Presentation is loading. Please wait.

Presentation is loading. Please wait.

IANA TLD Zone Inspection Shanghai, China Louis Touton 29 October 2002.

Similar presentations


Presentation on theme: "IANA TLD Zone Inspection Shanghai, China Louis Touton 29 October 2002."— Presentation transcript:

1 IANA TLD Zone Inspection Shanghai, China Louis Touton 29 October 2002

2 Zone File Contents Includes: List of Domain Names in Zone (yahoo.com) Names of Nameservers (ns1.yahoo.com) IP Addresses of Nameservers ( ) Timer Information (86400 seconds) Example contents: yahoo.com in ns ns1.yahoo.com. ns1.yahoo.com in a

3 Zone File Contents Does NOT Include: Identity of Registrant Home (or any other) Addresses Telephone/Fax Numbers Addresses Billing Information

4 Zone File Contents Does NOT Include: Identity of Registrant Home (or any other) Addresses Telephone/Fax Numbers Addresses Billing Information

5 Zone File Contents Zone-file information is public information: –DNS is a public database –Thats how it works: information must be available to everyone on a query basis –Domain names, nameserver names, IP addresses are gathered for publication purposes

6 Zone File Contents TLD zone files have are typically available to everyone –.arpa,.edu,.int, root available for ftp download at InterNIC –gTLDs (.com,.net,.biz,.info,.org) available for download on signing zone-file access agreement –85% of ccTLDs available for public download Several legitimate public purposes (caching, studies, etc.)

7 Limits on Access Early 1990s – Excessive nameserver load problems Late 1990s – Improper data mining 1994 – BIND introduces xfernets (later allow-transfer)

8 IANA Zone File Inspection Until now, almost always done at time of processing nameserver change requests Purposes: –Checking technical compliance/interoperability –Allegations of ISP preferences –(Possible) Very short term proxy service

9 Nameserver Change Process (Typical) Receive request from TLD operator Acknowledge request Verify authorization/authenticity Assess transition sequence Verify new nameserver operational status Obtain zone file Submit request for root-zone change Inspect zone file, advise operator of any potential problems Monitor making of change

10 Technical Compliance Many aspects can be checked by individual queries Some types of problems cannot easily be checked without inspecting zone file: –Multiple nameservers –Malformed host names –Excessive/inappropriate glue records –Unusual RR types –Unusual Domain Inclusions in Zone

11 History of Zone Inspections Overall IANA responsibility (RFC 1591): The Internet Assigned Numbers Authority (IANA) is responsible for the overall coordination and management of the Domain Name System (DNS).... In 1980s/early 1990s, IANA (Jon Postel) does zone inspections at time of setting up and changing ccTLD nameservice.

12 History of Zone Inspections Manager and IANA responsibilities documented in RFC 1591 (March 1994): The designated manager must do a satisfactory job of operating the DNS service for the domain. There must be a primary and a secondary nameserver that have IP connectivity to the Internet and can be easily checked for operational status and database accuracy by the IR [the InterNIC] and the IANA.

13 History of Zone Inspections Manager and IANA responsibilities documented in RFC 1591 (March 1994): The designated manager must do a satisfactory job of operating the DNS service for the domain. There must be a primary and a secondary nameserver that have IP connectivity to the Internet and can be easily checked for operational status and database accuracy by the IR [the InterNIC] and the IANA.

14 History of Zone Inspections ICP-1 (May 1999) reiterates zone-file access requirement. GAC Principles (February 2000) – ccTLD managers should commit to provide IANA access for purposes of verifying and ensuring the operational stability of the ccTLD only.

15 History of Zone Inspections Principle also adopted by ITU in its January 1999 proposal to operate.int: 13. Name servers For registration of active domain names there must be an operational primary and an operational secondary Internet Domain Name System (DNS) name server preferably located on different continents. Both need permanent IP connectivity to the Internet (for queries and zone transfers) in order that they can be easily checked for operational status and database accuracy at any time by the Registrar.

16 History of Zone Inspections KPNQwest BankruptcyMay 2002 –67 ccTLDs hosted on ns.eu.net –RIPE NCC agrees to operate indefinitely –62 of 67 allow zone access; 5 do not –Discussion highlights need for process improvements to address DNS Quality issues –Cerf/Lynn message to Names Council –Names Council resolution endorsing referral to Security Committee

17 Status of ns.eu.net Changes As of 24 October 2002: 67 changes to be made 44 completed 10 in process 13 ccTLD managers prompted to submit request

18 Addressing the DNS Quality Issue (Thanks to ccTLD managers for these suggestions: ) Improved information flow/education Option for third-part audit Self-evaluation through IANA-supplied scripts


Download ppt "IANA TLD Zone Inspection Shanghai, China Louis Touton 29 October 2002."

Similar presentations


Ads by Google