DNC Newsletter January 2019



January 2019 


Data Privacy Day

Today is Data Privacy Day – an international day for the promotion of personal privacy online. With a strong focus on individual privacy on social media, Data Privacy Day is also great opportunity to evaluate the type of personal information companies and service providers hold about us.

The domain name industry is no exception, and together with the Office of the Privacy Commissioner, we developed some helpful tips to enhance your privacy when it comes to your .nz domain name. 

We are also running a social media campaign today on Twitter. To keep up to date, , and like or comment to be part of the conversation. 

Flag Day 2019

DNS Flag Day 2019 is only days away. On February 1, the global DNS software will change to allow the system to be updated and continue to improve. Unfortunately, this change will cause problems for a small number of .nz registrants, unless they act now. Around 0.5% of the .nz register is likely to break as a result of the Flag Day changes.

The Domain Name Commission has been involved by warning domain name holders of the impending change. We sent a bulk email communication early in January, warning registrants whose domain names were set to break on Feb 1.

If you hold a .nz domain name, and want to see whether it will be affected by Flag Day 2019, you can do so at https://dnsflagday.net/ There is a domain testing function on that site, that can give you more information on any issues. If there are issues, you should contact your web and/or email hosting provider. Depending on how you have this set up, your hosting provider may also be your registrar. You can find your .nz authorised registrar on the registration record for your domain name. Your registration record can be found on the DNC website.

More information about Flag Day 2019 can be found at the DNS Flag Day website linked above, and on InternetNZ’s website

If your website or email stop working after February 1, contact your hosting provider, or email the Domain Name Commission. You can also call us on 0800 101 151. Please be aware, we are only able to take calls during NZ business hours.

Recent DRS decisions

We publish expert decisions from the Dispute Resolution Service (DRS) on our website. There have been a couple of interesting decisions in the last couple of months.

wellington.ac.nz (DRS ref 1327) involved a dispute by the Victoria University of Wellington, who wanted to acquire the domain name, and claimed they had rights in the name. The Respondent, Fortune Services Group Limited, did not submit a response. The Expert was therefore required to make their decision based on the Complainant’s arguments alone. The Complainant argued that it had rights in the domain name, based on its use of the unregistered mark “Victoria University of Wellington”, and its position as applicant for the trade mark “University of Wellington”. While the expert accepted the University’s rights in their unregistered trade mark, they ruled that this did not give the Complainant rights to the term “Wellington”, as Wellington is a geographical place and descriptor in the term “Victoria University of Wellington”.

The expert also found that the registration of wellington.ac.nz was not unfair as outlined in policy. No evidence was presented that suggested the domain name has been used in a manner which took unfair advantage or was unfairly detrimental to the Complainant’s Rights. More details on the Expert’s reasoning can be found in the full decision document.

gunsnz.co.nz (DRS ref 1319) involved two parties in the business of selling firearms, ammunition and accessories in New Zealand. The Complainant operates their business from the domain name gunsnz.com and has the domain name gunsnz.nz redirecting to their primary site. The Complainant alleged that they used to hold gunsnz.co.nz, but let the registration lapse in 2016, after which it was registered by the Respondent. The Complainant claimed that they had rights in gunsnz.co.nz, based on their existing NZ trade mark, as well as their existing domain names. The Complainant also attested that the Respondent is associated with a competing business, using the website nzar15.com.

The Expert found that the Complainant’s trade mark was highly descriptive, and ultimately that the Complainant did not show on the balance of probabilities that it had Rights (as defined in the policy) in a name which is identical or similar to gunsnz.co.nz. For more details, read the full Expert decision.

It was recently agreed that all DRS decisions are going to be published on the  New Zealand Legal Information Institute's database. The designator "NZDNC" will be applied to all such decisions to make them easy to find. 

DNS Infrastructure Tampering

The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive this month after a series of incidents that involved Domain Name System (DNS) tampering. US Federal agencies were issued with the Emergency Directive, instructing them to take certain technical precautions to limit or prevent damage from the attack. Emergency Directive 19-01 outlines the actions required to protect against this threat. Threat research blog FireEye reported that dozens of domains belonging to government, telecommunications and internet infrastructure entities across multiple countries were affected. Initial evidence suggests that this attack may be linked to Iranian cyber espionage actors.

This news highlights the important of using good security practices on your .nz domain. While it is unlikely any .nz domain name holders are the target of this attack, the incident shows how critical it is to use good cyber security procedure. We recently published a blog post on the InternetNZ website that described some easy ways you can ensure your domain name and associated infrastructure are secure.

The DHS directive requires US Federal agencies to take four technical steps to mitigate the threat. These steps are worth taking for anyone who uses a domain name.

Domain name holders should:

  1. check all DNS records, and ensure all all authoritative DNS servers resolve correctly.
  2. change the passwords for any accounts that can alter DNS records.
  3. enable Two-Factor-Authentication (2FA) on the accounts mentioned above.
  4. check for fraudulent SSL certificates.


Netsafe NZ are promoting Safer Internet Day NZ 2019 on February 5
Namescon Global 2019 is being held later this week in Las Vegas
APTLD 75 is being held in Dubai in February
ICANN64 is being held in Kobe



DNC news