ipcom’s RcodeZero DNS Anycast service is ten years old – more than 40 servers worldwide are keeping customers’ DNS infrastructure safe.
An outage or attack on the domain name system (DNS) can have a devastating impact on a company as it affects crucial services, including websites and e-mail systems. So it is essential that the DNS infrastructure is robust and failsafe. And this is where Anycast technology enters the frame: for ten years RcodeZero DNS, operated by nic.at sister company ipcom GmbH, has been keeping top level domain (TLD) registries’, Internet service providers’ and companies’ DNS infrastructure safe. In DNS-speak, rcode 0: means “no error”. “Customers benefit from the highest availability, maximum protection from distributed denial of service (DDoS) attacks and short response times,” explained Richard Wein, CEO of nic.at GmbH and ipcom GmbH. And the customer portfolio is growing all the time: to date, more than 25 international TLDs with approaching 21 million domains between them and more than 100 providers and companies with a further 3.8 million are using the Anycast service.
This success was by no means assured from the outset, though, with nic.at having to play a pioneering role to begin with. Ten years ago, the issuing authority for .at was one of the first to develop and offer an Anycast service. “It was uncharted territory for us,” confirmed CEO Wein. But the offering resonated well with prospective customers, and Hungary was the first top level domain to choose the service, for .hu. “As a registry, we know what other registries need,” Wein noted. For the experienced registration body, building up an Anycast network represented the perfect addition to the existing portfolio, putting RcodeZero DNS in direct competition with the services offered by major providers such as Amazon and Google. CEO Wein spotted a potential advantage: “We have a 24/7 emergency hotline for customers, there are dedicated contacts and not just some anonymous call centre.” As a small, agile provider, ipcom is ideally placed to respond rapidly to customer requests. Alexander Mayrhofer, Head of Research & Development, summed up the advantages: “We offer a full package, from registry to DNS services. We have direct access to service support, can set things up ourselves and influence performance. Our customers benefit from that.”
More than 40 locations worldwide
How does RcodeZero DNS work? Normally each server has its own IP address and all queries directed at this address reach a specific server. This can lead to delays and, in a worst case scenario, outages. The RcodeZero DNS Anycast servers are spread out all over the world – from Vienna to Seattle and Sydney – and ensure that online services are available under one and the same IP address. If one server drops out, the next in line topologically takes over. This reduces response times and lessens the overall load on the network. While this involved seven locations just ten years ago, today there are more than 40, which in turn are split into two clouds. “We are getting bigger, more stable and delivering stronger performance all the time,” said Klaus Darilion, Head of Operations and a key player in the development of RcodeZero DNS. Unlike ten years ago, Anycast is now the standard in the domain industry. “Both registrars and registries use at least two or more providers for secondary DNS to deliver security for their zones. And we are one of the most attractive providers on the European market,” he explained. It is possible to fully outsource the DNS infrastructure as primary DNS or to use RcodeZero DNS as a secondary DNS to complement the infrastructure that is already in place.
Major, big name customers on board
Following Hungary’s lead, numerous other European issuing authorities have chosen RcodeZero DNS as their secondary Anycast provider over the years. .eu, .pt and .nl are just some of the top level domains using the product to add an additional layer of protection for their infrastructure. Robert Schischka, technical Managing Director of nic.at and ipcom said: “We are delighted to have won over so many TLDs with our product. These top level domains are significantly larger than we are. There was an extensive selection process with lots of criteria that had to be satisfied. People trust us, quality shines through.” Customers also include major international registrars such as German internet providers united-domains AG and IONOS, as well as MarkMonitor, a provider from the USA. External name service monitoring confirms that the RcodeZero DNS network is one of the most reliable Anycast services out there and a highly trustworthy global provider. And to ensure things remain that way, the service is constantly being extended: in one such example of its evolution, the DNSSEC signing service is now included in every RcodeZero DNS package for free. DNSSEC technology is a security extension for the DNS that guarantees the authenticity and data integrity of DNS transactions. Among other things, it prevents users from being redirected to manipulated websites. “This is a complex specific topic that we have addressed extremely effectively. Many registrars are looking to outsource this service,” Schischka added. On top of that, the RcodeZero DNS network of DDos mitigation providers is protected against attacks at the global level.
Reliability and stability are important criteria as DDoS attacks are increasing all the time. R&D manager Alexander Mayrhofer added a word of caution: “The internet is not a friendly space. If there is a security flaw, it’s only a question of time before somebody exploits it.” And demand for Anycast will increase as a result.