by Thomas Macaulay

Nominet CTO Simon McCalla explains how the company protects the DNS behind 10.5 domains

Mar 05, 2019
IT Strategy

Credit: © Nominet

Nominet CTO Simon McCalla has a different role to most of his peers in the profession. It encompasses the traditional tasks of managing IT infrastructure, developing new tech solutions and devising a digital strategy for the future – but his core responsibility is something quite unique: protecting the critical national infrastructure of the Domain Name System (DNS) behind 12.5 million .uk domains.

“We have an international infrastructure around the world that ensures that those DNS names are available 24 hours a day, 365 days a year, and we have to run at 100% uptime – and we have done so for at least the last 15-odd years,” McCalla tells CIO UK.

“We see an incredible amount of traffic in all that. We handle between roughly three and five billion queries and responses a day. That’s around about 35,000-50,000 queries per second that we have to answer, and we do all of that in under a millisecond.”

His strategy to protect all these .uk domains and several million more that Nominet runs for third-party clients such as .bbc starts with creating the right culture.

“It’s about having every member of staff understanding the excitement and the responsibility and challenge of maintaining that infrastructure, and doing that in such a way that we can keep a high level of service not just from a technology perspective but from a security and a customer service perspective as well,” he says.

“DNS infrastructure is quite unique. It needs a very specific set of skills. What we have to make sure we do is we have to have true diversity in just about everything we do. So for everything from network links to servers to locations around the world to versions of software we have, we have multiple redundancy and diversity in that so that we’re not affected by things like zero-day exploits and key bugs.”

New business

Protecting the domains is a massive task, but the fastest growing part of McCalla’s job involves Nominet’s commercial work with the public sector.

He runs a team that combines Nominet’s lessons from securing .uk over the last 25 years with its advanced research work to help governments and enterprises monitor their domain name system flow traffic for cybersecurity threats.

“What we do is we can handle absolutely vast volumes of DNS traffic, and then in real-time we can look at that traffic, analyse it monitor it and spot threats – and we can get them shut down and blocked very quickly,” he says.

The largest customer is the whole of the UK public sector but a growing number of enterprises and foreign governments are also asking for the service.

In 2018, this increasing demand led Nominet to launch a Cyber Security division that enables organisations to use real-time DNS analytics to pinpoint threats. The unit will also bring to market NTX, a threat monitoring and analytics platform that spots anomalies that are a marker of malicious traffic and the severs and blacklist the responsible connections.

This service will be used as a launchpad for Nominet’s international expansion as a broader technology business than just a domain name registry.

“We’ve been working behind the scenes to ensure that we can remove as many threats from .uk as possible, and some of that is stuff that we talk about openly, and some of that is stuff that we have to do quietly behind the scenes with law enforcement to tackle some of the bigger challenges, and we’ve been pretty successful at that,” McCalla explains. “This division is a kind of natural exposure of some of those skills and capabilities into a more commercial market.”

Future gazing

McCalla also works with Nominet’s research and development team to understand the impact of developments in DNS technology and find new business opportunities, such as providing remote areas with broadband through the old analogue TV spectrum.

This dynamic spectrum management (DSM) system is already in use in rural areas of Scotland and Wales and will later be rolled out internationally.

“We are using these old TV frequencies to get remarkably high speeds,” says McCalla. ” We’re getting close to 30 megabits a second, so we can rival the bottom end of fibre super-fast broadband by using old TV frequencies.”

McCalla is also exploring how Nominet can contribute to the development of autonomous vehicles, as part of the Drive consortium behind the UK’s forthcoming first live trials of self-driving cars and with Addison Lee on the development of autonomous taxis.

Nominet will also provide cyber security expertise and data management infrastructure for the cars and connected services.

“When the domain name system in the UK first started to really get traction there was no Facebook, there was no Twitter, there was no Whatsapp, and therefore having very recognisable names that you could remember was a really important part of how domain names grew in their early stages,” says McCalla. “Now, the way people use domain names is very different. Often they are accessed from a link inside a Facebook page, or a shortened URL or a button on an application.

“So that usage of domain names is changing and we wanted to make sure in our activities that we were looking at where the Domain Name System will go in the future so that we’re still relevant as a business. For all our technologies, we’ve taken those core capabilities of reliability, security, innovation and flexibility and said ‘how does that apply into this landscape?’ So the dynamic spectrum management piece and the autonomous vehicle piece are very much an extension of what we do.”

Social objectives

McCalla’s focus for 2019 will remain protecting .uk domains and ensuring that it’s one of the world’s leading country codes on the internet, but he will also be concentrating on growing Nominet’s commercial business while following the organisation’s unusual business requirements.

“We’re a profit with a purpose business in that we don’t distribute any earnings or shares to shareholders,” he says. “Every penny of what we make as a surplus is either reinvested in R&D work, to protect things like .uk or it’s invested in public benefit activities.”

These activities include working with the Prince’s Trust to help young people create digital businesses and with youth-led creative network Livity to provide digital training to 175 people, and then partners them with a local SME for a paid work placement.

“It’s a really nice exchange of ideas,” says McCalla. “The young people gain a collection of skills and experience for their CV, and the businesses gain digital skills from the young people. And it builds a case of kind of local communities around technology.”

He believes the project reflects Nominet’s founding principles.

“Right at the core of our constitution is this desire and belief in doing things for the public’s benefit,” he adds. “That’s important whether it’s through making sure that .uk’s running 100% of the time or investing money that ensures that the UK is a great place digitally, whether you are a child at school, somebody thinking of starting a business or an OAP looking to take advantage of digital services online in an area where you’re just not familiar.”