Could somebody have made you care about the financial industry a year ago? When the financial crisis struck, do you remember anybody shouting at you about the impending doom beforehand? This is how I feel about CIRA. Nobody’s screaming at you to pay attention, or give a darn, but that doesn’t make what CIRA does less important, or less critical.
The CIRA (Canadian Internet Registration Authority) elections are happening this week and there appears to some misinformation about the role DNS plays in our daily lives and the dot-CA infrastructure managed by CIRA. As the top level domain (TLD) service provider for dot-CAs (domain names that ends in .ca), CIRA plays a critical role in keeping Canada’s 1.3 million dot-CA domains working trouble-free by mapping domain names (such as techsmb.ca) to DNS nameservers, otherwise known as DNS authorities.
Interesting stats and information about CIRA:
- CIRA servers deal with 25,000,000 requests per hour, an increase of 37.6% from one year ago.
- There are currently 1.2 million dot-CA domain names.
- 64.5% of dot-ca holders are organizations. 35.5% are personal dot-CA domain name holders.
- CIRA has experienced a 20 percent growth rate, and 74.9% renewal rate each year.
- To ensure stability and continuity of the registry, CIRA is working toward having a full year’s operating costs accumulated.
- Contrary to certain statements, CIRA is not government funded. It is 100% funded through domain registrations.
- Telephone companies operate at “five-nines” or 99.999% reliability. That translates into 5 minutes of downtime per year. In contrast, CIRA operates at 100% uptime. If CIRA’s DNS stopped responding for 60 seconds, hundreds of thousands of online actions would fail.
How does DNS work?
For those of you still reading this, DNS (short for domain name service) maps friendly names such as ‘google.ca’ to machine readable IP numbers like ‘74.125.43.147′.
Next to IP routing, DNS is the single most important service on the Internet today.
In order for DNS to work, there has to be a lot of coordination at the top. This is why TLDs such as CIRA are important. Without TLDs, we wouldn’t know which nameservers to query for a particular domain name. If we can’t do that, we won’t know which IP address to query for the information we’re looking for.
As often is the case with this kind of stuff, a diagram can be helpful. Below is a step-by-step DNS query process. It’s very high level and I’m sure will irk some DNS purists, but the goal here is to keep is simple. Steps 1-6 illustrate DNS, while steps 7 and 8 show the web request made after the DNS query has been provided (because DNS would be useless if we didn’t use the address for something in the end, right?).
Note: TechSMB does not have its own datacentre, it was illustrated this way for simplicity. For a larger version of the diagram click the image.
To recap:
- TLDs (such as CIRA in the case of dot-CAs) map domain names to domain authorities (ie. nameservers) that map names to IP addresses.
- Domain authorities map host records (ie. ‘www’, ‘ftp’, ’smtp’, etc) to real IP addresses.
It’s important to note that TLD service providers DO NOT map domain names to IP addresses; rather, this service is provided by a domain authority. A domain authority for a domain can be anyone. Your company might be the authority for your organization’s domain name. The domain authority maps a host record to an IP address. To put it in post office terms, CIRA will get your letter to the local post office in the correct country/province/city. The domain authority is the mail carrier familiar with the street address where the letter is being delivered.
Why you should care about CIRA and the elections
dot-CA domain holders and CIRA members have been apathetic almost to the point of tradition, when it comes to the yearly elections. My concern is that directors voted to the board by participants with agendas and special interests are not reflective of the general membership. The long-term risk of board leadership elected by those with special interests, whom do not represent the general membership could set CIRA on a course that may not be in-line with the wishes and interests of its majority.
For this reason, I encourage all domain holders to become informed and active members, and all members to vote in this election and become educated on the important role that DNS plays in your connected life.
CIRA is a membership driven organization, meaning it is what YOU make it. Now get out there and vote for the candidate who best represents you!
To learn more about CIRA and the elections:
- CIRA 2009 Board of Directors Candidates
- 60 Seconds in the life of CIRA (CIRA Elections home page)
- CIRA 2009 Annual Report (pdf)
Related posts:
- CIRA elections are coming and I’m hoping to make a difference The CIRA elections are once again upon us I’ve...
- Informative video from CERA: “DNS explained” I wrote a post not too long ago that...
- CIRA Announces Results for 2007 Board of Directors Election. The CIRA 2007 Board of Directors election results were...
- Do you have a .CA domain name? Have you voted yet? If you own a .CA domain name, you were...
- 2007 CIRA Election Flawed After this week’s election mess, CIRA might wish to...
{ 1 trackback }
{ 6 comments… read them below or add one }
Ben, I know you’re a busy lad thanks for taking the time to do this post. No matter how many resources an org throw at educating the public it’s posts like these that help spread the message and ultimately teach the n00bs (like me).
Ryan, thanks for your kind words. It’s a recurring problem I have (getting people interested in CIRA and Internet infrastructure). It’s not the average Joe’s fault… the technology tends to work and public policy isn’t of great interest to many people. Thanks for taking the time to read this and for taking the first step!
Thanks Ben, for that fantastic post. It should help both non-techies and techies alike. On the one hand, it serves to explain exactly what we do to the uninitiated. On the other hand, it also helps to illustrate exactly why we put so much time and effort (and money) into protecting what we do. Sometimes people talk about our operations as though it’s as simple as just running a server and a database. It’s really not. Maybe a decade or more ago, when the dot-ca registry was essentially John Demco’s part-time job and run off a server under his desk, that may have been the case. But CIRA’s operations have grown not only in their complexity since then but also in their importance. I think of the safeguards and the redundancies we have in place (and need) in terms similar to running a power plant. The question isn’t simply what an extra redundancy might cost – it’s also about the price of any potential failure.
Anyway, I am a candidate for the board this year but I also advocate awareness and appreciation for what CIRA does. It truly is one of those arcane little secrets where it’s happily ignored so long as it’s going well but if there were ever a major failure the costs and consequences would be very surprising to a lot of people. I hope folks read and consider this blog. It’s one of the best general audience summaries of what we do that I’ve seen to this point.
I just popped by to explain why I am not voting. I’ve been working very hard on my website for well over a year. So when found out about this I asked my husband to register us so we could vote… (we even have a second .ca… shouldn’t that mean two votes?) and he looked into it. As it turns out, we can’t register without producing photo ID. What? They need to make sure I have all my teeth? What business is it of theirs?
Perhaps if everyone at CIRA was willing to swop me their bank IDs and passwords, maybe I’d consider it. Whatever happened to security? Or privacy?
Had I known this then I certainly would not have happily forked out almost twice what it would cost annually for a dot com to be a dot ca!
Hi Laurie, thanks for chiming in. I’ve been a CIRA member for several years now and I can say that I’ve noticed a vast improvement from my early days with them.
The efforts required to become a member sounds kind of silly, doesn’t it? I thought so too. There is good reason for it though. CIRA must make sure that each member is a REAL person and the only way to do that is by acquiring some sort of government ID. I’m not sure if they are legally required to do this and I’m unsure if they’re looking into alternative methods of verification. It would be a good question to ask them.
As for having multiple domains, you only get one vote per person, not one vote per domain. I believe this rule was done on purpose to ensure no organization or person with multiple domains (I have 10+) could influence the elections. Some companies have thousands of domains, for example. It would be impossible if these companies could exercise their voting power such that us “little guys” wouldn’t be heard.
As outsiders, it’s easy for us to pick apart and disagree with CIRA’s rules. Sometimes, we have to remember that we got here somehow and that somebody had to decide these things. As an optimist, I like to think that CIRA was built with the best interests of its members and the organization.
For me, I want to understand WHY things are a certain way. Once I understand the WHY, then we can figure out HOW to go about creating change.
Sorry, Ben, but I don’t think it is “silly” i think it is a dangerous and irresponsible policy.
Maybe it doesn’t seem like such a bad thing to you, since you seem to know these people. But I don’t. To me, probably to most Canadians, CIRA is a faceless organization. CIRA has taken my money but doesn’t trust me to be honest in my dealings with them.
When our society is grappling with problems like identity theft, CIRA is expecting me to blithely give them access to my photo ID. Anyone who has purchased a dot ca domain name but isn’t willing to risk our personal security does not get a voice with CIRA.
Sure CIRA has the right to set rules. I haven’t seen them, that’s my husband’s balliwick. But at this point since I’m not allowed to vote there’s not much point in wasting my time reading them.
Your explanation of the single vote per person makes sense. My family has various domain names and various websites for various purposes, but only two dot cas. Mine is a business dot ca, my husband’s is a personal dot ca, but I have access to his and he to mine. Since he arranged for the acquisition of all of our sites, his name is the one associated with them so I had actually assumed that we would only have one vote. If CIRA had a one vote per street address rule that would have been fine too. Whatever CIRA’s rule is, we would have followed it. But not at personal risk.
What kind of photo ID is there? Lets see… there are Driver’s Licenses which are issued to people who pass the government driving test. I need to be a licensed driver’s to drive on our roads. Yet even the police are not allowed to compel anyone to produce this license when walking down the road. Some people don’t have a driver’s license. Last I heard I didn’t need a license to drive a car before I could create a web page on the “information highway”.
Maybe my only photo ID is my health card. Of course, the reason we’ve been told we need photo ID health cards is to prevent health care fraud. Yet CIRA wants me to send them a copy of mine. Unnecessary copies of Health Care Photo IDs traveling through email can easily contribute to health care fraud.
Maybe I’m still using an older health card that doesn’t have a photo. What does that leave? I could send CIRA a copy of my passport. I’d suspect that passports are like gold to identity thieves. If someone crossed the border on my passport before I did, I don’t think I’d be very happy to find myself stopped and strip searched.
Or maybe I’m a student. Plenty of high school aged Canadians are out there building websites for their domain names. Are minors allowed to vote? If they are, CIRA may very well be holding copies of high school photo ID student cards. Do their parents know?
How do I know that CIRA, or someone connected with CIRA, is not in the fake ID businiess? CIRA doesn’t trust me to behave honestly, yet I am expected to jeopardize my security and assume that CIRA will behave honestly with my personal information.
Maybe they will. But if they don’t worry about security issues, how do I know that they will handle my private information securely? Maybe CIRA prints out copies of photo ID to check against the voting list. Maybe stacks of these print outs are sitting around an in-box on someone’s desk. All it takes a moment for an opportunistic thief to pocket a handful. Maybe it’s just somebody off the street in to ask directions, or maybe its the water cooler guy, or the cleaning lady.
What will CIRA do with these sensitive Photo ID documents when they’re done? If security isn’t a biggie for CIRA, maybe they just throw them away in green garbage bags. Do they shred sensitive stuff like photo ID copies? Even if they do shred, how good is their shredder? Is it one of the many that allows reconstruction?
Of course CIRA might never print them out. Then we just have to wonder how secure their network is. Or maybe when they upgrade to newer computers, the discarded hard drives aren’t wiped very well. Or at all. I don’t know.
CIRA is an organization made up of many people. Most of them are probably honest, but I have no way of knowing. I don’t even know their names.
I can understand how my kid’s high school principal doesn’t “get” modern technology and as a result makes and enforces stupid rules. What I can’t understand is how an organization which exists because of modern technology can make and enforce rules that completely ignore the very serious issues of privacy and security.