SWITCH Security-Blog

SWITCH-CERT IT-Security Blog


Leave a comment

The .ch zone file will be published as open data

The Swiss Federal council adopted the lower laws to the telecommunicaiton act today. Amongst it is the Ordinance on Internet Domains that also regulates the ccTLD .ch. SWITCH-CERT welcomes the new ordinance and the smart regulation by the Federal Office of Communications (OFCOM). The Ordinance on Internet Domains will come to power on 1.1.2021 and has some important changes.

The most obvious ist that the personal data of domain holders will no longer be published in the public whois, following other European countries and the GDPR. This is an important change to protect the privacy of Domain holders. There will be a regulated and monitored access for Swiss Authorities and others that require that data for fighting cybercrime or have other legitimate reasons to get access to the identity of a domain holder. You can find more information on the SWITCH website.

Not so obvious, but from the CERT and security persepective as important is that the .ch zone file will be published as a whole. While the data about (active) .ch domains itself has been published in the distributed Domain Name System ever since, the file containing all domain names – the .ch “zone” – was never public. This will change as of January 2021, details on how to access the .ch zone file will be published at the SWITCH open data page soon.

The .ch zone file contains all registered .ch domain names that have a NS record that points to the nameserver that gives authoritative answers for that domain name. If a domain is registered but has no NS record, it will not be published in the .ch zone file and cannot be resolved, the domain is not active, the website and email are not reachable by Internet users. The .ch zone file is an entry point to query all active .ch domain names for domain data at the authoritative nameserver. This data contains the (IP) addresses for webservers, for email and other public reachable services. It also contains information about who runs the infrastructure and allows the mapping to a country or geolocation. It is also visible which new technologies like IPv6 are used or what security features (DNSSEC, DANE, SPF, DMARC) are used or which Certificate Authority is indicated. This gives direct information about technological and economic details for all active .ch domain names. All this is already done by different initiatives. The publishing of the .ch zone file will give the possibility to make these data collection on .ch domain names complete.

Zone files of most TLDs are available. Generic TLDs (gTLDs) like .org and .com have to publish their zone file via ICANNs Centralized Zone Data System (CZDS) and also some other ccTLD registiries publish their zone file.

One of the possibilities with this information is to see recently activated domain names. This allows security researchers and authorities to monitor these names for potential harmfull activities like phishing or online fraud. This allows security researchers and authorities to monitor these names for potential harmfull activities like phishing or online fraud. Having access to the .ch zone file, they can react fast on malicious registrations and prevent damages for Internet users.

But fighting cybercrime was not the only reason to publish the .ch zone. Switzerland has a law on Open-Government-Data-Strategy that follows the open-by-default strategy. As the zone file contains no personal data, the publishing of the .ch zone file is in line with that law and we hope that open data researchers, public archives and others that look a the Swiss Internet can make use of this data for the public interest. We think that the .ch zone file is an important piece of information to better understand the economic, social and technological impact of the digital transformation in Switzerland. As almost everything in the Internet uses a domain name, changes in domain names can be important signals to detect ongoing or historic changes.

We welcome and encourage any public archives of historic and derived data by organisations and individuals who can add value to the .ch zone file. If you publish data like scan results or statistics, please let us know at cert@switch.ch.