On August 14, over 50 representatives of internet organizations met at the headquarters of DENIC, the German top-level domain registry, to attend the first ID4me summit. ID4me is the current name of the project, which was started last year under the name DomainID — I mentioned it briefly in my presentation at our last year’s conference IT 17.2. It was initiated by the .DE domain administrator, together with the major German registrar 1&1, and Open-Xchange, the operator of online collaboration tools. However, there are many other companies that are willing to support it, including the UK domain registry Nominet. The goals set by the project are quite familiar to us — reducing the number of passwords and registrations that people need while using the Internet. Like CZ.NIC with its mojeID project, the authors of ID4me have come to the conclusion that the domain world is just the place for an attempt to achieve these goals.
Over past years, various DNS software developers tried to solve the problems with the interoperability of the DNS protocol and especially its EDNS extension (RFC 6891 standard), by temporary workarounds, which aimed to lend their software an ability to temporarily accept various non-standard behaviors. Unfortunately, time has shown that this attitude of adding temporary workarounds is not a long-term solution, especially because the implementations not fully complying with standards were seemingly functional and there was no reason for a permanent fix. The result of these makeshift solutions is their accumulation in the DNS software, leading to a situation where there are so many of them that they themselves begin to cause problems. The most obvious problem is slower response to DNS queries and the impossibility to deploy new DNS protocol feature called DNS Cookies, which would help reduce DDoS attacks based on DNS protocol abuse.
Last year was not a good year for new generic domain names (new gTLDs). While a number of domain names became available for registration, the total number of new domain names decreased for the first time in its history. While there were 27,710,468 domain names registered at the beginning of the year 2018, only 23,823,948 saw the end of the year. Domain holders in the Czech Republic had a total of 23,245 new gTLDs registered, i.e. less than 0.1 %.
On the 15th of November, following the prior maintenance notification, our system administrators have successfully installed a new version of FRED, the system that is the basis of the .cz domain name registry (as well as national domain name registries in a dozen of other countries). What does that actually mean though?
I hope former US President Ronald Reagan would forgive me for borrowing and altering the slogan of his presidential campaign. After all, quite a few people seem to be doing it these days.
It has been almost half a year since we presented the intention to change the DNSSEC algorithm for .cz zone DNSSEC key at our IT 16.2 conference. In his presentation, our colleague Zdeněk Brůna described in detail the advantages of algorithms based on elliptic curves, especially the ECDSA algorithm. However, due to the situation where this step cannot be done because of the lack of support for this algorithm in the root zone, our activities have shifted to mainly educate and monitor the impact of this education on the state of support for this new technology. At a seminar with registrars that we held at the end of February, we noticed a positive response to some ECDSA properties, such as smaller zone file size or smaller DNS response size. Some registrars have already declared interest in switching to ECDSA. At the same time, the registrars have suggested that we publish statistics on our site showing how different DNSSEC algorithms are used in the .cz zone. We liked this idea and we are now publishing these statistics.
DNS records contain a lot of important data, including the information on how quickly such data becomes obsolete, the so-called TTL (Time To Live). TTL in the DNS indicates for how long the data can be stored on a recursive nameserver (resolver) without it being retrieved from an authoritative nameserver. The lower the TTL, the more frequently resolvers query authoritative nameservers and obtain the most recent data. At the same time, however, a short TTL causes heavier load on nameservers, and if DNS records do not change often, the TTL is usually set to several hours.
One of the important features of the mojeID service launched by CZ.NIC seven years ago is its integration with the domain registration system. Multi-step verification of the provided data serves as a method of increasing the accuracy of contact details in the .CZ domain registry. As a bonus, the contacts verified this way can use the mechanism of a single sign-on using authentication protocols on websites that offer such an option. As might be expected, among such websites there are also portals of some of our registrars, two of which have lately even ranked among the 10 services with highest login count. The concept of linking a domain registry to a digital identity (eID) has long been the subject of many questions from foreign domain registries and numerous presentations at international conferences. Now it seems that other foreign registries decided to implement this concept.
After some time I would once again like to come back to the domain statistics and question about how many domains there are in the world. This time I will accompany the number 276 million representing the total number of registered domains by several graphs and information based on statistics of the organizations Verisign and CENTR (Council of European National Top Level Domain Registries).