DNS Belgium switches to the cloud
On Saturday February 11th DNS Belgium will switch their technical system for registering and managing domain names to the Amazon cloud (AWS). The migration will start at 9am and it will probably take until late afternoon before all services will be available again.
Meanwhile all existing .be domain names remain active. However it won’t be possible to register new .be names or to make changes to existing registrations. Also checking whether a name has already been registered and by whom won’t be possible.
Until now the DNS Belgium system ran on dedicated servers co-located in professional datacenters. As far as we could find, they’re one of the first registries to switch their services to “the clud”. Within Europe there are no other country code registries who have already done this. However the Swedish registry is also investigating this possibility.
We spoke with Philip Du Bois, General Manager of DNS Belgium about the consequences (and dangers) regarding this switch.
TLD.sc: Is this switch interesting financially?
Du Bois: Financially it is indeed a bit more interesting, however this wasn’t by all means our main reason.
On the long term we will definitely save more because it won’t no longer be required to upgrade every few years. The main advantage is we will now have more time to automate and we will have the ability to describe all aspects of our platform code (software defined), which increases the quality and therefore the security.
TLD.sc: This “cloud” also offers great advantages regarding reliability. With a failure it can be restarted in a different virtual environment, something with isn’t so obvious with physical hardware. Are there also any disadvantages?
Du Bois: Until now we haven’t experienced any.
TLD.sc: Is the protection against hacking as strong as on your own hardware?
Du Bois: Although we do (did) our co-location in two reputable data centres in Belgium, we are convinced that the AWS data centres are more secure because no one from a 3rd party comes in. With a co-location sometimes employees of other companies are in the building.
TLD.sc: Does this mean that personal addresses (which aren’t always shown in the WHOIS) are now up for grabs for, for example, US intelligence services?
Du Bois: Obviously this has also been widely discussed and studied. All data (both on the network and on the disc) are encrypted and stored on servers in the EU. It is therefore not possible, in principle, that AWS gives access to US authorities to our non-encrypted data. Our data will not exceed the EU limits and there is certainly no question of transport of data toward the US
AWS also has the principle that, if there would come a US request, they inform us of this by default. That way we can evaluate our position and respond appropriately. If we find the question inappropriate or disproportionate, we will immediately initiate the necessary legal proceedings and oppose the transmission of the information. If the demand is justified and proportional, we will work with the US Law enforcement as we would do with our local security forces and in accordance with the guarantees provided for domain name holders in our T & C.