Electronic government (e-gov) services enable citizens and residents to interact with their governments digitally via the Internet and are considered an indicator of resilient local Internet service.
The Domain Name System (DNS), which maps domain names to Internet addresses, underpins e-gov services. Therefore, if the DNS services of e-gov domains fail, government services become unreachable.
Given such risks, the DNS services of e-gov domains should have maximum levels of redundancy to withstand disruption or stress. However, configuring this redundancy is challenging as the DNS has many moving parts, and some are complex and/or difficult to configure.
Researchers from the University of Twente, The National Cyber Security Center of the Netherlands and SIDN Labs published a peer-reviewed study comparing the resiliency and redundancy of e-gov domains for the Netherlands, Sweden, Switzerland, and the United States.
The study collated and compared the number of:
- Distinct DNS providers e-gov domain names have
- Prefixes per domain name
- Top-Level Domains (TLDs) that each e-gov domain has for its DNS servers
- E-gov domains that have adopted IP anycast
Below is a snapshot of the results that were presented at the RIPE86 meeting earlier this year.
82% of US E-Gov Domains Have a Single DNS Provider
Around 40% of the Netherlands, Sweden, and Swiss e-gov domain names have a single DNS provider (over IPv4), while 82% of US e-gov domains have a single provider.
In the case of the US, more than one in seven e-gov domains use GoDaddy’s DNS services (the most used DNS service by e-gov domains in the US, Table 1), which means a significant number of services could be at risk of going offline if anything were to happen to GoDaddy’s DNS service.
|local e-gov domains
using the service (n=602)
The authors noted that the DNS services that look after the majority of e-gov services in each of the four countries are heavily localized, with most local governments most likely being able to choose their own DNS and hosting services.
Netherlands Services Using Most Diverse Prefixes, TLDs
Best current practice recommends announcing domain names from a diverse number of routing prefixes and using more than one TLD, for example, health.nl and health.com.
In the case of the former, if the DNS servers of an e-gov domain name share the same routing prefixes, they are announced from the same server location(s), which means they are all at risk of going down when something happens to that server.
The study found that around 10% of the Netherlands domain names are announced by a single prefix. This figure increases to around 20% for the US and Sweden and to nearly one-third for Swiss e-gov domain names.
As per Figure 1, the Netherlands also has the fewest number of e-gov domains with authoritative servers under a single TLD, .nl, while Switzerland has more than 90%. The authors note that because many of the e-gov services belong to local governments, they may use whatever DNS services their registrars provide and, as such, are at the mercy of the policy decisions taken by their registrars.
Anycast Improves DNS Resilience
IP anycast is a networking method to announce the same IP prefix from multiple locations. Many content and infrastructure services on the Internet use anycast routing to improve service availability and performance and reduce the risk of service disruption if one location goes down.
As per Figure 2, fewer than 3% of Switzerland’s e-gov domains have at least one anycast server. Sweden has 12%, the Netherlands has around 20%, while the US performs significantly better, with around 58% of its e-gov domains on anycast services.
E-gov and Internet Resilience
The resilience of e-gov services is one of 28 indicators that contribute to the Pulse Internet Resilience Index (IRI).
Studies like these help validate the data the IRI and other measurement projects rely on to analyze the resilience of these services and the Internet. However, as the authors of this study disclosed, obtaining the data for these metrics for each country is difficult as many use their own ccTLDs for e-gov domains, and there is no public list of e-gov domains.
This remains a limitation of large-scale studies that seek to understand and advocate for an open, globally connected, secure, and trustworthy Internet.