A discussion of the Domain Name System (DNS), its benefits and some thoughts for Caribbean countries that might be considering arrangements similar to Saint Kitts and Nevis to acquire their own DNS servers.

http://www.freedigitalphotos.net/images/Internet_g170-Website_p11736.htmlEarlier this week, regional publications reported that the Federation of Saint Kitts and Nevis would soon be receiving its own Internet DNS (Domain Name System) Root Server (Source: Caribbean News Now). The server, which will be donated by Packet Clearing House (PCH), is expected to be a major boost for the local business community and for Internet users in the Federation. However, what does this all mean and will the rest of the Caribbean be left behind?

DNS 101

As mentioned in most of the news reports on this new development in Saint Kitts and Nevis, the Domain Name System (DNS) is considered to be the phone book of the Internet. It maintains the namespaces (or identifiers) used for human-readable domain names (e.g. www.test.com) and the Internet Protocol (IP) address system, and provides translation services between the two. The DNS server stores those records, and facilitates the necessary transactions.

The DNS is considered part of the critical infrastructure necessary to successfully operate the Internet. Critical infrastructure would include the

… physical transmission lines of all types, such as wired, fiber optic and microwave links, along with routing equipment, the accompanying critical software services like the Domain Name System (DNS), Email, website hosting, authentication and authorization, storage systems, and database servers are considered critical Internet components… (Source: Wikipedia)

Currently, there are over 300 DNS root server locations world wide, which are duplicates of the initial 13 and main root name servers specified. However as at the publishing of this post, none are located within the English-speaking Caribbean. Root servers can be found in Columbia, Mexico, Panama Puerto Rico, Sint Maarten and Venezuela (Source: root-servers.org).

Benefits of a locally-based DNS root server

Establishing a DNS root server in country has some distinct of benefits:  

  1. Self reliance. It brings some of the critical Internet infrastructure elements onshore, thus allowing DNS processing to occur locally. Additionally, having such resources under domestic control is considered an essential element in any national cyber defence strategy, where a key objective is to be self reliant within one’s borders (Source: PCH)
  2. http://www.freedigitalphotos.net/images/Computer_Networks_g351-Global_Network_p22992.htmlSpeedier processing. DNS queries no longer have to be transmitted internationally in order to be processed. When done domestically, queries are resolved faster leading to faster page access.
  3. Increased capacity. Globally, the number of Internet users is growing exponentially, and correspondingly, Internet infrastructure must also increase to accommodate that demand whilst maintaining optimum performance. A domestic root server would allow the majority of the locally-generated queries to be processed in-country, thus lightening the burdens that offshore root servers would have to bear.

In the case of Saint Kitts and Nevis, the deployment of a DNS root server is a highly progressive initiative, in light of the limited work that its sister Caribbean countries have undertaken to date on this matter. The installation is supposed to be part of a suite of activity, which would include the establishment of an Internet Exchange Point, another piece of critical Internet infrastructure. Furthermore, the country has publicly stated its intention to establish itself as a digital society, and the alacrity with which it is pursuing this goal, could result in a distinct competitive advantage in the region.

Can other countries get a similar deal to Saint Kitts and Nevis?

The donation of the DNS equipment by PCH to the Government of Saint Kitts and Nevis is not an exclusive arrangement. In May 2012, at the 10th Ministerial Strategic ICT Seminar, hosted by the Caribbean Telecommunications Union, the PCH had committed to provide “certain equipment and services” to Caribbean countries that desired to make the Internet faster, more efficient, more reliable, and less expensive within its borders, while strengthening its cybersecurity posture and self-sufficiency” (Source PCH). In return, the organization pledged to provide a country (or Host) with:

  • One or more root nameservers
  • ccTLD nameservers for more than one hundred countries
  • gTLD nameservers for multiple generic Top Level Domains
  • Anycast DNS service for Hostʼs own ccTLD
  • DNSSEC support for Hostʼs ccTLD, as well as any centrally-administered second-level domains
  • Support for any Internet Exchange Points within Hostʼs country as may be requested
  • Training and advice in national-level cybersecurity as may be requested (Source: ibid.)

Matters for further consideration

An arrangement between PCH and countries within the Caribbean to supply the pledged equipment would most likely be a welcomed option to fulfil such a marked deficiency in the region’s Internet infrastructure. It is emphasised that just an excerpt of the fuller agreement has been made publicly available, and so the fuller document would have to be closely examined. Nevertheless, it is important to begin to consider the wider implications of the offer, some of which are outlined below.

  • Commitments of host country. As part of that agreement, host countries would be required to provide suitable housing and some technical support. However, in the event that the government cannot satisfy those requirements internally, it may have to procure them. Government tender procedures might need to be implemented, and a budget allocation might be necessary for what could be a recurring expense to satisfy those and any additional country/host commitments that are stipulated in the fuller agreement.
  • http://www.freedigitalphotos.net/images/Emergency_Services_g211-Magnifying_Glass_On_White_p31208.htmlSovereignty and national security. The equipment provided to countries by PCH remains its property and constitutes a “PCH Node”. The countries do not control that equipment. From a national security or cyber security perspective, the question ought to be asked, “should others control such critical Internet infrastructure elements in country?” It is thus important to carefully examine the proposed arrangements to determine (and possibly negotiate) the procedures that would be implemented from a national security perspective.
  • Quality of Service. Although no system is perfect, it is important to consider acceptable Quality of Service standards, since a malfunctioning DNS server would be highly disruptive to all local Internet users, but more so to the business community. Hence matters such as fault frequency, remediation period, scheduled maintenance and redundancy, ought to be considered.
  • Capacity building opportunities. As technology evolves and equipment becomes more sophisticated, the components offered by PCH to the countries are likely to require minimal configuring and maintenance. Noting that the equipment remains PCH’s property and that host countries must provide basic technical support, such as via “remote hands”, there might be limited opportunities for capacity building or knowledge transfer throughout the entire duration of the installation.
  • Longer-term plan. It is currently not clear for how long PCH intends to provide the pledged equipment and services, but it is unlikely to be an indefinite arrangement. From the outset, countries should be devising a transition plan to, ideally, a situation where they own and operate all of those critical resources. If this is planned, it can be properly budgeted for, and provision can be made for appropriate recruitment and training, as might be needed, to facilitate a seamless transition at the appropriate time.

 

Do you think it is a good idea for countries to get their own DNS root servers?

Image credits: Salvatore Vuonojscreationzs; Master / FreeDigitalPhotos.net

__________________