The Canadian Internet Registration Authority (CIRA) manages a 100% up time service - the.ca domain name registry for over 2.

WHO IS.CA ( CIRA )? The organization responsible for a critical part of the Internet infrastructure; expanding its services to help organizations secure their DNS in Canada The Canadian Internet Registration Authority (CIRA) manages a 100% up time service - the.ca domain name registry for over 2.4 million domains Provide DNS for.ca, answering 3 billion DNS queries per month CIRA is a member-driven organization of over 70 employees and an elected 12-person board CIRA supports the growth of a strong and reliable Internet for all Canadians by investing in Internet projects, and helping to represent Canadian Internet interests around the world

CIRA is More Than a Registry So you know us for.ca, but what else is CIRA up to? D-Zone Anycast DNS Domain Security gtlds

DNS IS MISSION CRITICAL DNS is a mission critical service that requires 100% uptime and low latency During a DNS outage websites, web applications, and email are down DNS outages result in brand damage and/or lost revenue DNS lookups contribute to website performance From Alexa percentage ranking averages municipalities can expect to rank 1,000 10,000 in Canada 50,000 180,000 Globally Primarily Canadian Traffic 75% Canadian 25% International

DNS IS VULNERABLE DNS is vulnerable to failures and attack Numerous Failure Mechanisms - Equipment failure - Network outages - Natural disasters - Need diversity DNS based DDOS Attacks account for 10% of all attacks DNS as the target DNS as the attack vector DNS attacks are easy to generate and hard to defend

STRENGTHEN DNS WITH ANYCAST Anycast DNS has been used for many years for the root servers and many TLDs and provides: Redundancy and fault tolerance High Performance Resiliency to DDOS attacks

ANYCAST DNS VS UNICAST UNICAST Unicast Traditional DNS deployments Nameservers are implemented on single nodes, each with a unique IP address Anycast Adding resiliency to your DNS Nameservers are implemented on a multiple geographically distributed nodes that share a single IP address routing to the closest nameserver Built in redundancy, failover and load distribution ANYCAST

CIRA s D-ZONE - A GLOBAL ANYCAST DNS SERVICE THAT PUTS CANADA AND CANADIAN TRAFFIC FIRST Location Cloud Miami, FL 1 Los Angeles, CA 1 London, UK 1 Hong Kong 1 Calgary, AB 1 Montreal, QC 1 Toronto, ON 1 Winnipeg, MB 1 Location Cloud Vancouver, BC 2 Montreal, QC 2 Toronto, ON 2 Halifax, NS 2

D-Zone Base Pricing Business Value for the cost of a monthly cell phone bill Performance, Security, Reliability D-Zone Anycast DNS Cloud Service Pricing YEAR 1 - $1200 Annual $100/month Includes: up to 500 zones configured Unlimited queries provisioning API available for automation use of D-Zone management interface access to query metrics and ongoing analytics CIRA technical support

Example of DNS Traffic City of Hamilton

Implementing D-Zone D-Zone Secondary DNS Low Risk and Ease of Implementation for IT staff 1 2 3 Zone Transfer Internet D-Zone Hidden Masters 162.219.53.35 162.219.53.235 D-Zone Anycast Clouds ns1.d-zone.ca DNS Queries On Your Primary Name Server Allow zone transfer to 162.219.53.35 162.219.53.235 Enable notify to 162.219.53.35 162.219.53.235 In D-Zone Web Portal - Create your primary name servers - - Create your zone owner - - Create your zone ns2.d-zone.ca At your registrar Add ns1.d-zone.ca and ns2.dzone.ca as authoritative for your domain

CIRA D-ZONE Partners

Domain Name Protection Owning a domain is high risk

Domain Hijacking Domain hijacking describes the act of a hacker using social engineering to trick the technical support workers at a registrar (like GoDaddy, Webnames, Domains at Cost, etc.) into making critical changes to the DNS. It can be done by the malicious act of someone outside or within your organization Registry lock down, Registrar, Registrant EPP API protocol standard

CIRA Registry Lock When Registry Lock is applied to a domain name, no attributes of the domain are changeable and no transfer or deletion transactions can be processed against the domain name, with the exception of renewals..ca,.com, and others all offer this service. If the Registrant wishes to make any changes to their domain, the Registrant must first work with their Registrar, who will in turn work with the.ca Registry. The.CA Registry will respond to any lock and unlock requests in under one hour (typically under 5 mins), on a 24x7 basis, so accessing your.ca domain name is not an administrative burden. Registrant Requests unlocking Registrar Key contacts use admin protocols to authenticate with CIRA CIRA Unlocks the domain for the proscribed period of time

Top tips for managing your domain We learn a lot by managing a technical support desk. These tips are based on the hundreds of calls we field every day. 1. Conduct a good domain name audit 2. Know your Registrar(s) 3. Keep your.ca contact information current 4. Don't lose control: Renew your domain name(s) 5. Use strong passwords 6. Whitelist your registrar and CIRA

New gtlds (protecting your brand)

The Opportunity Canadian Municipalities have a unique opportunity to promote their city brand online in a new way that include.. Municipal Services Attractions & Tourism SME & E-Commerce Policies and By-laws Current Projects and Vision with Municipal Top Level Names.City,.Municipality,.Town

Municipal Top Level Names RoyalFamily.toronto tockexchange carservice.toronto cntower TheLeafs.toronto HighTea MadameTussauds

New gtld market share The market has grown to almost 6 million new gtlds registered globally Big winners are often disguised by the go-to-market strategy.xyz gave them away for a while.science has a low cost strategy at launch

More facts 66 total geographically-focused gtlds (i.e. representing a city) were applied for in the first round 3 of the current top 20 are geo-focused.berlin,.nyc,.london Two are Chinese characters (a type of geo-focusing) web and company The next round of gtld applications is expected in 2018 or 2019 and we know that cities and entrepreneurs will be aggressive You should at least investigate what this means to your municipality

Here is what you can do with it program pages Events Homeowner portals Support local business Create a searchable portal of companies that are all physically in your municipality

The Opportunity Your Community would be complemented by.municipality Municipal Services: Transportation.MUNICIPALITY Attractions & Tourism: Festivals.MUNICIPALITY SME & E-Commerce: Businesses.MUNICIPALITY Policies and By-laws: By-Laws.MUNICIPALITY Projects and Vision: Coming to.municipality Easy to Understand, Easy to Find, Easy to Maintain Municipalities are doing this today!

Municipal Top Level Names

Why are municipalities interested? Branding London s new domain name provides a phenomenal opportunity to link businesses all over the world with our city s powerful brand. London Mayor Boris Johnson Thought Leadership and Technical Innovation o The future of online city branding Revenue Opportunity (or Neutral) o Monetary value of popular names

Why are municipalities interested? Control Establish rules on who can own a.municipality domain Establish policy on acceptable uses Enable improved communications with your citizens Reserve critical names for your own use Reserve before other jurisdictions do

Next steps Champion! Collaboration The next round is still a couple years away (FY2018 or later) Encourage discussion to start in 2015 o.nyc started planning in 2009 (launched in 2014) o CIRA can help lead this discussion

Contact details Shawn Beaton CIRA Business Development & Sales Tel: (613) 793-9366 Shawn.beaton@cira.ca