Keeping the Internet Directory Safe From the Tear
The internet directory, in principle, consists of two parts: a system for domain registration and a system for translating domain names into IP addresses (DNS). DNS servers translate human needs into meaningful computer activities. The operation of medical equipment, e-commerce, social networks, applications that we use every day wouldn’t be possible without it. Do you remember when the entire East Coast of the United States was left without the internet? It happened because the DNS of the largest internet provider on the East Coast of the USA was under attack! It was estimated that sites such as Shopify lost $ 12,000 per hour. Larger sites, such as Amazon, may have lost 30 to 50 million US dollars a day that year.
So far, we have been introduced to the system for translating domain names into IP addresses (DNS). Now we move on to the next one.
What Is a Domain Registration System and How Does It Work?
The domain registration system serves to provide customers with a real-time answer to the question of whether a domain is taken. And, if not, to carry out all necessary activities after receiving the command “register this domain”.
This is an extremely simplified principle of operation of the domain registration system in which the participants are you, the company that provides you with the domain registration service and the domain register (directory). The company that provides you with the registration service is called the registrar. While the company that maintains the domain directory is called the registry. So in this example, we see how a couple of letters can make a huge difference. Therefore, let’s simplify things by dividing the directory into two parts. The first part is for “translating a name into an IP number” (DNS). And the second part is for executing the command “register my domain”. This is a part of the directory where the registrar and the registry cooperate on registering a domain.
Internet directory operation can be compromised in several ways, but in general, the dangers can be classified as technical or commercial. The technical danger is – an extension that is unavailable. While commercial is – an extension that is not trusted. For now, let’s focus on the technical risks to which directories are exposed. This will help us to better understand how we can defend them.
How to Defend Internet Directory Against Technical Attacks?
The technical aspect is based on the availability of both the computer systems and the DNS. Among the more serious ones in this group are the so-called DDoS (Distributed Denial of Service) attacks. When the system is under a DDoS attack it stops responding to queries because it is being overloaded. In simple words – it does not manage to respond to everyone. You will understand the seriousness of the potential danger if we tell you that the number of queries to the directory “translating a name into an IP number” is measured in billions on a daily basis. And in the directory, i.e., .ME domain, a significant jump occurred in June 2020, when the number of queries doubled.
In the world before the Internet, a DDoS attack would look like a single phone booth with a paper phone book in entire New York. What do you think, how long would be the line in front of that phone booth? Now imagine that you are a person waiting in line for information. When it’s finally your turn and you start looking for what interests you, people left and right start hollering at you constantly. The fact is that, sooner or later, they would start to disturb you to such an extent that your focus, instead of looking for information, would shift to defending yourself from harassment., And all those waiting in line behind you would have to wait to get a chance to look for an answer.
Internet Directory: Better to be Safe than Sorry
Such problems, DDoS attacks, are solved preventively., mainly by positioning the equipment on internet nodes with high bandwidth. However, if the attack starts, the traffic is regulated in cooperation with the partners through whose networks the attacks come. For small network operators, such attacks generally lead to big problems. But, don’t be fooled – they also happen to large systems.
Another preventive solution is to position a large number of “copies” of directories around the world so that the answers to the queries are evenly distributed geographically. As you can see, an effective defence against DDoS attacks is by positioning the equipment at large nodes and at a large number of locations.
However, it is not only one part of the directory that is at risk.
The other part of the directory, the one in charge of executing the “register my domain” command, is in the same danger of a DDoS attack. That part of the directory also requires a lot of attention because many business activities take place through it., Such as: “register my domain”, “move my domain from one location to another”, “renew my domain” and many others.
To get a complete picture, we will only mention that in October 2020, 85 million commands were executed by business partners within the registration system. By a simple calculation, we can conclude that it was about 8.2 commands every second. However, the greatest load on the system was experienced in April., In one day, 12.28 million queries (142 commands per second) were executed.
Afilias
There are only a few companies in the world that are able to meet all these challenges, and one of them is Afilias. The company is based in the USA and its infrastructure, in addition to .ME domain, also includes .info, .org, .au and some others. Afilias technically maintains both directories (for domain registration and for translation into IP numbers). So far, their system has proven to be robust and adequate for global business.
Every day, we expect that the query from the directory “translate the name into the IP address” happens in milliseconds. When we use apps like Facebook (fb.me) or Telegram (t.me) we expect them to be fast. If we order food in China via the Ele.Me app or r rent a Lime scooter (li.me) in some European city we want an immediate response. Also, when we want to register a new domain, it always seems that we have to complete the procedure quickly., If we don’t, someone else might snap it up. We can only breathe a sigh of relief when we enter the payment card number and click on the “Register” button. That is when the magic happens and that domain is made available to us to use.
The most important thing is to understand that the system of an efficient internet directory is responsible for the smooth operation of money transactions. This is measured in billions on a daily basis. Naturally, this system must not be poorly designed, nor be located in slow locations, and must not be susceptible to attacks of any kind. Technical robustness is just one of two key factors. Trust in the system is the other
