Together for better stability, speed and further extensibility of the DNS ecosystem

Over past years, various DNS software developers tried to solve the problems with the interoperability of the DNS protocol and especially its EDNS extension (RFC 6891 standard), by temporary workarounds, which aimed to lend their software an ability to temporarily accept various non-standard behaviors. Unfortunately, time has shown that this attitude of adding temporary workarounds is not a long-term solution, especially because the implementations not fully complying with standards were seemingly functional and there was no reason for a permanent fix. The result of these makeshift solutions is their accumulation in the DNS software, leading to a situation where there are so many of them that they themselves begin to cause problems. The most obvious problem is slower response to DNS queries and the impossibility to deploy new DNS protocol feature called DNS Cookies, which would help reduce DDoS attacks based on DNS protocol abuse.

Almost 4 million new gTLDs disappeared in 2017

Last year was not a good year for new generic domain names (new gTLDs). While a number of domain names became available for registration, the total number of new domain names decreased for the first time in its history. While there were 27,710,468 domain names registered at the beginning of the year 2018, only 23,823,948 saw the end of the year. Domain holders in the Czech Republic had a total of 23,245 new gTLDs registered, i.e. less than 0.1 %.

New statistics and increase in popularity of elliptic curves in DNSSEC

It has been almost half a year since we presented the intention to change the DNSSEC algorithm for .cz zone DNSSEC key at our IT 16.2 conference. In his presentation, our colleague Zdeněk Brůna described in detail the advantages of algorithms based on elliptic curves, especially the ECDSA algorithm. However, due to the situation where this step cannot be done because of the lack of support for this algorithm in the root zone, our activities have shifted to mainly educate and monitor the impact of this education on the state of support for this new technology. At a seminar with registrars that we held at the end of February, we noticed a positive response to some ECDSA properties, such as smaller zone file size or smaller DNS response size. Some registrars have already declared interest in switching to ECDSA. At the same time, the registrars have suggested that we publish statistics on our site showing how different DNSSEC algorithms are used in the .cz zone. We liked this idea and we are now publishing these statistics.

Reducing TTL in the .cz zone

DNS records contain a lot of important data, including the information on how quickly such data becomes obsolete, the so-called TTL (Time To Live). TTL in the DNS indicates for how long the data can be stored on a recursive nameserver (resolver) without it being retrieved from an authoritative nameserver. The lower the TTL, the more frequently resolvers query authoritative nameservers and obtain the most recent data. At the same time, however, a short TTL causes heavier load on nameservers, and if DNS records do not change often, the TTL is usually set to several hours.

The mojeID service as an inspiration for other European domain registries

One of the important features of the mojeID service launched by CZ.NIC seven years ago is its integration with the domain registration system. Multi-step verification of the provided data serves as a method of increasing the accuracy of contact details in the .CZ domain registry. As a bonus, the contacts verified this way can use the mechanism of a single sign-on using authentication protocols on websites that offer such an option. As might be expected, among such websites there are also portals of some of our registrars, two of which have lately even ranked among the 10 services with highest login count. The concept of linking a domain registry to a digital identity (eID) has long been the subject of many questions from foreign domain registries and numerous presentations at international conferences. Now it seems that other foreign registries decided to implement this concept.

The world of domains in numbers (and graphs)

After some time I would once again like to come back to the domain statistics and question about how many domains there are in the world. This time I will accompany the number 276 million representing the total number of registered domains by several graphs and information based on statistics of the organizations Verisign and CENTR (Council of European National Top Level Domain Registries).