SAC105 was published on 28 May 2019. All SSAC publications can be found at

Recommendation DescriptionCurrent Phase
Recommendation 1The Internet of Things (IoT) promises to enhance our daily lives by seamlessly and autonomously sensing and acting upon our physical environment through tens of billions of connected devices. While this makes the IoT vastly different from traditional Internet applications like email and web browsing, we expect that a significant number of IoT deployments will use the DNS to locate remote services that they need, for instance to enable telemetry data transmission and collection for monitoring and analysis of sensor data.

In this report, the SSAC provides a discussion on the interplay between the DNS and the IoT, arguing that the IoT represents both an opportunity and a risk to the DNS. It is an opportunity because the DNS provides functions and data that can help make the IoT more secure, stable, and transparent, which is critical given the IoT's interaction with the physical world. It is a risk because various measurement studies suggest that IoT devices may stress the DNS, for instance, because of complex DDoS attacks carried out by botnets that grow to hundreds of thousands or in the future millions of infected IoT devices within hours.

We also identify and discuss five challenges for the DNS and IoT industries (e.g., DNS and IoT operators and software developers) to address these opportunities and risks, for instance by making the DNS’s security functions (e.g., response verification and encryption) available on popular IoT operating systems and by developing a shared system that allows different DNS operators to automatically and continually exchange data on IoT botnet activity.

Unlike typical SSAC publications, the aim of this report is to trigger and facilitate dialogue in the broader ICANN community. We therefore provide a tutorial-style discussion that is more forward looking than operational in nature. Our discussion partly falls within ICANN’s and SSAC’s remit, but also goes beyond it, for instance, because the challenges we identify will take a wider range of players to address. We explicitly do not provide any recommendations and do not solicit any actions from the ICANN community or Board.