2010 - Year in Review
2010 was a busy year for the Internet in general and was a wonderfully busy year for CommunityDNS. As 2011 begins we can't help but reflect on the various milestones reached within the CommunityDNS family.Along with the Internet's two major developments, being DNSSEC and IDNs, other items of note for 2010 include DNS Resilience, Community Growth as well as that seemingly hidden word, Capacity.
DNSSEC
Short for DNS SECurity, DNSSEC is a necessary step forward in the Internet's evolution. While still much work needs to
be done in this area, CommunityDNS is pleased to see the beginnings of this rollout. Earlier this year the ROOT Zones
were signed with DNSSEC. .TM, who CommunityDNS helped sign in 2009,
(http://www.businesswire.com/news/home/20091029005450/en) was in the first group of registries to have their DS record
anchored in the ROOT.
Security-DNS.net - Zone Signing Made Simple
Having developed and run DNSSEC testbeds for various ccTLDs in 2004, 2005 and 2007, along with our efforts in signing
.TM, CommunityDNS rolled-out the highly-secure Security-DNS.net tool that may
be used for the signing of zones; whether the zones are for the whole registry or for an individual name. This Zone
signing made simple DNSSEC signing tool supports NSEC, NSEC3 as well as NSEC3 with OptOut and is 100% compliant and
compatible with CommunityDNS, BIND and NSD.
DNSSEC Performance Testing
In 2010 CommunityDNS also conducted extensive testing of CommunityDNS, BIND and NSD platforms (http://communitydns.net/DNSSEC-Performance.pdf) and how they
handled different sized zones, whether unsigned or signed with DNSSEC. With Bath University's Innovation Centre
ensuring consistency of testing across the three DNS platforms tested, CommunityDNS easily outperformed BIND and NSD
when handling unsigned and signed zones. The zone sizes created for the test were: 7,691 records, 240,419 records,
19,405,299 records and 57,873,014 records respectfully. The report illustrates both efficiencies as well as
inefficiencies of the various platforms.
The following charts illustrate CommunityDNS' efficiency in handling various sized zones whether unsigned or signed on exactly the same low cost commodity hardware.
.Net Names Signed
The day after .net was signed CommunityDNS, in using Security-DNS.net had its DS records in hand for its various .net
names. All of CommunityDNS' .net names are now fully singed.
CEO Chosen as Trusted Community Representative
Paul Kane, CEO of CommunityDNS, was chosen by ICANN to be one of seven people from around the globe to be a Trusted
Community Representative (TCR) (http://communitydns.net/ROOT-DNSSEC.html) who is responsible for safe-guarding a share
of the ROOT Zone's DNSSEC Recovery Key.
IDNs
Growth and inclusion are two basic elements of the Internet. This year the rollout of IDNs (Internationalized Domain
Names) are allowing ccTLDs to deliver domain names in languages other than the basic Latin character set. No longer are
Internet URLs restricted to the traditional Latin-ASCII character sets, URLs at the top level domain can now be issued
in Arabic, Cyrillic, Chinese, and Russian, to name a few. CommunityDNS has long been a supporter of the use of IDNs and
is experienced in handling IDNs. Prior to IDNs being offered at the TLD level CommunityDNS has a multi-year history of
supporting clients who were using IDNs at the secondary domain level.
DNS Resilience
CommunityDNS was proud to be chosen by the DNS Infrastructure Resilience Task Force to deliver a study regarding the
resilience of the DNS for the EU and its Member States. The study was commissioned by the EU's Directorate-General for
Justice, Freedom and Security. The study was completed during the first quarter of 2010.
Growth
CommunityDNS continues its growth in bringing resilience to users of the Internet. By the end of 2010 CommunityDNS was
supporting over 140,000,000 names, which translates to over 68% of the Internet!
Capacity
Capacity, the seemingly hidden word in the general DNS discussion, is highly important for providing for a network that
is highly resilient. Having a platform with a number of distributed nodes is important, but still lacks if "platform
efficiency" and "capacity" are not properly figured into the equation.
Hong Kong Traffic Spike
A network can't easily support over 68% of the Internet without having ample capacity to ensure resilience. While we
have always been able to discuss how optimally designed CommunityDNS' platforms are, August, 2010, provided an
outstanding example of the strength of CommunityDNS' platform; an event where people took notice. A traffic spike hit
our node in Hong Kong (http://communitydns.net/spike.html) For the duration of the spike, lasting just under two hours,
CommunityDNS' node comfortably handled over 863,000 queries per second. We have seen other DNS platforms fail at having
to deal with lesser volumes of traffic. When extrapolating the amount of queries a single node handled in Hong Kong,
you will find as a network CommunityDNS can, today, easily handle 35,383,000 queries per second. That's staggering!
Taking on What Other's Can't Handle
In the last major attack CommunityDNS ended up answering 50% more queries for the customer as their other DNS providers,
also under attack, could not handle the load; thus resolvers were automatically switching more of their traffic to
CommunityDNS. This is not uncommon as where ever networks can't handle the load CommunityDNS typically absorbs the
overflow.
Another item to note about capacity within CommunityDNS' global network, in 2010, on an average day, CommunityDNS would process 20Gb per second of traffic inbound while also processing 50Gb per second of traffic outbound. In early 2011 we have already seen this number increase.
So, yes, Capacity is very important.
On the Horizon
For 2011 we expect to play a larger role with our clients regarding DNSSEC and their respective rollouts, further
involvement of IDNs and continued network growth. The other element expected to be an item this year is that of IPv6.
Understanding how the Internet has developed greater than originally imagined and understanding the alarming importance
of an ever decreasing number of available IPv4 addresses, CommunityDNS incorporated IPv6 into its initial platform
design. Since CommunityDNS' platform was first released the network has been fully native IPv4 and native IPv6
compliant. With that said we look forward to playing a greater roll with our clients in helping to support their IPv6
needs.
So yes, 2010 was a wonderfully busy year for CommunityDNS. We look forward to an exciting 2011!
About CommunityDNS
With offices in the US, the UK and Japan, CommunityDNS is the global Anycast provider whose network was engineered for security, optimized for speed and designed for resiliency. Successfully supporting over 120 million domain names from over 97 TLDs, CommunityDNS processes 25 billion queries per day. With security integral in the network's initial design, CommunityDNS was chosen to work in a study commissioned by the EU Commission's office of the Directorate General for Justice, Freedom and Security regarding Internet resiliency for the European Union. Fully supporting IPv6, DNSSEC and IDNs, CommunityDNS provides global DNS Anycast services, fully managed DNS platform services and DNS white-labeling.
More information regarding CommunityDNS may be found at http://www.cdns.net/facts.html