There are some basic functions of the Internet that we wish were better understood by the IT community and we’ve built some simple-to-share infographics that we think might help. The series will provide some basic data and information on the DNS in Canada, using a combination of external research and our own analysis.
Underpinning all websites is the domain name system that starts with the root, or the area to the right of the top-level domain (TLD). Yes, there is something to the right of a .CA, .uk, or .com, and that something is the root. When an end-user wants to find the IP address of your website from the domain name it looks to a recursive name server, typically at the ISP for the answer. If it doesn’t have the answer it begins the task of looking it up, starting with the root which is one of 13 logical root name servers.
Wait... Thirteen name servers run the entire Internet?
Not quite. We went to root-servers.org and added up all of the sites and came to 586 physical root server sites, with multiple servers in each. This redundancy provides protection. For instance, when there was a large scale attempt to DDoS this infrastructure last year, this redundancy ensured that the root could handle the traffic, which is good because otherwise the Internet would break. 13 logical servers are meeting the needs of 3.4 billion Internet users, 314 million domain names, and over 1 billion websites. We will write the numbers vertically so you can figure out where the big jump in size occurs:
DNS by the Numbers
13 root servers
586 root sites
314,000,000 domain names
3,400,000,000 Internet users
Let's look at what is in between the jump from root sites to domain names? The next step for your query is the Top-Level Domain (or TLD) registry. The TLD registry manages the DNS infrastructure needed to point people to specific name servers. There are over 1,000 different top-level domains running infrastructure to make the TLD DNS work. The final step is you – all of you hard-working IT managers maintaining a DNS for a million websites with billions of potential visitors. And not just the real visitors – 48% of all traffic is actually generated by robots, meaning that there are (effectively) almost double the number of Internet “users” looking for your sites. When you also consider that 25% of all DNS queries are zombie echoes, with nobody waiting for an answer on the other end, the number of queries for your name servers further amplifies. This is the scale your DNS is up against. If you include today’s DDoS attack volume (which will be showcased in a future infographic) this number is staggering.
Domains, the DNS and the Registry in Canada
If Canadian customers and users are important to your organization, the second half of the infographic is for you. There are currently over 2.4 million .CA domain names. The top-level domain registry (CIRA) answers 800 million queries per day directing people to your DNS so that they can find your website’s name server. We maintain a global anycast DNS network comprised of a mix of home-grown and partner infrastructure designed to be fast, resilient and to protect Canadian queries – because if we go down, everybody goes down because no .CA websites would be part of the query chain. That would be unacceptable.
You are the final link in the DNS chain - are you the strongest or weakest?
The final step is a lookup of your DNS. A quick review of the registry database shows that there are 128,218 authoritative name servers for .CA domains. We decided to run a study and found that a full 30,000 failed to answer even one query during the testing period. While many were likely domains that aren’t actually in use for personal or commercial purposes, the volume of non-responsive servers suggest that many organizations have less redundancy than they think. More importantly, 93% of them failed at least once during the testing period. Is this failure your next big customer?
We have to make some estimates and assumptions in this next number, but it appears that only 2% of .CA domains are being run on organizational name servers versus that of a DNS supplier, hosting company or ISP. This 2% tends to be either techie sites or large organizations because the average small business doesn’t need to understand the DNS. For the other 98% of .CA domains, understanding the DNS is the job of their hosting company or domain registrar. Importantly, when we took a sample of organizations running their own and ran them through the DNS configuration test we found an average of 3 configuration errors (or opportunities for optimization) per domain.
To conclude: the DNS is massive, massively redundant, and massively cool. You are up against huge numbers when you put it in both the Canadian and global context. Importantly, we do find that there is room for improvement in the DNS in Canada. This fun infographic will hopefully help you to understand what you are up against when keeping your website findable and your email flowing.