Published by Kerry Brown on 29th August 2011
Filed Under
CIRA, DNS, Internet
I’m running for the board of directors for the Canadian Internet Registration Authority ( CIRA). If you have a .ca domain I’d like your vote. In order to vote you have to be a member (which is free). To become a member go here to register.
Your first question is probably – What does CIRA do? CIRA manages the .ca country code Top Level Domain (ccTLD). Now you’re probably asking – What the heck is a ccTLD? A top level domain is the characters on the right side of the last dot in an Internet name. This blog lives at www.kdbsystems.ca .ca is the top level domain, kdbsystems is the second level domain, www is the third level domain, and so on. My business site is at www.kdbsystems.com. In that case .com is the top level domain. Because .ca represents a country, namely Canada, it is called a country code Top Level Domain. Each country only gets one ccTLD. CIRA is a not for profit organisation that runs the .ca ccTLD under a contract with the Canadian government.
What’s involved in running .ca? First there is the registry. If you want an Internet domain for a web site or an email server or whatever you need a domain name. This has to be unique so that people can find it. Someone has to keep a database for each TLD with all the domain names, who registered them and how to find them on the Internet. Let’s walk through what happens when a business decides it wants a web site. They’re Canadian so they want a .ca domain. They contact a middleman called a registrar who checks that the domain name is not already registered to someone else. If it’s not the registrar for a fee contacts CIRA and pays CIRA to insert the data into the registry database. The business is now the proud owner of a .ca domain. They contact a web hosting company, often the registrar, who sets up a web site on a server that is connected to the Internet. This server has an IP address that is a series of numbers. People who want to access the web site have to know this IP address to find it. No one could remember all of these numbers so the Domain Name System (DNS) was devised. The DNS translates domain names, which are much easier to remember, to IP addresses so your computer can find the web site. CIRA manages the DNS for the .ca domain. When someone tries to find www.kdbsystems.ca their computer contacts a local DNS server, probably run by their Internet Service Provider. This DNS server probably doesn’t know where www.kdbsystems.ca is so it contacts the .ca DNS servers to find out. That’s a very simplified explanation of a complicated process. CIRA runs the .ca DNS servers as well as the registry database. As you can see CIRA is critical to the Internet in Canada. If CIRA were to stop operating people couldn’t access government and many business web sites. Any email address that ends in .ca wouldn’t be reachable. This could have very bad consequences if .ca quit working for even a few hours.
My full election statement is here. The short version is that I have the technical knowledge to know if things are going off course. I have the temperament needed to get along with other board members even if we have opposing views. I have the strength to stick to my principles when needed. I have the empathy needed to hear the other side of the story and understand it. I have the business knowledge needed to make sure CIRA is managed in a way that will ensure the needed finances are in place. Lastly, and I think most importantly. I believe the Internet is the single largest disruptive thing that has happened to the human race. As the Internet works now most of the people in the world have access to most of the collective knowledge of the human race. Disruption can be a force for good or evil. I’d like to see the good outweigh the evil. Part of CIRA’s mandate from the Canadian government is “to develop, carry out and/or support any other Internet related activities in Canada”. The other activities should be about keeping that balance on the good side. I have consistently championed this strategy during my term on the board and I’ll continue to champion it when elected for another term.
In upcoming posts I’ll expand on the challenges that CIRA faces, how I think CIRA should manage them, and more about the “other activities”.
Published by Kerry Brown on 26th August 2011
It’s been over a year since I posted to this blog. In that time I’ve become increasingly concerned about Internet Governance and how it affects all of us. It’s not that I’m no longer interested in technology and Microsoft. I just got home from helping at a Microsoft sponsored event, the MVP SMB Community Roadshow, in Winnipeg yesterday. We were demonstrating Windows Multipoint Server 2011 among other things. It’s almost unbelievable how cool this is and what a dramatic effect it could have on IT for the SMB market. It is mostly targeted at the academic market but I think the potential for SMB is much bigger. I’m still very excited about technology. Internet Governance though ramps up my excitement to a whole other level.
In 2008 I was elected to the board of directors for the Canadian Internet Registration Authority for a three year term. That term is almost up and I’m standing for re-election. During my three years on the board as I gained knowledge of the domain industry, how the Internet works, DNS, ICANN, the IGF, ISOC, and more I realised that the world has come to rely on the Internet. For something that the world relies on its governance is very different from anything else I can think of. It is not well understood by people outside of those involved. There appears to be a struggle for control of it that could have profound consequences for all of us. Currently the Internet is governed by a very loose conglomeration of commercial interests, governments, special interest groups, and just plain people. ICANN arguably the most important Internet Governance organisation has what’s called a multi-stakeholder bottom up governance model. Anyone can attend an ICANN meeting. There are three a year and they move all over the globe. It’s free for anyone to register and attend but you do have to pay your own expenses. CIRA will be hosting one in Toronto in 2012. Once there you can attend almost any session. Very few are closed. There is a public forum where anybody can get up to the microphone and have their say. You can join special interest groups within ICANN and put forward policies through these groups. It is very chaotic and confused but somehow the Internet stays running. The network protocols used to connect and communicate with the Internet are free and open. No one controls them. All this chaos, confusion, and lack of control confound governments and many commercial interests. They want more regulation and control. Some governments want to censor what their citizens can see and do on the Internet. Some commercial interest groups want more control of commerce on the Internet. Some of the special interest groups want more regulation to protect the public from the governments and commercial interests. The public seems to just want to access all the cool stuff on the Internet, preferably as cheaply as possible. Right now there seems to be some sort of balance between all these divergent interests. The balance sways a bit but so far it is somewhere near the middle. I’d like to see it stay in the middle. To that end I’m going to use this blog to explore Internet Governance issues. Because I’m currently in the middle of trying to get re-elected to the CIRA board I’ll probably be blogging about that a lot. Because technology fascinates me there’ll definitely be posts about the technology of the Internet. Finally when I see something cool like Multipoint Server 2011 I’ll write about that.
Stay tuned my next post will be about the CIRA election.
Published by Kerry Brown on 19th October 2009
IPv6 is coming. We’ll all have to learn how to deal with it. With this in mind I’ve set out to educate myself about IPv6. I learn better by doing than by reading. I like to read enough that I have a very basic understanding of the subject then play. After playing with it I generally find I need to do some more reading or possibly even take some courses. With IPv6 I’m at the playing stage. I decided to setup a Server 2008 R2 virtual machine as a test bed for IPv6. I needed a second domain controller on my SBS 2003 network so I made it a DC and a DNS server. It’s probably not the best idea to use a DC for an IPv6 experiment but I figured I may as well go whole hog and learn by making mistakes.
The reason for the DNS server is so once I figure out IPv6 it can answer IPv6 queries from the workstations. Plus it’s a DC which implies a DNS server. This is the first place I ran into a problem. There is a bug in the 2008 R2 DNS server implementation. It wasn’t resolving some queries. NSlookup microsoft.com worked but nslookup www.microsoft.com didn’t. It was very perplexing and took a lot of Bing-foo and Google-foo to fix. The fix is here in Scott Forsyth’s Blog. It appears it’s a combination of some DNS servers not returning EDNS results properly and the way Server 2008 R2 DNS deals with that.
The server was now setup as a DC and a DNS server. To play with IPv6 I needed to set up a tunnel. My ISP doesn’t support IPv6 and neither does my router. I decided to activate a free IPv6 tunnel at tunnelbroker.net. This was relatively straight forward. I was happily testing IPv6 over the tunnel thinking that was too easy. I was right, it was too easy. I decided to run a port scan of the IPv6 tunnel. Imagine my surprise to find out that as far as the Windows firewall was concerned the tunnel was part of the local network. I had just put a DC on the Internet with no firewall. Not good to say the least. I quickly disabled the tunnel. I spent the next several hours Googling and Binging to no avail. So far I haven’t found any way to block incoming ports on the IP6Tunnel interface while leaving ports open for the local network. I’m stuck for now. I need to use the Windows firewall because the tunnel by definition bypasses the firewall in my router. I’m sure there’s a way but until I find it no IPv6 for me. Once I get past this setback I’ll continue this blog series.
Update
It looks like the only way to do this is to add a second NIC for the IPv6 tunnel. I should be able to set the firewall profile for the second NIC to Public which would solve the problem. I don’t want the headaches caused by a multi-homed domain controller. I’d probably need to setup a VLAN as well, which my router doesn’t support. The project is temporarily on hold while I rethink things.
