Three years with Turris

A couple of weeks ago, I got an email informing me that it had been almost three years since my entry into the Turris project, and I could now purchase the router for a symbolic price of one crown. I did that right away to test for my colleagues whether the system works well; however, it also brought back nostalgic memories. Because three years ago I had the same goal – to test whether everything was working properly – when I filled what was probably the first router lease contract. Those three years have gone by in a flash, so it is perhaps a good time to stop and look back.

Reducing TTL in the .cz zone

DNS records contain a lot of important data, including the information on how quickly such data becomes obsolete, the so-called TTL (Time To Live). TTL in the DNS indicates for how long the data can be stored on a recursive nameserver (resolver) without it being retrieved from an authoritative nameserver. The lower the TTL, the more frequently resolvers query authoritative nameservers and obtain the most recent data. At the same time, however, a short TTL causes heavier load on nameservers, and if DNS records do not change often, the TTL is usually set to several hours.

The mojeID service as an inspiration for other European domain registries

One of the important features of the mojeID service launched by CZ.NIC seven years ago is its integration with the domain registration system. Multi-step verification of the provided data serves as a method of increasing the accuracy of contact details in the .CZ domain registry. As a bonus, the contacts verified this way can use the mechanism of a single sign-on using authentication protocols on websites that offer such an option. As might be expected, among such websites there are also portals of some of our registrars, two of which have lately even ranked among the 10 services with highest login count. The concept of linking a domain registry to a digital identity (eID) has long been the subject of many questions from foreign domain registries and numerous presentations at international conferences. Now it seems that other foreign registries decided to implement this concept.

Looking back at the first round of the cyber competition

The ongoing first nationwide competition in cyber security attracted not only students of technical fields, but also many gymnasium students. The first round of the competition was attended by 1,067 participants from 162 schools of various specialization from across the country. The only restriction was the age (15-18 years), in order that the most successful competitors be qualified for the European Cyber Security Challenge. Most students came from the Prague, South Moravia, Pardubice and Vysočina regions.

IPv6 – Unwanted Child?

Near the end of the old year, a juicy discussion broke out in the “main” IETF mailing list. Although it was ignited by a bizarre proposal of IP version 10, in reality it reflects a general frustration caused by the sluggish pace of IPv6 deployment. John Klensin, one of Internet’s grandfathers, expressed a surprisingly sceptical and self-critical opinion. He means that IPv6 proponents gradually lose on credibility: “[We] spent many years trying to tell people that IPv6 was completely ready, that all transition issues had been sorted out and that deployment would be easy and painless. When those stories became ever more clearly false, we then fell back on claims or threats that failure to deploy IPv6 before assorted events occurred would cause some evil demon to rise up [and] devour them and their networks. Most of those events have now occurred without demonstrable bad effects; …”

DNSSEC has become mainstream

This year’s December 5 made it into the history of Czech Internet security by crossing a significant threshold. From this date, in the registry of .cz domains there are more domains with DNSSEC security than those which lack this protocol extension. Information provided by DNS systems of more than 51% (653,297) of .cz domains can now be authenticated to ensure that it was not spoofed on the way to the user.

Main French Internet provider Orange blocks traffic to Google

Monday 17 morning Orange clients could not connect to not only Google but also Wikipedia or OVH, biggest French hosting company. Most people got an error message saying that the site wasn’t reachable. Some ended up on a scary page telling them they tried to reach a terrorist website. This page was set up to by the French Ministry of Interior after an anti-terrorist law was passed in November 2014 to allow the police to
request censorship of websites.

…and they’re gone

What am I talking about? The first Turris Omnia routers, of course! By this moment, the first routers should be unpacked and pleasing their new owners. Not many of our projects in CZ.NIC brought us as much joy and as many troubles at the same time. The joy came right at the beginning. First prototypes were finished in record time. Tests showed that despite the great performance and a significant number of connectors we managed to maintain a very compact size and reasonable consumption. Naturally, the main joy came when during our Indiegogo campaign, we collected the required amount of USD 100,000 in less than 24 hours (the total amount as of today is almost twelvefold). The reception in the world media was also great.