.UK Roadmap

Nominet supports a vital part of the UK’s online economy and operates at the heart of the UK’s digital infrastructure.

Our world class domain name registry is depended on by millions of businesses and consumers and we are committed to the continued investment and improvement of our services.

Find out more here about what we do to keep things running and to continuously improve our products and services.

Tech Roadmap

We continue to invest in and improve the technical capability of the .UK namespace.

We share news of updates and improvements on our dedicated Registrar Resources portal where registrars can find guidance on account set up, services, systems, tools and marketing resources.

Recent initiatives

• Business Continuity – As part of our commitment to ensuring the infrastructure underpinning .UK and our gTLD services remains secure, reliable and resilient, we undertook some important business continuity testing to test the resilience of our infrastructure. Read our May 2018 business continuity testing report or our November 2017 announcement for more information.
• In order to meet our commitment to GDPR we have updated our retention policy for .UK.
• In September we depreciated TLS v1.1 and moved EPP to TLS v1.2.
• Our TLD authoritative DNS infrastructure footprint has been extended to meet the demand from geographic regions beyond the UK, Western Europe and the US. Four sites are now operational in Dallas, Sao Paulo, Sydney and Hong Kong. We have taken an innovative approach to using public cloud infrastructure in a hybrid architecture so as to explore a cost effective but low risk approach.

Future activity

To further ensure that the infrastructure underpinning .UK remains secure:

• Following the move to TLS v1.2 we are now testing in preparation for the introduction of TLS v1.3
• We will harden our access controls further and extend our use of encryption internally targeting more areas where data is in transit or at rest
• To reduce DNS query response times and increase resilience we plan to extend our peering policy from Registry Systems to our Authoritative TLD DNS infrastructure by introducing DNS Peering.
• We are implementing .UK EPP pre-validation checks. This allows registrars to pre-validate the details of the registrant before committing to the domain.

Security Roadmap

We never stand still and are always developing our expertise to help combat cyber-crime and keep the .UK namespace safe and secure.

Recent security initiatives

• Domain Health – We introduced Domain Health to alert .UK registrars to domains they administer which are implicated in spam, phishing, malware and botnet activity, and to provide registrars with practical advice as to what they can do to address these problems. Find out more on our Registrar Resources website.
• Domain Watch – We introduced this new anti-phishing initiative to further increase the security of the .UK zone and protect end users from malicious phishing activity. It identifies and suspends newly registered domains that are obvious phishing attempts. Find out more here.

Future activity

• Domain Health phase 2 – We are planning to improve the Domain Health service based on feedback we have received from users of the service and to help reach our objective of reducing the levels of abuse in the .UK registry. Further feedback or suggestions are always welcome.
• Responsible Disclosure Policy – We will shortly announce the publication of our Responsible Disclosure Policy. It describes the process by which security vulnerabilities in Nominet services can be disclosed to us with the assurance that they will be handled in a defined and appropriate manner.
• Cyber research – Nominet is committed to ensuring the security of all its products and services. Our Cyber research team strives to increase this security by detecting new threats and finding new ways to mitigate against them.

Policy Roadmap

The views of stakeholders are an important consideration in our .UK policy process.

Our Policy team actively engages with national and international external stakeholders regarding the operation and policy framework of the .UK domain.

The feedback we receive helps to ensure that the organisation is aware of a range of insights and perspectives enabling us to shape policies from an informed position.

Our policies are developed in consultation with a wide range of interested parties and stakeholders and there are many ways you can get involved. You are welcome to suggest existing. UK policies for review, new policies for development, or you can give your feedback regarding ongoing policy discussions.

Sign up to .uk policy updates

Current consultations

• 2020 .UK Expiring Domains Consultation: Our consultation period has now closed, thank you to everyone who submitted a response and participated in our virtual roundtable events. We announced an initial response to the Expiring Domains Consultation on 27th August 2020. Our full summary of responses and next steps will follow in due course. You can read the briefing document and background on the policy page.

Recent consultations

• In October – December 2019 we ran a consultation on three issues: (i) Reducing the use of .UK domain names for phishing attacks, (ii) Implementing law enforcement landing pages following suspensions for criminal activity, (iii) Implementing a .UK drop list to provide a transparent and orderly process for the re-registration of expired domains. Read the press release and summary of responses on our policy page.
• Following the 30 day comment period, Nominet have decided to proceed with a Proxy Services Framework.

Future consultations

Ensuring .UK policies reflect current expectations of the UK internet community is an ongoing process of continuous improvement. We are considering several aspects of improvement for the .UK namespace including:

• Moving to an inter-registrar transfer system that is more widely adopted across the industry.
• Standardising domain name renewals, expiry and cancellations in line with generic Top Level Domains (gTLDs) by implementing RFC 3915 and a life cycle to match gTLDs.

We invite all stakeholders to suggest issues for consideration by emailing [email protected] and explaining:

1. What is the issue?
2. Why is it important?
3. Who does it impact and how?
4. What suggestion do you think would provide a solution?