China Internet Network Information Center

The China Internet Network Information Center, or CNNIC, is the administrative agency responsible for domain registry affairs of .cn under the Cyberspace Administration of China.

Founded on 3 June 1997, it is now a government department based in the Zhongguancun high tech district of Beijing.

Domain name registry service
CNNIC is responsible for operating and administering China’s domain name registry. CNNIC manages both the ".cn" country code top level domain and the Chinese domain name system (internationalized domain names that contain Chinese characters). As of April 2017, the total number of Chinese domain names was about 21 million.

As of January 2017, CNNIC only opened the CN domain to registered businesses, required supporting documentations for domain registration such as business license or personal ID, and suspended overseas registrars even for domestic registrants. CNNIC denied that it mandated existing personal domain names to be transferred to businesses. Trend Micro suggested this move was still not enough to stop modern security threats from the .cn domain.

IP address and Autonomous System number (AS number) allocation service
CNNIC allocates Internet Protocol (IP) addresses and AS Numbers to domestic ISPs and users. CNNIC is a National Internet Registry (NIR) acknowledged by the Asia-Pacific Network Information Center (APNIC). In late 2004 CNNIC launched an “IP Allocation Alliance” which simplified the procedures for obtaining IP addresses.

Catalogue Database Service
CNNIC is responsible for the creation and maintenance of the state top-level network catalog database. This database provides information on Internet users, web addresses, domain names, and AS numbers.

Technical research on Internet addressing
CNNIC conducts technical research and undertakes state technical projects based on its administrative and practical network technology experience.

Internet survey and statistics
CNNIC has conducted, and continues to conduct, surveys of Internet information resources. CNNIC maintains statistics on topics such as Internet bandwidth in China, Domain Name registrations, and Internet Development in China.

International liaison and policy research
As the national Network Information Center (NIC), CNNIC maintains cooperative relationships with other International Internet Communities, and works closely with NICs of other countries.

Secretariat of the Internet Policy and Resource Committee, Internet Society of China (ISC)
CNNIC serves as the Secretariat of the Internet Society of China’s Internet Policy and Resource Committee. The Policy and Resource committee is in charge of tasks such as providing policy and legislation oriented suggestions to promote the growth of China’s internet, facilitating the development and application of Internet resources and relevant technologies, and actively participating in the research work of domestic Internet development and administration policies.

Secretariat of the Anti-Phishing Alliance of China (APAC)
In July 2008, a broad alliance of Chinese online commerce stakeholders, including CNNIC, all major Chinese commercial banks and web hosting companies, founded the Anti-Phishing Alliance of China (APAC) in order to tackle phishing activities that abuse .cn sub-domain names. CNNIC also functions as the secretariat of APAC.

In October 2009, the alliance announced its cooperation with two new members - Netcraft and Maxthon, who will help the alliance to process and verify various phishing reports, and add the confirmed phishing URLs to Netcraft's phishing site feed and Maxthon's phishing blacklist.

Fraudulent certificates
In 2015, Google discovered that CNNIC had issued an intermediate CA certificate to an Egypt-based firm that used CNNIC's keys to impersonate Google domains. Google responded by removing CNNIC's root certificate from the certificate store in Google Chrome and all of Google's products.

Mozilla responded to the incident, stating that ""The Mozilla CA team believes that CNNIC’s actions amount to egregious behaviour, and the violations of policy are greater in severity than those in previous incidents. CNNIC’s decision to violate their own Certification Practice Statement is especially serious, and raises concerns that go beyond the immediate scope of the misissued intermediate certificate. After public discussion... we are planning to change Firefox’s certificate validation code such that it refuses to trust any certificate issued by a CNNIC root with a notBefore date on or after 1 April 2015.""