Hi Evan and team, I have been following the recent discussion about the need for more practical, end-user-focused materials as NARALO’s DNS abuse work moves forward. With that in mind, I drafted a plain-language DNS abuse guide for the NARALO community. The goal was to create something practical and accessible, with a focus on actions members can take right away, such as using protective resolvers like Quad9 and CIRA Canadian Shield, as well as encrypted DNS. In that sense, I hoped to help move the conversation from policy definitions toward practical end-user protection. I have attached the draft here and would welcome your feedback on whether this is the kind of operational outreach resource that would be useful for the committee’s work. Best regards, Mohibul On Sun, Mar 22, 2026 at 11:26 PM Mohibul Mahmud <mohibul.mahmud@gmail.com> wrote:
Hi Evan, Glenn, and all,
Thank you, Evan — this is a wonderful and highly relevant addition to the discussion. CIRA's Canadian Shield is something I was not previously aware of, and it strengthens the case for our proposed guide considerably. The combination of DNSSEC support, encrypted DNS over TLS and HTTPS, and the privacy protections you highlighted makes it a compelling recommendation for Canadian members specifically — alongside Quad9 for the broader North American audience.
I think we now have the foundation for a genuinely useful resource. The outline is taking shape naturally from this thread:
• ICANN's official DNS abuse definitions as the policy anchor • Quad9 (9.9.9.9) for general international users • CIRA Canadian Shield for Canadian users • RBLs such as Spamhaus for email protection • Optional advanced protections including DNS over TLS and HTTPS
I would love to see this move forward as a NARALO initiative. I am happy to contribute to the effort and look forward to discussing next steps with the group — perhaps we can identify the right home for this on the agenda of an upcoming NARALO Monthly Call.
Best regards, Mohibul Mahmud NARALO Member
On Sun, Mar 22, 2026 at 9:39 PM Evan Leibovitch <evanleibovitch@gmail.com> wrote:
Hi Mohibul,
As it turns out, I have been doing some thought and research on this topic, and may expand further on it in the future.
Your idea for an end-user guide is an excellent one and I offer my assistance should NARALO pursue.
In my research I found that the only entity in the whole Internet Governance field that has given this issue any attention is Canada's ccTLD, CIRA. In a project called "Canadian Shield" <https://www.cira.ca/en/canadian-shield/>, CIRA has provided mobile apps and configuration guidance (for desktops and routers) on how to use its own public DNS servers (149.112.121.20/149.112.122.20).
I find in my own tests that Canadian Shield servers consistently provide the fastest response ... though that might not be the case for non-Canadians. As well as DNSSEC it supports encrypted DNS over TLS or HTTPS, which is also important in privacy considerations if you suspect your ISP is collecting data on what users access. Personally I use both CIRA and Quad9.
Even further protection is available at the DNS level if you want to extend blocking to ads or adult content.
Again, thanks for the suggestion. I hope it gets picked up and is offered some resources.
- Evan
On Sat, Mar 21, 2026 at 2:51 PM Mohibul Mahmud <mohibul.mahmud@gmail.com> wrote:
Subject: DNS Abuse & AI – Proposed NARALO Action: Member Guide
Dear Glenn and Evan,
I am writing to synthesize the key takeaways from the ICANN 82 roundtable discussion, "DNS Abuse and AI: Combatting and Enabling Threats," and to propose a concrete next step for NARALO.
The session highlighted a sophisticated, three-dimensional landscape regarding DNS abuse. On one hand, we have the formal ICANN policy definitions focusing on malware, botnets, phishing, pharming, and spam. On the other, we discussed the cutting-edge AI defense mechanisms presented by panelists like Jeff Bedser of CleanDNS, which leverage machine learning for near real-time detection (13:13).
However, a significant gap remains between these high-level policy discussions and the immediate, *practical needs of the general internet user*. As Evan highlighted in his response, many average users are bypassed by these technical efforts and remain vulnerable to daily threats.
To bridge this gap, I propose that NARALO develop a simplified, one-page guide for our members. This guide would synthesize the official ICANN focus on DNS abuse with a step-by-step tutorial on implementing effective, DIY mitigation tools — such as utilizing specific DNS providers like Quad9 (9.9.9.9) or RBLs.
This initiative would directly align NARALO's policy-driven mission with tangible, practical benefits for our community. I look forward to hearing your thoughts on this proposal.
Best regards, Mohibul
(360) DNS Abuse and AI: Combatting and Enabling Threats (EDIT) - YouTube <https://www.youtube.com/watch?v=L1csoImspvA>
On Mon, Mar 9, 2026 at 8:57 PM Evan Leibovitch via NA-Discuss < na-discuss@icann.org> wrote:
Hi Glenn, and thanks for this.
I agree with you about the lack of clarity. The slide deck is very informative, but it seems to ignore what are now the most effective ways that the general public now confronts DNS abuse. They seem to be off the radar of the entire ICANN community because they've evolved as workarounds that do not wait for committees or government agencies or working groups to act, indeed they bypass ICANN completely:
- Abuse-limiting DNS servers: Anyone can override the DNS server provided by their ISP in their phone, PC or home router if they wish. Setting this manually enables anyone to send their DNS queries to a server that maintains lists of abusing DNS domains and refuses to feed them to you. There are many examples, the best of which (IMO) is the Swiss nonprofit Quad9 <https://quad9.net/>. Setting your DNS server to 9.9.9.9 sends queries through this well-trusted site which is free to use and does not require setting up an account. They maintain a database of millions of malicious domains which is updated in real-time. It's easy to use, and an immediate step that protects the privacy of DNS lookups while blocking bad domains. (Quad9 provides setup guides for PCs, phones and routers; here is a video that compares it to alternatives <https://www.youtube.com/watch?v=NUT4K3tk9Ns>.)
- Spam is correctly noted in the slide deck as being an enabler of DNS abuse rather than the abuse itself. However the slide deck makes no mention of the massive amounts of volunteer time that go into creating Remote Blackhole Lists (RBLs) that maintain not only domains but also IP addresses of sources of unwanted and unsolicited email. The best known of these is Spamhaus <https://www.spamhaus.org/> but there are a few of them. They sometimes suffer from false positives, but there is a well-documented process for legitimate bulk-email senders to get removed from the lists. Many mail systems implement some kind of such blocking; anyone who looks at the spam folder of their Gmail will see this in action. Spam is specifically also the subject of legislation in both Canada (CASL <https://ised-isde.canada.ca/site/canada-anti-spam-legislation/en>) and the US (CAN-SPAM <https://www.ftc.gov/business-guidance/resources/can-spam-act-compliance-guid...> ).
As the component of the ICANN that is closest to the end-user, if we in NARALO are interested in the actual practice of helping the public mitigate DNS abuse -- something that can be done by anyone, TODAY -- we can (and should) do much more than just point to internal ICANN process churn and pray that the contracted parties do the right thing. The solutions I have listed above unabashedly bypass the ICANN-registry-registrar chain in their pursuit of practical abuse mitigation. ICANN's work is trying to stop abuse at the source with limited success despite decades of work. Well-meaning people joined NARALO chiefly to address abuse (old-timers here will remember Marc, Garth and Beau) but left out of frustration. Abuse-minded DNS servers and RBLs perform the task at the receiving end and appear to be more successful in the actual problem solving; it's much easier to ignore a bad domain than to take it down but the end-user effect is the same. The slide deck makes mention of PDNS but it's never elaborated.
I ask everyone here: what action is both easier and more likely to help you and your family reduce exposure to DNS abuse, right here right now?
1. Explaining ICANN processes and hoping it will all work out? 2. Monitoring Netbeacon and pressuring registries and/or ICANN to act on its information? 3. Setting your devices' DNS to 9.9.9.9?
Education about Abuse-resistant DNS servers and DIY abuse mitigation should be part of ICANN's (and especially At-Large's) public mandate. That these solutions did not come from within ICANN (and indeed ignore it completely) does not negate their intense potential for public benefit in this realm. NIH thinking must be resisted.
- Evan
On Mon, Mar 9, 2026 at 1:01 PM Glenn McKnight via NA-Discuss < na-discuss@icann.org> wrote:
Hi Greg and Rookayya
I attended and watched the recordings of the DNS Abuse Mitigation sessions in Mumbai ( remotely ) and I need to confess that the group dance around the concrete issues which impacts the user community.
As a result I spent some time tailoring a AI Gemini slideshow given the parameters of making sense of the topic and I've added the result of slideshow as a EBOOK
https://online.fliphtml5.com/gnel/DNS_Abuse_Playbook/
We are suffering by a lack of clarity and plain speaking on this topic. I hope this slideshow can help our membership in trying to undersatnd the basics.
Glenn
Glenn McKnight, MA Virtual School of Internet Governance Chief Information Officer www.virtualsig.org *YOUR SOURCE FOR INTERNET GOVERNANCE EDUCATION * *Mobile 437-237-4655*
------ NA-Discuss mailing list -- na-discuss@icann.org To unsubscribe send an email to na-discuss-leave@icann.org
Visit the NARALO online at http://www.naralo.org ------ _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy ( https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-- Evan Leibovitch, Toronto Canada @evanleibovitch / @el56 ------ NA-Discuss mailing list -- na-discuss@icann.org To unsubscribe send an email to na-discuss-leave@icann.org
Visit the NARALO online at http://www.naralo.org ------ _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-- Evan Leibovitch, Toronto Canada @evanleibovitch / @el56