Providing A Subset of Whois Data Via DNS Shuang Zhu Xing Li CERNET Center.

Slides:



Advertisements
Similar presentations
BGP Unallocated Address Route Server Geoff Huston March 2002.
Advertisements

Database SIG Summary Report Chair – Xing Li APNIC Annual Member Meeting Bangkok, March
APNIC Internet Routing Registry Routing SIG APNIC-15, Taipei 26 February 2003.
Handling Internet Network Abuse Reports at APNIC 21 October 2010 LAP-CNSA Workshop, Melbourne George Kuo.
Sweeping lame DNS reverse delegations APNIC16 – DNS Operations SIG Seoul, Korea, 20 August 2003.
IANA Status Update ARIN XXVI meeting, Atlanta Barbara Roseman October 2010.
IPv6 Addressing – Status and Policy Report Paul Wilson Director General, APNIC.
1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.
APNIC Internet Routing Registry An introduction to the IRR TWNIC Meeting, 3 December 2003 Nurani Nimpuno, APNIC.
A Study of DNS Lameness Edward Lewis. July 14, 2002 IETF 54 Slide 2 Agenda Lameness Why (Surprise:) Spotty(?) results Approach Plans.
Copyright (c) 2003 Intec NetCore, Inc. All rights Reserved. 1 Proposal: NIR Operated IRR Kuniaki KONDO Intec NetCore, Inc. JPNIC IRR Planning Team Chair.
Andrei Robachevsky, Shane Kerr. APNIC/APRICOT2001, February 2001, Kuala Lumpur, Malaysia. 1 Routing Registry Consistency Check Presented.
Reverse DNS. Overview Principles Creating reverse zones Setting up nameservers Reverse delegation procedures.
Technical Area Report Bryon Ellacott, Technical Area Manager APNIC 28.
Anne Lord & Mirjam Kühne. AfNOG Workshop, 10 May The whois Database Introduction and Usage.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E Database SIG APNIC Database Privacy Issues 1 March 2001 APRICOT, Malaysia Fabrina.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Introduction and Overview ITU/PITA Joint Workshop Brisbane, October 2001.
The APNIC Whois Database Introduction and Usage. whois.apnic.net whois.ripe.netwhois.arin.net Server Unix Client ‘X’ Client Command Prompt / Web Interface.
1 IN-ADDR.ARPA and the UNINET Project address space Presentation to ISOC-ZA Workshop Friday 13 September 2002.
Copyright © 2011 Japan Network Information Center JPNIC ’ s RQA and Routing Related Activities JPNIC IP Department Izumi Okutani APNIC32 Aug 2011, Busan.
Prepared by The Regional Internet Registries [APNIC, ARIN, LACNIC and RIPE NCC]
Database Update Paul Palse Database Manager, RIPE NCC.
Petrozavodsk State University, Alex Moschevikin, 2003NET TECHNOLOGIES Domain Name System HISTORY File hosts (the size of Internet became more than 1000.
1 San Diego, California 25 February Securing Routing: RPKI Overview Mark Kosters Chief Technology Officer.
APNIC Update Paul Wilson Director General. APNIC RIR for Asia Pacific –IP address allocation and management –Open policy development Support for Internet.
Desired IRR Operational Model ~IRR/Whois Interaction~ Kuniaki Kondo (JPNIC IRR Workshop/IIJ) Ikuo Nakagawa (Intec) Takashi Arano (Asia Global Crossing)
Skeeve Stevens APNIC 29, Kuala Lumpur Alternative criteria for subsequent IPv6 allocations Prop-083v002.
IP address Allocation & and Requests AfNOG Workshop, May 2004 Dakar, Senegal.
Technical Area Report Byron Ellacott Technical Area Manager.
18th APNIC Open Policy Meeting SIG: DB Thursday 2 September 2004 Nadi, Fiji Chair: Xing Li.
Prop-080: Removal of IPv4 Prefix Exchange Policy Guangliang Pan Resource Services Manager, APNIC.
17 March 2002IEPG - Minneapolis RIR Update A Joint Presentation Prepared By APNIC, ARIN, RIPE NCC.
1 Madison, Wisconsin 9 September14. 2 Security Overlays on Core Internet Protocols – DNSSEC and RPKI Mark Kosters ARIN Engineering.
1 To Insert AS Origin field into APNIC IP address database Xing Li Shuang Zhu CERNET
1 Discussion of the new DNS generation system DNS Operations SIG APNIC 18 2nd September 2004, Fiji.
1 IPv6 Allocation Policy and Procedure Global IPv6 Summit in China 2007 April 13, 2007 Gerard Ross and Guangliang Pan.
Whois Domain Object Authorisation APNIC18 – DB SIG Nadi, Fiji 2 September 2004.
APNIC Security Update APSIRCC 2002 Tokyo, 25 March 2002.
Database Tutorial 3 September, Kitakyushu, Japan 14 th APNIC Open Policy meeting APNIC.
IP Addressing and ICT Development in the Pacific Islands Anne Lord and Save Vocea, APNIC ICT Workshop, Fiji, November, 2002.
Skeeve Stevens APNIC 31, Hong Kong Alternative criteria for subsequent IPv6 allocations Prop-083v003.
Draft Policy ARIN : Remove NRPM section 7.1.
Early Registration Record Transfers Richard Jimmerson Director of Operations APNIC 11Kuala Lumpur.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E Emerging Registry Criteria ASO General Assembly Budapest, 19 May 2000.
Securing BGP Bruce Maggs. BGP Primer AT&T /8 Sprint /16 CMU /16 bmm.pc.cs.cmu.edu Autonomous System Number Prefix.
1 The Internet Registry System Mirjam Kühne RIPE NCC EC-POP Brussels 5 July 1999.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Address Policy Meeting APNIC Reverse DNS October 26th, Brisbane Bruce.
17 th APNIC Open Policy Meeting APNIC IPv6 Address Guidelines Akira Nakagawa )/ POWEREDCOM Billy MH Cheon / KRNIC Toshiyuki.
Services Area Report Sanjaya Services Area Director.
1 To Insert AS Origin field into APNIC IP address database Xing Li Shuang Zhu CERNET
Prop-077: Proposal to supplement transfer policy of historical IPv4 addresses Wendy Zhao Wei, Jane Zhang & Terence Zhang Yinghao.
RIPE 47: IPv6 WG 27 January 2004 Hotel Krasnapolsky, Amsterdam Jeroen Massar IPv6 Golden Networks.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IP Addresses: A critical resource for Asia-Pacific Internet development China Inet.
Copyright (c) 2002 Japan Network Information Center Proposal for IPv6 Policy for Essential Infrastructure in the AP region Izumi Okutani IP Address Section.
Whois & Data Accuracy Across the RIRs. Terms ISP – An Internet Service Provider is allocated address space by an RIR for the purpose of providing connectivity.
1 APNIC Open Address Policy Meeting Special Interest Group Session March 2nd, Korea, Seoul.
IPv4 Transfer Statistics Analytic View Alain Durand, May 25 th 2016.
Whois Update Guangliang Pan. Overview Differences between APNIC and RIPE Whois Databases Change mnt-by from member’s maintainer to APNIC-HM for aut-num.
Implementation of ARIN's Lame DNS Delegation Policy
IPv6 address deployment status Paul Wilson, APNIC
A Study of DNS Lameness by Ed Lewis ARIN Research Engineer
IPv6 address deployment status Paul Wilson, APNIC
KRNIC Member Workshop November 2001 Seoul, Korea
IPv6 Address Allocation APNIC
RIPE Whois Database Software Recent Changes
A Proposal to Protect Historical Records in APNIC Whois Database
IPv6 Allocation Service in JPNIC
APNIC 22 CNNIC UPDATE 2019/5/23.
IPv6 Allocation Status Update
IPv6 Allocation Status Report
Presentation transcript:

Providing A Subset of Whois Data Via DNS Shuang Zhu Xing Li CERNET Center

Problem Statement Network operators frequently need to check the consistency of the Internet routing Network operators frequently need to check the consistency of the Internet routing Wrong IP prefix announcements (e.g. PA holes) Wrong IP prefix announcements (e.g. PA holes) Unauthorized IP prefix announcements Unauthorized IP prefix announcements But it is sometimes difficult to tell which AS an IP originates and should originate from. But it is sometimes difficult to tell which AS an IP originates and should originate from.

Problem Statement A standardized mechanism to determine the AS origin of an IP address would be useful, particularly as a diagnostic aid for operators. A standardized mechanism to determine the AS origin of an IP address would be useful, particularly as a diagnostic aid for operators.

Current Practices To tell which AS an IP address originates from To tell which AS an IP address originates from sort of routeviews projects, CIDR report, …. sort of routeviews projects, CIDR report, …. analysis of routing tables analysis of routing tables To determine which AS an IP address should originate from To determine which AS an IP address should originate from route registration is a part of the services of IRR route registration is a part of the services of IRR

IRR Providers Global scope IRR providers, typically are: RIR RIR APNIC, RIPE, …. APNIC, RIPE, …. Non-RIR Non-RIR RADB, SAVVIS, …. RADB, SAVVIS, ….

The Observations There exist some shortcomings of IRR There exist some shortcomings of IRR lack of authority lack of authority less accuracy less accuracy not kept up to date not kept up to date

The Observations RIR IRRs RIR IRRs have the authority of route blocks have the authority of route blocks Need membership to register the route, by specifying mnt-routes in inetnum objects Need membership to register the route, by specifying mnt-routes in inetnum objects however, ISPs are sometimes lazy or reluctant to maintain however, ISPs are sometimes lazy or reluctant to maintain In APNIC route database, only about 10% allocated IP addresses registered routes there. In APNIC route database, only about 10% allocated IP addresses registered routes there.

The Observations Non-RIR IRRs Non-RIR IRRs No authority of the route blocks No authority of the route blocks No check, No accuracy guarantee No check, No accuracy guarantee

Non-RIR IRR Examples For example, the answer to the following IRR whois query is obviously incorrect, for /13 actually originates from CERNET AS4538. For example, the answer to the following IRR whois query is obviously incorrect, for /13 actually originates from CERNET AS4538. % whois -h whois.radb.net % whois -h whois.radb.net % whois -h rr.savvis.net % whois -h rr.savvis.net route: /13 descr: China United Telecom origin: AS9800 mnt-by: MAINT-AS9800 changed: source: SAVVIS

Are There Alternatives? Can we indicate IRR route origin, a subset of whois data, via DNS? Can we indicate IRR route origin, a subset of whois data, via DNS? RIR’s IP Allocation database is authoritative RIR’s IP Allocation database is authoritative APNIC, ARIN, RIPE, …. APNIC, ARIN, RIPE, …. There is also a natural authorization, along with the delegation of reverse DNS of the route block There is also a natural authorization, along with the delegation of reverse DNS of the route block

How To Do Via DNS Network operators publish the AS origin of their routing announcements by use of TXT RR in its reverse DNS Network operators publish the AS origin of their routing announcements by use of TXT RR in its reverse DNS.in-addr.arpa. IN TXT “ " “ " “ “.in-addr.arpa. IN TXT “ " “ " “ “e.g in-addr.arpa. IN TXT "4538" " " "13“ in-addr.arpa. IN TXT "4538" " " "13" in-addr.arpa. IN TXT "4538" " " "13" in-addr.arpa. IN TXT "4538" " " "13“ ….

Example Details Example Details /13 is the allocation from APNIC for CERNET /13 is the allocation from APNIC for CERNET inetnum: netname: CERNET-CN descr: China Education and Research Network descr: Room 224, Tsinghua University descr: Beijing, China country: CN … mnt-by: APNIC-HM mnt-lower: MAINT-CERNET-AP changed: status: ALLOCATED PORTABLE changed: source: APNIC

Example Details Example Details /13 is the allocation from APNIC for CERNET /13 is the allocation from APNIC for CERNET inetnum: netname: CERNET descr: China Education and Research Network descr: Room 224, Tsinghua University descr: Beijing, China country: CN … mnt-by: APNIC-HM mnt-lower: MAINT-CERNET-AP changed: status: ALLOCATED PORTABLE source: APNIC

Example Details Example Details APNIC delegates in-addr.arpa. to CERNET name servers. APNIC delegates in-addr.arpa. to CERNET name servers. % +norecurse in-addr.arpa. ns ;; QUESTION SECTION: ; in-addr.arpa. IN NS ;; AUTHORITY SECTION: in-addr.arpa IN NS dns2.edu.cn in-addr.arpa IN NS dns.edu.cn in-addr.arpa IN NS ns2.net.edu.cn.

Example Details Example Details CERNET makes /13 announcement CERNET makes /13 announcement CERNET sets up in-addr.arpa. zone data CERNET sets up in-addr.arpa. zone data in-addr.arpa. IN SOA NS2.NET.EDU.CN. HOSTMASTER.NET.EDU.CN in-addr.arpa. IN NS NS2.NET.EDU.CN in-addr.arpa. IN NS DNS.EDU.CN in-addr.arpa. IN NS DNS2.EDU.CN in-addr.arpa. IN TXT "4538" " " "13"

Example Details Example Details Network operaters make the query, with /16, /24 reverse names Network operaters make the query, with /16, /24 reverse names %dig in-addr.arpa. txt ;; QUESTION SECTION: ; in-addr.arpa. IN TXT ;; ANSWER SECTION: in-addr.arpa IN TXT "4538" " " "13" …

Advantages Natural authorization along with the delegation of reverse dns of the route block Natural authorization along with the delegation of reverse dns of the route block The DNS TXT records are maintained locally, and most likely easy to keep up to date The DNS TXT records are maintained locally, and most likely easy to keep up to date The DNS is a prevalent distributed service with easy adoption The DNS is a prevalent distributed service with easy adoption No obvious disadvantage. No obvious disadvantage.

Conclusion We propose an alternative for establishing IP to AS origin mapping via DNS, hopefully overcoming the drawbacks of IRR. We propose an alternative for establishing IP to AS origin mapping via DNS, hopefully overcoming the drawbacks of IRR. We think this mechanism of providing a subset of Whois Data via DNS is helpful, and easy to implement. We think this mechanism of providing a subset of Whois Data via DNS is helpful, and easy to implement.

Thanks for your time! Comments?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.