ZA Central Registry (ZACR), the organisation which administers top-level domains such as .ZA, .joburg, and .Africa, has said that it is looking into implementing registry locking for the .ZA namespace.
MyBroadband recently reported on the lack of registry and registrar locking for .ZA domains, and the importance of having registry locking in light of the large-scale domain hijacking attacks earlier this year.
In response to the article, the ZACR has revealed that it is exploring the possibility of implementing Registry Lock functionality. It explained that this would require a change in registry policy, following the development of supplemental policies in consultation with the ZA Domain Name Authority (ZADNA).
DNS-ZA, the technical service provider to the ZACR and ZADNA, has also responded to the article in a blog post.
“We are also in advanced discussions with the ZACR to determine ways of implementing and promoting Domain Lock and Multi-Factor Authentication for all their second level and generic domains. Watch this space,” DNS-ZA said.
Registry vs. Registrar lock
While it may appear at first blush as though the ZACR and DNS-ZA are referring to the same thing, there is a big difference between registry and registrar locking.
When DNS-ZA referred to “Domain Lock” in its post, it linked to the Wikipedia page on Registrar Locking.
The ZACR used the definition from Wikipedia to differentiate between the two security measures, explaining that a Registrar Lock is a status code set on a domain name by its sponsoring registrar.
A registrar is the service provider you use to register and administer a domain, such as a web hosting company.
“The ZACR recognises the benefits that registrar lock provides to domain names under its administration and calls on its registrar community to consider offering this as a value added service to its end users without detracting from the rights that domain name holders have to manage their own domain names,” the registry said.
While registrar locks would be great to have on .ZA domains, Verisign has warned that this would not necessarily prevent the kind of domain hijacking attacks executed against North African and Middle Eastern top-level domains.
Locking a domain at the registry level would mitigate against such attacks, though.
Essentially, any modification to a domain would have to be authenticated by the registry itself. Verisign said it contacts the requester by phone, who must provide a security phrase for the name to be unlocked.
It is this kind of Registry Lock that the ZACR said it is busy looking at implementing.