The Ontario Research and Innovation Optical Network (ORION) has recently added the .CA D-Zone Anycast DNS solution to their growing list of Nebula partners. Hear from Dave Chiswell, VP Product Development, on how D-Zone Anycast DNS can help ORION-connected institutions.
How is CIRA involved with ORION?
Dave Chiswell: CIRA has partnered with ORION to make our D-Zone Anycast DNS service available to every connected institution in their network. With D-Zone as a secondary DNS service, they can improve the speed and resilience of their DNS by taking advantage of a global network of DNS servers. What makes D-Zone a particularly good solution for ORION is that D-Zone has been architected to optimize the DNS for Canadian organizations and queries.
What were the ORION-connected institutions doing before for their authoritative DNS?
Chiswell: CIRA analyzed the DNS of all the connected institutions in their network and found a patchwork quilt of different solutions. Some used unicast servers, some shared services with each other, some bought them from other member organizations or from third-party vendors. What was clear is that there is a lack of resilience overall across the network, a lack of Canadian name servers, and each individual member was exposed to a greater or lesser degree to a DNS outage.
What is the risk of a DNS outage?
Chiswell: DNS outages can come from network equipment failure or configuration error at a router or an equipment failure due to a name server crashing or even a simple electrical outage. Additionally, name servers are exposed to DDoS attacks that either target it or floods the network that the DNS servers are on. When the DNS goes down, everything goes down – including email, IP phones, and critical web applications.
Why is CIRA participating in a partnership like this?
Chiswell: Part of our mandate, and part of the reason we launched a secondary DNS solution specifically for Canada, is our role in helping to build a stronger Canadian Internet. We saw a weakness in the Canadian DNS that was not being addressed globally since most vendors focused on the USA and other places. With D-Zone we have a network of 23 servers across two clouds with the bulk of our network located close to Canadian population centres. We have further configured and secured the network such that most global DDoS attacks would get soaked up internationally and leave the Canadian nodes unaffected and Canadian DNS traffic flowing.
How does an institution take advantage of D-Zone?
Chiswell: CIRA is part of what ORION calls their “Nebula” of cloud services. Among other benefits, ORION’s Nebula partners offer preferred rates to connected institutions. With CIRA, it’s a little different: since ORION negotiated on behalf of their community, users have no special rates or contracts to negotiate or execute upon, in order to become a D-Zone user. D-Zone is automatically available to all on the ORION network at no cost and CIRA has its services team ready to help every member configure their external DNS today.
What about other networks across Canada?
Chiswell: CIRA is active in promoting a stronger DNS across Canada through other research networks and member associations — they really should take ORION’s lead.
DNS is the Achilles’ heel of the Internet because all Internet services depend on it. It is also ill-understood and typically falls into the category, “if it ain’t broke don’t fix it.” However, at the same time you are deploying new cloud services there are a steadily increasing number of bad actors looking to take you down and your risk exposure has changed. CIRA has built the fix that may save your reputation.
If you are part of ORION’s connected community, learn more about this partnership and how you can activate your D-Zone service by contacting email@example.com
Guest contributor: Rob Williamson, courtesy of CIRA. This article originally appears in Dot CA Labs. The opinions expressed in this post are the opinions of the individual authors and may not reflect the opinion of ORION.