1 Discussion of the new DNS generation system DNS Operations SIG APNIC 18 2nd September 2004, Fiji.

Slides:

Advertisements

Similar presentations

Reverse DNS SIG Summary Report APNIC Annual Member Meeting Bangkok, March

Advertisements

1 [prop-054] Revision of APNIC-103-v001 NIR SIG 27 February 2008 APNIC 25, Taipei George Michaelson.

Operational Policies for NIRs in the APNIC Region NIR Meeting APNIC14, Kitakyushu, Japan 4 Sept 2002.

1 Deprecation of ip6.int reverse DNS service in APNIC Project update IPv6 technical SIG, APNIC 21 1 March 2006 Sanjaya.

Early Registration Transfer (ERX) Update George Michaelson DNS SIG APNIC17/APRICOT 2004 Feb KL, Malaysia.

TWNIC RMS Update 16 th APNIC NIR SIG TWNIC Sheng Wei Kuo Aug, 2003.

1 Addition of IPv6 servers to in-addr.arpa tree DNS Operations Sig APNIC 18 2 September 2004, Fiji.

State of DNS Security Extensions Edward Lewis February 26, 2001 APRICOT 2001 Panel.

Managing IP addresses for your private clouds 2013 ASEAN CAS Summit Bangkok, Thailand 7 February 2013 George Kuo Member Services Manager.

APNIC Member Services George Kuo. MyAPNIC 2 What is MyAPNIC A secure Member services website Internet resources management, for example: –Whois updates.

Deploying DNSSEC in Windows Server 2012 David Cates Platform Services Group Microsoft Corporation.

Sweeping lame DNS reverse delegations APNIC16 – DNS Operations SIG Seoul, Korea, 20 August 2003.

1 prop-018-v001 Protecting historical records in the APNIC Whois Database Project Update DB SIG APNIC18 2 September 2004 Nadi, Fiji Sanjaya, Project Manager,

IANA Status Update ARIN XXVI meeting, Atlanta Barbara Roseman October 2010.

IANA Update APNIC 31, Hong Kong February Agenda 2 Addressing DNSSEC Root management Continuity Exercise Business Excellence.

The new APNIC DNS generation system. Previous System Direct access to backend whois.db files – Constructed radix tree in memory from domain objects –

DNS Security Extension (DNSSEC). Why DNSSEC? DNS is not secure –Applications depend on DNS ►Known vulnerabilities DNSSEC protects against data spoofing.

Services Area Report Sanjaya Services Area Director.

1 [prop-038] Proposal to amend APNIC Lame DNS reverse delegation policy Policy SIG 7 Sep 2006 APNIC 22, Kaohsiung, Taiwan Terry Manderson.

APNIC Update IPv4 Exhaustion Reached “Final /8” on 15 April /8 New allocation policy activated Up to /22 per member From 15 April.

Reverse DNS. Overview Principles Creating reverse zones Setting up nameservers Reverse delegation procedures.

Technical Area Report Bryon Ellacott, Technical Area Manager APNIC 28.

Deploying DNSSEC in Windows Server 2012 Rob Kuehfus Program Manager Microsoft Corporation WSV325.

Olaf M. Kolkman. Apricot 2003, February 2003, Amsterdam. /disi Steps towards a secured DNS Olaf M. Kolkman, Henk Uijterwaal, Daniel.

IANA Activities Update RIPE 68 Warsaw, Poland May 2014.

Providing A Subset of Whois Data Via DNS Shuang Zhu Xing Li CERNET Center.

DNS Registries. Overview What is a DNS registry? –DNS registries –Data In –Data Out –Transactions Registry Structure –Registry –Registrars –Registrants.

Technical Area Report Byron Ellacott Technical Area Manager.

1 APNIC reverse DNS management roadmap DNS operations SIG, APNIC 21 2 March 2006.

1 San Diego, California 25 February Securing Routing: RPKI Overview Mark Kosters Chief Technology Officer.

APNIC Status Report RIPE 45 Barcelona May The APNIC Region Ref

Secured Dynamic Updates. Caution Portions of this slide set present features that do not appear in BIND until BIND 9.3 –Snapshot code is available for.

Regional Internet Registries Statistics & Activities IETF 55 Atlanta Prepared By APNIC, ARIN, LACNIC, RIPE NCC.

Technical Area Report Byron Ellacott Technical Area Manager.

Status report on Lame Delegations (work in progress) George Michaelson DB SIG APNIC17/APRICOT 2004 Feb KL, Malaysia.

18th APNIC Open Policy Meeting SIG: DB Thursday 2 September 2004 Nadi, Fiji Chair: Xing Li.

APNIC Status Report ARIN X Eugene, Oregon Oct 30-Nov 1, 2002.

Early Registration Transfer Project Status Update.

Sweeping Lame DNS Delegations A Proposal DNS OPS SIG APNIC 15, Taipei, Taiwan 26 February 2003.

1 Madison, Wisconsin 9 September14. 2 Security Overlays on Core Internet Protocols – DNSSEC and RPKI Mark Kosters ARIN Engineering.

AU, March 2, DNSSEC, APNIC, & how EPP might play a Role Ed Lewis DNS SIG APNIC 21.

NZNOG 2012 APNIC Update and much more… 1 Elly Tawhai Senior Internet Resource Analyst/Liaison Officer, Pacific, APNIC.

Whois Domain Object Authorisation APNIC18 – DB SIG Nadi, Fiji 2 September 2004.

IRINNIRINN Ajai Kumar Manager, NIXI APNIC 38 Brisbane, Australia.

APNIC Report RIPE 43 Rhodes, Greece 9-13 September 2002.

APNIC Security Update APSIRCC 2002 Tokyo, 25 March 2002.

Publishing zone scan data using an open data portal Sebastian Castro OARC Workshop Montreal – Oct 2015.

OpenDNSSEC Deployment Tianyi Xing. Roadmap By mid-term – Establish a DNSSEC server within the mobicloud system (Hopfully be done by next week) Successfully.

Early Registration Record Transfers Richard Jimmerson Director of Operations APNIC 11Kuala Lumpur.

IEPG November 1999 APNIC Status Report. Membership Resource Status Recent Developments Future Plans Questions?

1 Lame delegation status report DNS Operations SIG APNIC , Hanoi.

APNIC Status Report ARIN XII October, 2003 Chicago.

APNIC Feb., 2004 Copyright (c) 2004 Japan Network Information Center. All Rights Reserved.1 NIR System BoF report for NIR SIG Shin Yamasaki Engineering.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Address Policy Meeting APNIC Reverse DNS October 26th, Brisbane Bruce.

Services Area Report Sanjaya Services Area Director.

APNIC LAME NS measurements. Overview Methodology Initial outcomes from 128 days runtime How bad is the problem? LAME-ness trends Proposals for dealing.

Aug 2008 KRNIC of NIDA KRNIC Updates.

APNIC DNSSEC deployment considerations APNIC 23, Bali George Michaelson R&D Officer APNIC.

APNIC Update Elly Tawhai Senior Internet Resource Analyst/Liaison Officer, Pacific, APNIC AusNOG

Using Digital Signature with DNS. DNS structure Virtually every application uses the Domain Name System (DNS). DNS database maps: –Name to IP address.

1 DNS Operations SIG Report Joe Abley, ISC APNIC 18 Nadi, Fiji, September 2004.

Implementation of ARIN's Lame DNS Delegation Policy

A proposal to deprecate ip6.int reverse DNS service in APNIC

IPv6 Allocation Status Report

Sanjaya, Project Manager, APNIC Secretariat

DNS Operations SIG APNIC , Kyoto

Requirements for running a local WHOIS service

Status Report on Policy Implementation at the APNIC Secretariat

Status Report on Policy Implementation at the APNIC Secretariat

Whois Database Upgrade

Presentation transcript:

1 Discussion of the new DNS generation system DNS Operations SIG APNIC 18 2nd September 2004, Fiji

2 Overview Current DNS Generation process The New Process Implementation Status Future Considerations Discussion

3 The current process whois Domain object Zone files RIR (ERX) NIR Zone merge Zone files DNS servers

4 The current process Zones are a composite of: WHOIS data (domain objects) “zone-lets” received from NIR/RIR Zone generation takes 27minutes (mostly data fetch delays) Zones valid, but ‘dirty’ /24 records in addition to covering /16 Manual zone addition process Not scalable

5 The new process whois RIR (ERX) NIR Zone files DNS servers DNS database

6 The new process Benefits All inputs pre-validated Zone generation under 1 minute Zone management improvements Lame delegation synergies Future flexibility (SECDNS) Zone consistency ‘Cleaner’ zone files Removal of manual processes

7 Implementation state 95% functioning Makes zones, not yet published to NS No Management interface Zone state comparative testing (against current system) Expected deployment date: End of Nov ‘04

8 Future considerations DNSSEC support How to maintain delegates DNS KEY? How to re-sign zone? Ongoing coordination with RIR/NIR In-addr.arpa glue Direct update from stakeholders Per delegation record! Dynamic DNS

9 Discussion?