The Technical Security and Stability of .ORG

by Suzanne Woolf, Senior Director, Technical Community Engagement and Joe Abley, Chief Technology Officer, PIR

As the technologists behind Public Interest Registry (PIR), we take our commitment to the security and stability of the .ORG domain seriously. As the registry operator for .ORG, PIR’s primary function is to ensure that registrants and end users can resolve our domain names and access the resources behind them.  We are committed to the security and stability of DNS operations for .ORG, not only as a critical resource for our registrants, but as key infrastructure for the entire DNS and the global Internet.

PIR’s Technology staff have a long history in the DNS. We have co-chaired IETF working groups, joined program committees for network operations conferences, and served on the Internet Architecture Board, IETF directorates, and ICANN’s SSAC and RSSAC. We have operated multiple root servers, provided technical content to one of the 2002 bids for .ORG, and helped deploy DNSSEC in .ORG and in the root zone. We have founded exchange points, designed and operated services for commercial companies and non-profits alike, and extended technical outreach to developed and developing technical communities for over two decades. The technology staff at PIR do not take security and stability lightly – we are conditioned to ask hard questions and look for real answers.

Accordingly, we’d like to provide our own view, as the people ultimately responsible for the operation of the .ORG domain, on some of the concerns we’ve heard recently regarding the future of PIR and the security and stability of .ORG. The details of how PIR provisions .ORG domain names are not usually of general interest. But in view of those concerns, we think it’s reasonable to ask how registrants and users can be sure that PIR will provide the same exemplary service it always has; and that the wider .ORG community will continue to be able to tell we’re living up to that commitment regardless of our ownership.

Contracts and Services

There are a few things to understand about registry services for TLDs such as .ORG. The basic services consist mostly of the registration database – the list of names, technical details the DNS needs to function, registrant data – and the servers, network connections, and other resources that provide the DNS service itself. Systems are in place to allow registrars to interact with the database, to provide proper recording of transactions for security audit and financial accounting purposes, and to monitor the functioning of each component. Name servers are the systems that hold the DNS data about domains in .ORG and answer queries about them so applications can find websites, mail servers, and other resources.

Name servers do require some basic resources to run properly. DNS for TLDs is relatively straightforward to operate, but servers do need to be reasonably powerful and deploy modern security technology, less because legitimate queries place significant load on a modern server system than because they can be attacked at any time and need to be able to continue to function. In fact, operational security is a primary concern, since DNS infrastructure is frequently subject to attacks. Servers also need to be widely dispersed geographically, in order to serve users all over the world at reasonable speeds, and they need to run reliable, standards-compliant software.

All gTLDs get their authority to operate a TLD from ICANN, and the relevant terms and conditions are set out in a contract between the registry and ICANN. The terms for delivery of the DNS service, including expectations for availability (“service level agreements” or “SLAs”), are public.[1] A registry that does not meet these terms of the contract with ICANN is in breach of that contract, and ICANN closely monitors compliance with gTLD SLAs. Because DNS service is publicly available and critically important to any user with a web client or mobile app, there are also many third-party services – commercial and otherwise – that monitor the availability and performance of TLD name servers[2].

Registry services for some gTLDs are provided using employees and resources, such as servers and network contracts, directly through a gTLD operator. Others, such as PIR, outsource operating servers and databases to a registry services provider (RSP). Our RSP is Afilias, one of the leading RSPs in the DNS industry, and the specifics of their performance are set out in a contract between PIR and Afilias.

As briefly described in a recent Afilias letter to ICANN[3], Afilias maintains registry services, including DNS resolution, according to the SLAs in the ICANN contract and the additional terms in the contract between PIR and Afilias. This includes investment in personnel, equipment, and other resources to assure the security of their operations and maintain service even under extreme conditions such as large-scale DDoS attack. Afilias provides reliable registry services that both PIR and .ORG registrants can depend on. They have done so for 16 years, since the delegation of .ORG to PIR, and are proud of their record of uncompromising service.

Afilias’ recent letter speaks for itself on the subject of their operations in support of .ORG. Only Afilias can discuss their contractual arrangements with third parties to help them keep their commitments to PIR. However, no third party can change Afilias’ commitments to PIR and .ORG, nor can any third-party change PIR’s commitments to ICANN for the secure, stable operation of .ORG.

As our partner for 16 years, we know Afilias will continue to keep its commitments to PIR, as PIR will to ICANN, its registrants, and the users of the global Internet.

PIR, Afilias and Packet Clearing House

The recent letter from PCH to ICANN[4] made several claims about PIR’s finances, operations, and future after the proposed sale to Ethos Capital, including assertions about the expectations of the investors and costs of providing DNS services. These assertions, which include commentary about our finances, are completely speculative.  PCH is a contractor to Afilias and has no business relationship with PIR; consequently PCH has no access to non-public financial information. We’re more concerned with the assertions that the current costs of maintaining DNS services are only sustainable if PIR remains a non-profit, and that a for-profit PIR will need to make deep cuts to funding for operations. These inferences are at odds with our knowledge and experience regarding the costs of providing solid DNS service. To be clear – they are wrong.

As experienced DNS technologists, we find that PCH’s claims about their operational costs and funding models are baffling. The analysis seems to be based on the expectation that pricing and service levels guaranteed by PCH to Afilias, a for-profit provider of registry services, depend on the corporate organization and funding models of Afilias’ customers. It further seems to assume that the same economics drive the entire industry, not just PCH. But, in our experience, the cost of providing DNS service depends on how many zones are to be served, the size of those zones, and their popularity (that is, network capacity required to answer queries about them, and redundancy to protect them from connectivity issues) as the primary driver of how much network bandwidth and server resources are required. These variables feature in the structure of our contract with Afilias.

In a larger sense it does not matter to PIR or .ORG whether one supplier to our primary contractor is able to continue to provide service for our domains in the future. PCH has a long, distinguished history of delivering DNS services across the Internet and were pioneers in deploying distributed infrastructure for content and interconnection, especially in developing economies. The results of that work, however, include a vibrant, commercial market for content distribution and a wide variety of alternative suppliers with high performance, capacity and reach, including the infrastructure operated in-house by Afilias itself. If PCH is unable or unwilling to continue to provide service to Afilias at current pricing, Afilias has many options to ensure that .ORG continues to function at the high levels the technical community expects.

The current contract between Afilias and PIR was the result of a recent competitive bidding process, and there were several credible bidders who, like Afilias, offered reliable DNS services at competitive pricing without placing any condition that PIR should remain a non-profit in their bids, or suggesting their pricing would change at all, let alone drastically if we weren’t. We have confidence in Afilias continuing to make sound decisions as to when they might need third-party contracted services to augment their own, and to do so within the pricing and other constraints provided by our existing agreement; but the terms of their agreement with us do not depend in any way on such third-party arrangements.

Our Continuing Commitment

We respect the concerns of our registrants and users about our continued commitment to the security and stability of the .ORG registry. We understand why the claims made by PCH that the current registry operation can’t be maintained by a for-profit PIR have gotten attention, and we understand why registrants and users want assurance that the security and stability of the .ORG registry will be protected in the future. We wanted to explain for ourselves how PIR addresses those concerns.

We continue to extend that assurance: PIR is committed to .ORG, its registrants, and its users across the Internet. PIR will continue to maintain reliable DNS service for .ORG and all our TLDs, as we’ve been entrusted to do by ICANN, our registrars and registrants, and Internet users everywhere. Technologists at PIR, and the entire PIR team, have every confidence in our ability to deliver on that commitment.

 

[1]  https://www.icann.org/sites/default/files/tlds/org/org-agmt-pdf-30jun19-en.pdf, see specifically Specification 10, pp. 87-92.

[2] https://atlas.ripe.net/dnsmon/group/org

[3] https://www.icann.org/en/system/files/correspondence/mohan-to-jeffrey-18dec19-en.pdf

[4] https://www.icann.org/en/system/files/correspondence/mitchell-woodcock-to-jeffrey-12dec19-en.pdf