Žarko Kecić, CTO RNIDS

TLD Operator’s Role In Cyber Security

With the outbreak of the pandemic, many companies rushed to implement digital technologies to keep their business running. Yet, many of them missed an essential step in securing their digital assets against cyber attacks. With increasing numbers of people using the internet and accessing their business environment, bad actors gain a larger field of operation and benefit significantly from a successful attack

The domain name system (DNS) is one of the most critical components of internet infrastructure and, sadly, one of the most neglected. When a portion of the DNS is compromised or unavailable, users cannot reach related online resources and services. That’s because the DNS runs as the address book for the internet and is responsible for translating Internet Protocol (IP) addresses (series of numbers) into human-friendly domain names. Spoiling some elements of the DNS implies entire parts of the internet becoming unreliable or unreachable. It should therefore come as no surprise that DNS is a top target for cybercriminals.

Running a trustworthy ccTLD

As more people and businesses have been moving online, it has been our duty, as a ccTLD registry, to maintain stable and safe access to internet resources. As in any industry, domain name holders want to be sure that their personal information is adequately protected and that they are provided with top-notch services.

As security risks ramp up, TLD registries must implement thorough protection against security threats on two key aspects: databases of contacts and technical information related to registered domain names and the technical DNS infrastructure critical for public domain name resolution.

Over the last few years, certain security measures have been established to reduce vulnerability to known threats and respond to growing attacks. RNIDS and its registrar partners are now more secure, implementing stiff security protocols to prevent any incident involving the registry’s data and its operations. As a result, we haven’t experienced any registry breaches or operational difficulties, but this doesn’t mean there are no attempts. Like any system connected to the internet, we experience constant probing and attacks against our systems.

Is registry assets security enough to gain our users’ confidence?

One of the main threats faced by RNIDS is the compromise of registrants’ accounts used to update domain name information. That enables the attacker to execute unauthorised changes to domain name data by pointing a domain name toward a compromised online service instead of the appropriate content provided by the registrant. Accordingly, RNIDS has enabled three domain name lock mechanisms for registrants of Serbian national domains. By locking their domain names using an appropriate type of domain name protection, registrants allow only authorised persons to perform changes to the domain name.

Locking domain names, to some extent, prevent phishing and malware distributed via lookalike websites. Lookalike sites are regularly used to distribute malware or execute phishing schemes by replicating financial institutions or government portals to collect valuable personal information to drain bank accounts or steal identities.

Locking the domain name solves only part of the DNS security problems. The Domain Name System (DNS) responds without validating the source, which means it is vulnerable to injecting invalid DNS information and redirecting users to malicious content. This happens every day, all over the world. The estimate is that two-thirds of all cyber-attacks are related to the abuse of the DNS used for criminal acts or censorship of content.

DNSSEC (DNS Security Extension) is a technology that provides mechanisms for protection against the modification of DNS responses and redirecting users to online locations that are potentially harmful. For several years, RNIDS has been enabling Serbian national domains to be DNSSEC signed, in order to protect internet users from becoming victims of cybercriminals. This DNS security extension can be used by all domain name holders, but is almost mandatory for financial institutions and companies that do business oline.

DNS infrastructure security

Attacks against DNS infrastructure have increased in frequency and intensity over recent years. The aggregated bandwidth of millions of compromised “zombie” devices in a botnet has proven disastrous, and even well-equipped targets cannot sustain that amount of traffic. The best practice of TLDs to mitigate large-scale DDoS attacks is to utilise multiple globally distributed DNS anycast providers. RNIDS has responded to the problem by implementing changes to network architecture and introducing rate limits on the number of consecutive queries. Our DNS infrastructure comprises a network of public DNS servers in several geographic locations on all continents.

Trust is vital

A vital element of any TLD operator is trust in the reputation and ability of the registry to manage its namespace and enforce its policies. Where domain name registration is suspicious or engaged in illegal activity, RNIDS may audit the registration by triggering the Registrant Information Validation process via a registrar, thus ensuring that a registrant meets RNIDS registration policy requirements. If the registrant fails to verify that the information provided is correct, the domain name is suspended and cancelled, and no longer poses a threat to internet users.

RNIDS systems process more than 500 million DNS queries on a daily basis, and if someone wants to visit the website or send an e-mail on the .rs or .срб domain names, we ensure that they are directed to the right website; or that the message is delivered to the intended mailbox.

RNIDS strives to contribute to a safer environment for all internet users in Serbia. We thus actively organise educational campaigns and professional meetings to share our knowledge on technical, legal and internet protection issues related to domain names, DNS infrastructure and other issues that fall under our area of expertise.


The terms “secure, stable and resilient” have always been associated with TLD operators. From day one, we have been working to maintain the security, stability and resiliency of the systems that support the .rs and .срб domain names. We keep pace with the technology and cyber security trends and ensure that our customers enjoy the benefits of utilising the Serbian domain namespace.

As a TLD operator, RNIDS constantly monitors its systems to detect incidents and mitigate risk. We are aware that new attack vectors and events are constantly popping up and require continuous attention and the implementation of adjustments and different approaches to adequately defend against changing circumstances.

Chartwell International School

Safe And Structured, Yet Uplifting

Chartwell International School prides itself on being one of the longest-standing private schools in Serbia, which has been striving continuously towards distinction and excellence...

Radovan Terzić, CEO, Moja Soba d.o.o.

Masters Of Luxury

Bedroom furniture company Moja Soba began with just four employees, while it today boasts more than 120 workers producing around 2,000 beds and...

Marko Divljan, Managing Director, Invenio

Decades Of Experience Testify About Us

Invenio has spent more than 30 years dedicated to the development of quality control for its customers. This compay is present in every stage...

Đorđe Popović, Director, Resalta

Solar Market Set To Grow

Resalta was founded in 2011 with the aim of becoming the leading provider of energy services in the region. A decade later it had...

McCarthy, Biden Predict Congress Will Pass Debt-Ceiling Deal

U.S. House Speaker Kevin McCarthy predicted on Sunday that a majority of his fellow Republicans would support the deal...

China’s C919 Passenger Plane Enters Into Service

China's first domestically-manufactured large passenger jet has successfully completed its maiden commercial flight. State TV showed the C919 rising...

Introducing First Ever Regional Publication

In the year commemorating 20 years of CorD Magazine it is our great pleasure to announce an exclusive regional publication...

Turkey’s Erdogan Prevails In Election Test Of His 20-year Rule

President Tayyip Erdogan extended his two decades in power in elections on Sunday, winning a mandate to pursue increasingly authoritarian policies...

Statement By The Spokesperson Peter Stano On The Latest Tensions And Clashes in Kosovo

European Union strongly condemns the clashes involving Kosovo police and protesters in the north of Kosovo, initiated by the...