A Toronto Web domain registrar is upset about the Canadian Internet Registration Authority’s (CIRA) plans to expand its mandate by offering new services.

Mark Jeftovic, the CEO of easyDNS Technologies Inc. has written an open letter to the Minister of Industry expressing concern about CIRA and its plans to start offering a managed domain name service (DNS). He also suggests that management of the dot-ca top level domain should be opened up to competition by allowing private companies to bid on the job of managing it every three to five years. CIRA has been responsible for managing Canada’s country-code domain since it was passed on from the University of British Columbia in 1999.

“You have a monopoly player that gets to pick winners and loser by getting to choose what space it moves into,” Jeftovic says. “We all have to compete in this world. There’s plenty of other players out there capable of running the dot-ca root.”

Managed DNS services, or DNS Anycast service, provides redundancy to Web addresses that want to stay online even if there’s a problem with the primary DNS service. It provides backup servers to take over for a failed server, rerouting users automatically through the new server to still reach their destination instead of receiving a 404 error.

Jeftovic, who operates a managed DNS service at his CIRA-certified registrar was previously a member of CIRA’s board of directors from 2002 to 2004, when he stepped down. In his letter to Industry Canada, he points to CIRA’s published minutes of Board meetings in which managed DNS was discussed.

Indeed, the dot-ca operator is interested in offering a managed DNS service, confirms Byron Holland, president and CEO of CIRA. He says CIRA recently concluded a longterm strategic planning process and it was determined that in a market where domain name growth is slowing, CIRA should explore other options to participate in the Internet space.

While companies like easyDNS offer managed DNS to Canadians, he says what is missing from the market is an option that resides within Canada’s borders.

“We’re very interested in offering this product,” Holland says. “There are those who are interested in having a Canadian-centric managed service, we could provide that.”

The service would be provided to CIRA registrars, not directly to end users, he says. There’s no timeline for when it could roll out at this point.

Building physical infrastructure to route Internet traffic within Canada is aligned with other ongoing CIRA initiatives such as building Internet Exchange Points across the country. Following the uncovering of the NSA’s surveillance program of metadata in the U.S., Holland says it’s important to offer Canadian governments and corporations an option to avoid having data routed outside of Canada’s borders.

But Jeftovic’s grievances against CIRA don’t stop there. In his letter, he mentions the higher wholesale cost of a dot-ca domain compared to a dot-com, an unwieldy user registration process, a name root server that updates once an hour instead of in real-time, and a “typical registry maintenance window” that can last up to 24 hours. He says these are failings as a result of not facing any competition.

“There’s certain things I can and cannot say because there’s actually a non-disparagement clause in the registrar’s agreement, so I have to choose my words carefully,” he says. “Anything you can do really easily in dot-com, you have to spend extra time and money to assign to dot-ca.”

Holland has a different interpretation of these issues.

“The fact that an individual is expressing an opinion is fine, but when you look at the facts, they speak to a well-run organization that has the support of its membership,” he says. “Most of what is presented as fact is stretched so far from the truth as to be questionable in terms of its veracity.”

The more expensive wholesale costs? Holland says a dot-ca costs $8.50 compared to $8.42 and has held its price stable since 2006.

As for updating the root server once an hour instead of in real-time, Holland says that is intentionally done to improve security. Hackers that are able to find a vulnerability in a domain to update the root server in real time could redirect a normally legitimate web address to a phishing site that is malware-ridden, for example.

“You are much more subject to bad actors that are taking advantage of real time updates and allowing them a window to do bad things,” he says.

To Jeftovic, that still means that his unique patent-pending, “hot swappable” managed DNS service that he offers registrants of other top-level domains isn’t compatible for dot-ca addresses.

He also doesn’t understand CIRA’s intent to have a Canadian-centric managed DNS service.

“The entire point of DNS Anycast is to spread your nodes over as wide a geographic and network area as possible, not to constrain them to one region,” he writes in an email response. “All I know is they are in the process of entering the space and their intentions have not been made clear.”