The EU project "Connecting Europe Facility" (CEF) has set itself the task of supporting growth, employment and competitiveness in the EU through targeted investments in infrastructure. The aim is to promote the creation of highly developed, sustainable and efficient trans-European networks in the sub-sectors of energy, transport and telecommunications. In this article we present "OpenINTEL-lookup", one of the projects that have been successfully implemented by our Research & Development department in cooperation with the CERT (Computer Emergency Response Team), which is also operated by us,  with CEF support.

What is OpenINTEL?

OpenINTEL is a research project at the University of Twente (Netherlands) that provides a platform for measuring the health of large parts of the global DNS (Domain Name System). Since the DNS plays a key role in almost all Internet services, this creates a record of changes on the Internet over long periods of time. The measurements are performed on a daily basis: A large section of the DNS system is scanned, and the resulting responses from the DNS servers are analyzed. The main advantage is the chronological sequencing, which makes it possible to track changes historically - for example, when new technologies are implemented or changes to the DNS take hold.

What role does nic.at play?

Our Research & Development department receives daily data from OpenINTEL concerning our .at-zone. In order to make this data directly usable for the tasks of the nic.at-CERT, we have created a web interface, which can be used for search queries. For machine-to-machine communication, an application programming interface (API) is also available. The resulting software is now being made available as an Open-Source so that other organizations can also benefit from this development.

"OpenINTEL is a valuable support for us to be able to follow up on security-relevant changes in DNS records. This helps us, for example, to better track the progress of an attack, even if the attackers have already tried to cover their tracks. This enables us not only to resolve past and ongoing attacks, but also to better prepare the so-called Constituency - i.e. our partners and customers - for future attacks. It is only through the development of the search function by our R&D department that we are able to efficiently use the results of the Dutch research team for our tasks," says CERT team leader Wolfgang Rosenkranz.

The development of openintel-lookup was partially funded by CEF5 - it is available on Github.

^{The contents of this publication are the sole responsibility of nic.at and do not necessarily reflect the opinion of the European Union.}