Press Release — Comments on Industry DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) Initiatives

Secure64, the leading provider of DNS Security-as-a-Service solutions, today released a technical white-paper that sets forth its position on the Internet Engineering Task Force (IETF) standards DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT).

Why I’m long DNS

By Thad Dupper, CEO of Secure64 Software Corporation

5G will drive DNS Traffic to Grow by 10x

As most know the Domain Name System (DNS) translates domain names (i.e., www.google.com) into IP addresses. This system, which has been a critical part of the internet infrastructure since the early days, is now poised to experience a dramatic increase in traffic due to emerging industry trends.

This increase is driven by our expanding and shifting technology usage patterns.  Originally voice-driven, then later text, telephony is now overwhelmingly a data-driven medium. As we prepare for the arrival of 5G, that trend will only accelerate underscored by a recent Ericsson report that predicts by 2024 95% of subscribers will consume mobile broadband. 

From a Mobile Network Operator (MNO) perspective, the migration to 5G is essential to re-ignite their business models. As we have witnessed over the past decade, subscriber growth rates have flattened. This is true in all but a few of the developing markets. Today, anyone who wants a smartphone likely has one. GSMA reports there are currently 5.1B subscribers in the world and last year’s growth rate was a tepid 2.88%. The implication — the heady days of double-digit subscribers growth are long gone. Subsequently, we are left with today’s reality of single-digit churn and zero-sum game price wars as the reality in which many MNOs find themselves. Further, many of today’s subscribers have unlimited data plans also limiting the potential for revenue growth. Suggesting if you are John Legere or any other CEO of an MNO, your ability to grow revenues is extremely limited.

Enter 5G

With its significant increase in bandwidth, 5G promises to position MNO’s to pursue new areas of growth as well as the lucrative residential market today dominated by the cable operators. As the bedrock of a successful mobile broadband strategy, 5G will allow MNOs to compete with today’s cable companies by dramatically lowering the cost of delivering a gigabyte.

A recent McKinsey report grouped the 5G use cases into three categories: enhanced mobile broadband, IoT, and mission-critical applications.

Beginning with enhanced mobile broadband. Taking my own household, for example, with two teenagers. Today we spend $253/month for broadband service and a similar amount ($260/month) for wireless service. With our business clearly in their sights, each company will vie for the other’s share of our business. With its higher bandwidth rates (projected to be 20x the rate of 4G LTE attaining download speeds of 20 Gb/s), 5G is expected to enable the MNO to pursue the “cut the cord” strategy and thereby absorb some, if not all, of our monthly $253 cable bill.

Keeping with our household example — today we routinely consume over 700 Gb/month. However, on our wireless plan we consume, on average, only 8Gb/month. The math is clear — if our wireless provider wants to capture our home business, they’ll need to handle a significant increase of data traffic – in our case on the order of 100x. 

No alt text provided for this image

For this reason alone, the DNS traffic on an MNO 5G network will dramatically increase – but that’s not the only reason.

VoIP/VoLTE

The next area driving DNS growth is the migration from the tradition circuit-switched voice traffic to IP-based communications. To be clear, this migration, known as Voice over IP or VoIP, has been underway for some time now. One of the benefits of this change is the availability of new value-added features such as follow-me services where callers can ring your desk or smartphone – or both – at the same time. The next iteration of VoIP is VoLTE (Voice over LTE) which leverages the IMS architecture which includes, among other things, the ENUM DNS protocol which allows carriers to map a telephone number to an IP address. Without getting too wonky ENUM is enabled by a special Name Authority Pointer (NAPTR) DNS record that allows phone numbers to be translated into e164 DNS record formats which enables VoLTE services. As carriers around the world accelerate their migration to VoLTE there will be a need for more DNS capacity.

IoT


Today, when we think of DNS what comes to mind is a subscriber on a browser translating a domain name into a corresponding IP address. In addition to that functionality DNS systems have evolved to provide a wide range of protections against various cyber-attacks. The most notable are denial of service, or DDoS attacks, but increasingly MNO’s are leveraging their DNS to help protect users from accessing internet locations that are known malware, phishing or bot command & control sites. In many cases, an end user might not even know their smartphone or laptop is trying to access one of these blacklisted sites. That’s because their device has become infected with a virus that attempts to hijack the device and steer it to a site where bad things are likely to occur such as trying to steal personal data – or encrypt your hard drive in a software ransomware ruse.


DNS protects against this via the use of a blacklist. DNS vendors, like Secure64, provide near real-time services to provide up-to-the-minute threat intelligence updates to populate a carrier’s DNS blacklist. These blacklists contain thousands, if not millions, of domain names that are known to be malicious. In our case, we brand our services as TotalGuard™ as our subscription-based threat intelligence feeds. 


Now getting to IoT, we know the world is becoming an ever-connected place — occurring at an ever-increasing pace. The DNS use case of an IoT device is basically the reverse of the blacklist. With IoT devices there is a whitelist which is a list of addresses the IoT device is enabled to access. Take a Nest camera installed on a driveway. As the camera detects motion an alert (usually via SMS) is sent to the owner’s smartphone notifying them of the movement with a screenshot of the activity. From a technical point of view, the IoT device — the Nest camera – is permitted to only contact a very restricted list of contacts or locations. In this case, the registered owners and the website where the streaming video is stored (a Google domain). The whitelist for this device then would be the owner, perhaps their spouse and the Google Nest domain. That’s it, and if the Nest camera tries to communicate to any other IP address then the network provider knows the device has become infected and would notify the subscriber and, in some cases, perform a remote wipe thereby cleaning the device of its infection. 

As IoT devices proliferate, so will the DNS communications and features needed to support them.


Mission-Critical Applications

Mission-critical services will be those enabled by 5G’s high-bandwidth and high-reliability. These include: autonomous driving vehicles, advanced industrial and residential controls including the connected-home and medical applications where telesurgery becomes feasible. In all these cases 5G will deliver a higher level of service where a loss of connectivity or high-latency cannot be tolerated.

Streaming/Gaming/Virtual Reality/Arcades

As we were reminded recently from Apple, companies are making enormous investments to introduce new and sophisticated streaming services. Netflix, Amazon Video, YouTube, Hulu, Roku are just a few. It is anticipated that gaming and video services under development today, with 5G networks in mind, will be highly interactive. In addition, Virtual Reality systems will rely on 5G’s speed and capacity to stream VR content with the potential to provide new services such as virtual marketing and virtual tourism.  All these services greatly increase the network traffic which in turn increases the need for additional DNS capacity.

No alt text provided for this image

Summary

DNS traffic is going to dramatically increase with the arrival of 5G driven by:

 – increasing data bandwidth and consumption

— the migration to VoIP/VoLTE

— the proliferation of IoT devices

— new 5G-enabled mission critical applications

— advances in VR and interactive gaming services

The takeaway — the future is approaching (as it always does) faster than we expect with Ericsson predicting by 2024, 5G will reach 40% worldwide coverage with 1.5 billion subscribers, making it the fastest generation ever to be rolled out on a global scale.  

At Secure64 we work with our customers – carriers, enterprises and government agencies – every day to ensure their DNS infrastructure is highly performant, extremely secure and scalable for both today’s needs as well as those for the next generation – 5G.

It is for these reasons I’m long DNS – and you should be too.