — perhaps we can identify the right home for this on the agenda of an upcoming NARALO Monthly Call.
Best regards, Mohibul Mahmud NARALO Member
On Sun, Mar 22, 2026 at 9:39 PM Evan Leibovitch < evanleibovitch@gmail.com> wrote:
Hi Mohibul,
As it turns out, I have been doing some thought and research on this topic, and may expand further on it in the future.
Your idea for an end-user guide is an excellent one and I offer my assistance should NARALO pursue.
In my research I found that the only entity in the whole Internet Governance field that has given this issue any attention is Canada's ccTLD, CIRA. In a project called "Canadian Shield" <https://www.cira.ca/en/canadian-shield/>, CIRA has provided mobile apps and configuration guidance (for desktops and routers) on how to use its own public DNS servers (149.112.121.20/149.112.122.20).
I find in my own tests that Canadian Shield servers consistently provide the fastest response ... though that might not be the case for non-Canadians. As well as DNSSEC it supports encrypted DNS over TLS or HTTPS, which is also important in privacy considerations if you suspect your ISP is collecting data on what users access. Personally I use both CIRA and Quad9.
Even further protection is available at the DNS level if you want to extend blocking to ads or adult content.
Again, thanks for the suggestion. I hope it gets picked up and is offered some resources.
- Evan
On Sat, Mar 21, 2026 at 2:51 PM Mohibul Mahmud < mohibul.mahmud@gmail.com> wrote:
Subject: DNS Abuse & AI – Proposed NARALO Action: Member Guide
Dear Glenn and Evan,
I am writing to synthesize the key takeaways from the ICANN 82 roundtable discussion, "DNS Abuse and AI: Combatting and Enabling Threats," and to propose a concrete next step for NARALO.
The session highlighted a sophisticated, three-dimensional landscape regarding DNS abuse. On one hand, we have the formal ICANN policy definitions focusing on malware, botnets, phishing, pharming, and spam. On the other, we discussed the cutting-edge AI defense mechanisms presented by panelists like Jeff Bedser of CleanDNS, which leverage machine learning for near real-time detection (13:13).
However, a significant gap remains between these high-level policy discussions and the immediate, *practical needs of the general internet user*. As Evan highlighted in his response, many average users are bypassed by these technical efforts and remain vulnerable to daily threats.
To bridge this gap, I propose that NARALO develop a simplified, one-page guide for our members. This guide would synthesize the official ICANN focus on DNS abuse with a step-by-step tutorial on implementing effective, DIY mitigation tools — such as utilizing specific DNS providers like Quad9 (9.9.9.9) or RBLs.
This initiative would directly align NARALO's policy-driven mission with tangible, practical benefits for our community. I look forward to hearing your thoughts on this proposal.
Best regards, Mohibul
(360) DNS Abuse and AI: Combatting and Enabling Threats (EDIT) - YouTube <https://www.youtube.com/watch?v=L1csoImspvA>
On Mon, Mar 9, 2026 at 8:57 PM Evan Leibovitch via NA-Discuss < na-discuss@icann.org> wrote:
> Hi Glenn, and thanks for this. > > I agree with you about the lack of clarity. The slide deck is very > informative, but it seems to ignore what are now the most effective ways > that the general public now confronts DNS abuse. They seem to be off the > radar of the entire ICANN community because they've evolved as workarounds > that do not wait for committees or government agencies or working groups to > act, indeed they bypass ICANN completely: > > - Abuse-limiting DNS servers: Anyone can override the DNS server > provided by their ISP in their phone, PC or home router if they wish. > Setting this manually enables anyone to send their DNS queries to a server > that maintains lists of abusing DNS domains and refuses to feed them to > you. There are many examples, the best of which (IMO) is the Swiss > nonprofit Quad9 <https://quad9.net/>. Setting your DNS server to > 9.9.9.9 sends queries through this well-trusted site which is free to use > and does not require setting up an account. They maintain a database of > millions of malicious domains which is updated in real-time. It's easy to > use, and an immediate step that protects the privacy of DNS lookups while > blocking bad domains. (Quad9 provides setup guides for PCs, phones and > routers; here is a video that compares it to alternatives > <https://www.youtube.com/watch?v=NUT4K3tk9Ns>.) > > - Spam is correctly noted in the slide deck as being an enabler > of DNS abuse rather than the abuse itself. However the slide deck makes no > mention of the massive amounts of volunteer time that go into creating > Remote Blackhole Lists (RBLs) that maintain not only domains but also IP > addresses of sources of unwanted and unsolicited email. The best known of > these is Spamhaus <https://www.spamhaus.org/> but there are a > few of them. They sometimes suffer from false positives, but there is a > well-documented process for legitimate bulk-email senders to get removed > from the lists. Many mail systems implement some kind of such blocking; > anyone who looks at the spam folder of their Gmail will see this in action. > Spam is specifically also the subject of legislation in both > Canada (CASL > <https://ised-isde.canada.ca/site/canada-anti-spam-legislation/en>) > and the US (CAN-SPAM > <https://www.ftc.gov/business-guidance/resources/can-spam-act-compliance-guid...> > ). > > As the component of the ICANN that is closest to the end-user, if we > in NARALO are interested in the actual practice of helping the public > mitigate DNS abuse -- something that can be done by anyone, TODAY -- we can > (and should) do much more than just point to internal ICANN process churn > and pray that the contracted parties do the right thing. The solutions I > have listed above unabashedly bypass the ICANN-registry-registrar chain in > their pursuit of practical abuse mitigation. ICANN's work is trying to stop > abuse at the source with limited success despite decades of work. > Well-meaning people joined NARALO chiefly to address abuse (old-timers here > will remember Marc, Garth and Beau) but left out of frustration. > Abuse-minded DNS servers and RBLs perform the task at the receiving end and > appear to be more successful in the actual problem solving; it's much > easier to ignore a bad domain than to take it down but the end-user effect > is the same. The slide deck makes mention of PDNS but it's never elaborated. > > I ask everyone here: what action is both easier and more likely to > help you and your family reduce exposure to DNS abuse, right here right now? > > 1. Explaining ICANN processes and hoping it will all work out? > 2. Monitoring Netbeacon and pressuring registries and/or ICANN > to act on its information? > 3. Setting your devices' DNS to 9.9.9.9? > > Education about Abuse-resistant DNS servers and DIY abuse mitigation > should be part of ICANN's (and especially At-Large's) public mandate. That > these solutions did not come from within ICANN (and indeed ignore it > completely) does not negate their intense potential for public benefit in > this realm. NIH thinking must be resisted. > > - Evan > > > On Mon, Mar 9, 2026 at 1:01 PM Glenn McKnight via NA-Discuss < > na-discuss@icann.org> wrote: > >> Hi Greg and Rookayya >> >> I attended and watched the recordings of the DNS Abuse >> Mitigation sessions in Mumbai ( remotely ) and I need to confess that the >> group dance around the concrete issues which impacts the user community. >> >> As a result I spent some time tailoring a AI Gemini slideshow >> given the parameters of making sense of the topic and I've added the result >> of slideshow as a EBOOK >> >> https://online.fliphtml5.com/gnel/DNS_Abuse_Playbook/ >> >> We are suffering by a lack of clarity and plain speaking on this >> topic. I hope this slideshow can help our membership in trying to >> undersatnd the basics. >> >> Glenn >> >> >> >> >> >> >> >> >> Glenn McKnight, MA >> Virtual School of Internet Governance >> Chief Information Officer >> www.virtualsig.org >> *YOUR SOURCE FOR INTERNET GOVERNANCE EDUCATION * >> *Mobile 437-237-4655* >> >> ------ >> NA-Discuss mailing list -- na-discuss@icann.org >> To unsubscribe send an email to na-discuss-leave@icann.org >> >> Visit the NARALO online at http://www.naralo.org >> ------ >> _______________________________________________ >> By submitting your personal data, you consent to the processing of >> your personal data for purposes of subscribing to this mailing list >> accordance with the ICANN Privacy Policy ( >> https://www.icann.org/privacy/policy) and the website Terms of >> Service (https://www.icann.org/privacy/tos). You can visit the >> Mailman link above to change your membership status or configuration, >> including unsubscribing, setting digest-style delivery or disabling >> delivery altogether (e.g., for a vacation), and so on. > > > > -- > Evan Leibovitch, Toronto Canada > @evanleibovitch / @el56 > ------ > NA-Discuss mailing list -- na-discuss@icann.org > To unsubscribe send an email to na-discuss-leave@icann.org > > Visit the NARALO online at http://www.naralo.org > ------ > _______________________________________________ > By submitting your personal data, you consent to the processing of > your personal data for purposes of subscribing to this mailing list > accordance with the ICANN Privacy Policy ( > https://www.icann.org/privacy/policy) and the website Terms of > Service (https://www.icann.org/privacy/tos). You can visit the > Mailman link above to change your membership status or configuration, > including unsubscribing, setting digest-style delivery or disabling > delivery altogether (e.g., for a vacation), and so on.
-- Evan Leibovitch, Toronto Canada @evanleibovitch / @el56
------ NA-Discuss mailing list -- na-discuss@icann.org To unsubscribe send an email to na-discuss-leave@icann.org
Visit the NARALO online at http://www.naralo.org ------ _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.