The Country Code Names Supporting Organization (ccNSO) is a body within the ICANN structure created for and by ccTLD (country code Top Level Domain) managers. A ccTLD is a country code top-level domain extension that is assigned to a country. Each country has their own, two-character domain extension based on the ISO 3166-1 alpha-2 country codes, such as .uk (United Kingdom), .us (United States), or .ca (Canada).
Since its creation in 2003, the ccNSO has provided a forum for ccTLD managers to meet and discuss topical issues from a global perspective. The group provides a platform to nurture consensus, technical cooperation, and skill-building among ccTLDs and facilitates the development of voluntary best practices.The ccNSO hosts TechDay at each ICANN. At NetActuate, we work with several ccTLD providers, and enjoy participating in Tech Days. Previously, we’ve spoken about BGP/Anycast and sinkholes at ICANN63 in Barcelona. The ICANN66 TechDay was very engaging and covered a broad range of topics, including the following summarized below.
Running DNS Hierarchy Using Raspberry Pi by Yazid Akahno, Benin DNS Forum
Yazid Akanho presented an inspiring look at a DNS Hackathon held in country by the Benin DNS Forum. The Benin DNS Forum, inspired by the Africa DNS Forum, gathers stakeholders and industry experts in the local domain name community together to share ideas, best practices, and ensure quality, local end-user experiences. Their goal is to build a strong, diverse, and engaged DNS ecosystem locally, and improve technical capability and entrepreneurship.
At their hackathon, participants built a complete DNS hierarchy, including root servers, using interconnected Raspberry Pi devices. Over 60 participants were split into teams, and incorporated different DNS server configurations and to recreate a 100% functional DNS hierarchy that mirrors real-world functionality. It was exciting and inspirational to see so much excitement, innovation, and effort dedicated to understanding DNS and how critical it is to the underpinnings of the Internet.
DDoS Prevention in .cz by Ondřej Filip
Ondřej Filip provided the group a look at the anycast infrastructure powering nic.cz, and in particular enhancements they have made to protect against DDoS attacks triggered by the attack against .tr (discussed at ICANN60.) The presentation showed how .cz is going about upgrading its infrastructure, with a focus on Czechia. The upgrades resulted in capacity increases from 20,000,000 to 200,000,000 QPS. To improve disaster recovery, they took an interesting approach by implementing a “hidden” PoP that can take over in the event that a catastrophic event or major failure impacts primary service.
We were impressed by their forward-thinking business continuity planning. Filip presented additionals steps that were taken to improve resiliency that included deploying of a mix of hardware architecture and software platforms. At NetActuate, this is a model we also follow, and something that we have written often about as a critical requirements for providing truly resilient services.
Fillip then showed the group his tools for performance measurement and monitoring, which we found very informative. As the chairman of DNS-OARC, a developer of BIRD, and someone that has been instrumental in DNS and Internet technology his entire career, we truly appreciated the level of expertise Filip shared in his talk.
The Cyber Justice Laboratory by Nicolas Vermeys
The host presentation at TechDay was by assistant director of the Cyber Justice Laboratory and researcher within the ATC project. It was illuminating to listen to Vermeys, a lawyer, present to a technical audience and discuss the technological perspective of what the Cyber Justice Laboratory does. To many technologists, it can often feel like laws and legal systems are antiquated and out of touch with the technological reality that exists in our world today.
Vermeys explained that cyber justice is the incorporation of information and communication technologies into judicial or extrajudicial dispute-resolution processes. The goal of cyber justice is to increase overall access to justice by 1) reducing the costs associated with administering justice, and 2) reducing the burden on both the judges and the court system as a whole.
The Cyber Justice Laboratory does this by building and testing new technologies. From creating state of the art, high-tech courtrooms, to prototyping and developing digital platforms (for example, to handle UDRP cases online). Vermeys provided a fascinating look at how our traditional legal processes can be moved forward with technology to be more accessible and efficient – resulting in a more “just” system overall.
Canadian IXP Landscape by Jacques Latour, CTO/CSO at CIRA
Jacques Latour, CTO/CSO at the Canadian Internet Registration Authority (CIRA) gave a sometimes tongue and cheek, but also serious, presentation about the Canadian IXP landscape and what it means for incumbent ISP(s) that refuse to peer locally in a country as large as Canada. We related to the challenges Latour shared on many levels, especially as we optimize and troubleshoot our global network to try to reach every global user in 10ms. Jacques called out various canadian ISP(s) continuously, and we certainly hope they were in the room to hear what was said.
The presentation walked through an initial report from PCH on internet exchange point (IXP)-building in Canada, and how adding IXPs improved local connectivity in Canada. We learned that in the last six years, significant progress has been made, with 10 new IXPs deployed in cities throughout Canada.
We also learn about the attempted launch and ultimate failure of the Ottawa Internet Exchange (OTTIX), due to ISPs buying regional carrier-neutral facilities, and then turning them into single-vendor sites. With nowhere local to call home after four facility purchases, OTTIX eventually shut down.
Latour also highlighted the shocking and shameful fact that – even given the large investment from CIRA to bootstrap regional IXPs that are showing significant success – the busiest sites for .CA are not in Canada, but in major peering centers like Ashburn.
Unfortunately, this is the logical result of Canada’s locked-in market of incumbent ISPs. While Latour did his best to call out these ISPs in a friendly manner, it’s certainly depressing to consider the negative impact financial interests can have. The presentation did end on a positive note with a discussion about CIRA’s efforts to facilitate growth in Canada’s internet landscape.
Machine Learning from .QA ( Mohaseenkhan Chinwal ) & .JP (Yoshiro Yoneya)
Next, we enjoyed two very interesting back-to-back talks about machine learning at the ccTLD level. Discussing Qatar (.qa) was Mohaseenkhan Chinwal, who was given the difficult task of identifying and classifying the .qa registry domains as business and non-business content. Using machine learning, .qa registrars used the actual content of the sites by scraping them (either directly or via other data sources), and then mapping them to various classifications in an effort to predict the probability of a domain registration being used for commercial or non-commercial purposes. Chinwal shared the challenges faced and potential improvements they may implement in the future.
Yoshiro Yoneya reported on Japan’s efforts to predict .jp domain renewal rates using machine learning. As many registries base their budget on expected renewals (in addition to predicted new registrations) this could be an invaluable tool for other registries as they plan their fiscal years. In fact, JPRS is already basing their business plan on the expected renewal rate derived from this process.
Both presenters indicated that around machine learning, there is much more to learn and discuss. JPRS welcomed engagement from other ccTLDs, as they look to open source and/or make available more details around their methodology.
Quantum Cryptography and the DNS by John Levine
Internet visionary John Levine held an engaging presentation on quantum cryptography and its impact on public key cryptography. Should we panic? Maybe! He presented a high-level overview of public key cryptography, and that qubits can represent many values simultaneously, making current methods obsolete.
Levine also discussed current operational challenges in delivering quantum computing and how new algorithms are being planned in the 2020’s, with expected hardware support by the 2030s if manufacturers take up interest. (Or are forced to.)
While this may not affect DNS, the key takeaways Levine left the audience is that 1) quantum computing is moving fast, and may move much faster than we think, 2) it’s unlikely the DNS will be dead by 2035, so be prepared, and 3) key and signature length can be a potential issue.
There were many other insightful presentations, and we thoroughly enjoyed the ICANN66 TechDay. All presentations are available online via Zoom, and we should give thanks to ICANN staff for the tremendous work it took to make this gathering possible. We know they work tirelessly behind the scenes, and it’s a privilege to be able to participate and engage.
Tech Day always provides us a wonderful opportunity to meet and connect with technology experts from around the world. As the operator of the 4th largest IPv4 and IPv6 peered network in the world, we encounter many of the same challenges that ccTLD managers face each day. In fact, we either provide service to, or peer with, many of them as customers and colleagues. Needless to say, we are looking forward with great anticipation to Tech Day at ICANN67!