“Why the internet is not a friendly space.”
24.11.2021 09:00

Alexander Mayrhofer, Head of Research & Development at nic.at GmbH and sister company ipcom GmbH, played a pivotal role in the genesis and development of the RcodeZero DNS Anycast service. In an interview, he explains why the internet is not a friendly space and what can be done to lessen the impact of cyberattacks.

RcodeZero DNS has been around for ten years. Why is it important for nic.at to have its own Anycast service?
We started expanding our services for top level domains (TLDs) around 10 years ago. And it was important for us to offer a name service to go with it. It is the second – and in some ways more important – component alongside our registry service operations. We ensure that registered domains can be accessed without any issues. We have direct access to the service, can set things up ourselves and influence performance. And our customers benefit from that. We offer a full package from the registry to the DNS service.

What were the developmental milestones for RcodeZero DNS?
Initially, the service ran for two generic TLDs operated by us: .berlin and .hamburg. Using the service for our own .at zone was an important step. A short time later .hu became the first TLD to choose us, despite stiff competition from far bigger providers. From that point on, we had a constant influx of new customers.

Which customers is the product of interest to?
We have two main customer groups. The first are top level domains. For TLDs, it’s good form to use multiple Anycast providers. And we are one of the most attractive for European TLDs. I’m delighted that organisations like .eu and .nl are hosting their TLDs with us because these issuing authorities have many times more domains in their zone than we do. This is a major statement of trust, given that the availability of the service is something of a holy grail. You have to bear in mind that when a country’s TLD is out of action, it means that a whole host of other things won’t work either. From all of the websites in the domain to card payments at checkouts. The second group is registrars, who provide the domain name service for their customers. While we also offer the service to businesses directly, the topic can end up being too complex and require a huge amount of consultation.

How does nic.at hold its own against the likes of Google and Amazon?
For major corporations like Google and Amazon, the DNS service is just a small part of a broad product portfolio – but for us it is a core business. We are not some behemoth where you have to fight your way through ten levels of product management to get your suggestions heard. We have to exploit this flexibility and agility to ensure that we can hold our own against the big corporations. Our customers really value the fact that they have direct contact with the people who actually built the service. On top of that, we are a European company: we can talk to customers in the same time zone, and we know them. These are qualities that North American and Asian providers simply cannot offer. Also, we are subject to the General Data Protection Regulation – GDPR – which gives our customers an additional layer of legal security.

And what are the biggest challenges that come with operating an Anycast service?
Making sure that the individual locations are in the right place is a difficult task. The topology of the internet is a secondary structure overlaid on the globe and it does not follow geographical boundaries. Getting the locations right so that users in a geographical catchment area always hit the fastest server is a challenge. We’re optimizing the process all the time. The goal is always to improve speeds.

How often does the DNS infrastructure come under attack?
The internet is not a friendly space. If there is a security flaw, it’s only a question of time before somebody exploits it. There are a lot of opportunities for attacks and it is only possible to mount a defence if your own infrastructure is a particular size. If the domain is operated on two name servers and they are both located in the same data centre, the likelihood of this service being knocked out is far greater than if they are distributed across multiple locations. More and more approaches designed to extract money from people’s pockets are emerging. And many of them are designed to extort people or exact revenge. The problem is that these kinds of attacks can be carried out anonymously. Numbers are definitely on the rise.

What actually happens during an attack?
The classic scenario is that the server affected is overwhelmed with vast numbers of queries. This compromises the connection to the server that the service is running on. One outcome is that the infrastructure is completely paralysed, meaning that all of the services running on the domain such as e-mail and websites are no longer available. And these are important resources for business. With our infrastructure, attacks like this are simply diffused worldwide. The queries end up encountering a far stronger underlying infrastructure which can reduce the impact. In an ideal scenario, the customer will not even register the attack and the service continues as usual.

What direction is Anycast moving in and what is your vision for RcodeZero DNS?
Going forward, it will be increasingly rare for companies and registrars to operate their own name servers – it’s just too much effort. The whole area is increasingly being farmed out, which is great for our product. Our customer base is growing all the time. I can imagine that it’ll be possible to call up more information from the operating data for domains in future For customers, accessing information on the status of their services is becoming more important: how much traffic is there? How is it changing? We already have a stats website where customers can access data on their domain. In future, it might be interesting to add machine learning-based analysis to this service to help pinpoint irregularities. All internet activity typically triggers a DNS query. And this information could be used by customers to gain a lot of insights when it comes to their own domains. Whether a suspicious rise in queries correlates with a specific geographical area, for example. If 300 people suddenly walk down an otherwise quiet street, then residents are going to stick their head out of the window to see what’s going on, and the exact same thing applies to the internet: DNS traffic on a domain is a good indicator of anomalies. While we are not quite at the point where we can start using this information to protect domains, I can well imagine things heading in this direction.