Presentation is loading. Please wait.

Presentation is loading. Please wait.

Improving DNS contents in the RRR world Ólafur Guðmundsson Steve Crocker 2012 Oct.

Published byJaheem Loner Modified over 9 years ago

Similar presentations

Presentation on theme: "Improving DNS contents in the RRR world Ólafur Guðmundsson Steve Crocker 2012 Oct."— Presentation transcript:

1 Improving DNS contents in the RRR world Ólafur Guðmundsson Steve Crocker ogud@shinkuro.comogud@shinkuro.com steve@shinkuro.comsteve@shinkuro.com 2012 Oct 171ogud@shinkuro.com

2 DNS view of the RRR world Registrant Registrar Registry Parent DNS servers Child DNS servers DNS operator DNS resolvers 2012 Oct 172ogud@shinkuro.com

3 Relationship combinations: DNS information flow Registrant operates DNS ◦ Uses registration interface to change DNS information. Registrar operates DNS ◦ Registrar updates Registry directly External party operates DNS ◦ DNS operator asks registrant to make changes  (DNS operator never has access to registrant’s account ) 2012 Oct 173ogud@shinkuro.com

4 Current Situation: Observed problems External DNS operator has hard time to change DNS records (NS and DS) in registry. Technical Consequences: ◦ Moving name servers is hard  Name server list goes partially stale  Each name server may have many names ◦ DNSSEC Key change fails 2012 Oct 174ogud@shinkuro.com

5 Contacts vs Roles vs Accounts ICANN registration requires 3 contacts, administrative, technical, billing Commonly for each registration there is one account at registration  anyone with access to account can do everything, update, pay, transfer etc. 2012 Oct 175ogud@shinkuro.com

6 Administrative Solution: Sub accounts The ability to delegate roles to other accounts ◦ DNS operator is technical  update DNS ◦ Billing is gets bills  can pay bills ◦ Administrative can perform all operations,  only one able to do transfer 2012 Oct 176ogud@shinkuro.com

7 Technical Alternative: Registrar automates upload of DNS information With DNSSEC the contents of NS and DNSKEY sets can be authenticated and used for updated registry information ◦ NS + RRSIG(NS)  NS in registry ◦ DNSKEY + RRSIG(DNSKEY)  DS in registry  Possible: CDS + RRSIG(DNSKEY)  DS in registry Registrars can either perform this on schedule or when Registrant or DNS Operator requests via automated registration interface 2012 Oct 177ogud@shinkuro.com

8 Thank you 2012 Oct 178ogud@shinkuro.com

Download ppt "Improving DNS contents in the RRR world Ólafur Guðmundsson Steve Crocker 2012 Oct."

Similar presentations

SSAC Overview May 23, 2006 Steve Crocker

SSAC Overview May 23, 2006 Steve Crocker
DNSSEC in Windows Server. DNS Server changes Provide DNSSEC support in the DNS server – Changes should allow federal agencies to comply with SC-20 and.

DNSSEC in Windows Server. DNS Server changes Provide DNSSEC support in the DNS server – Changes should allow federal agencies to comply with SC-20 and.
Practical Considerations for DNSSEC Automation Joe Gersch OARC Presentation September 24, 2008.

Practical Considerations for DNSSEC Automation Joe Gersch OARC Presentation September 24, 2008.
Whois Task Force GNSO Public Forum Wellington March 28, 2006.

Whois Task Force GNSO Public Forum Wellington March 28, 2006.
2001_03_28 SG A contribution– 1 Dept of State ITAC-T Advisory Committee SG-A Ad Hoc Meeting on ENUM March 28th & 29th, 2001 ENUM CONTRIBUTION TITLE: ENUM.

2001_03_28 SG A contribution– 1 Dept of State ITAC-T Advisory Committee SG-A Ad Hoc Meeting on ENUM March 28th & 29th, 2001 ENUM CONTRIBUTION TITLE: ENUM.
Session 171 Comparative Emergency Management Session 17 Slide Deck.

Session 171 Comparative Emergency Management Session 17 Slide Deck.
Copyright © 2008 Cengage Learning Understanding Generalist Practice, 5e, Kirst-Ashman/Hull 171.

Copyright © 2008 Cengage Learning Understanding Generalist Practice, 5e, Kirst-Ashman/Hull 171.
CcTLD Workshop - Jordon 26th -29th Nov, 2007 LIBYA Telecom & Technology GPTC General Post & Telecommunications company Husam Abolhol Adel Elfezani.

CcTLD Workshop - Jordon 26th -29th Nov, 2007 LIBYA Telecom & Technology GPTC General Post & Telecommunications company Husam Abolhol Adel Elfezani.
SDL Tridion Community Webinar Navigation and SDL Tridion.

SDL Tridion Community Webinar Navigation and SDL Tridion.
DNS Transfers in DNSSEC world Olafur Gudmundsson Steve Crocker Shinkuro, Inc.

DNS Transfers in DNSSEC world Olafur Gudmundsson Steve Crocker Shinkuro, Inc.
ICANN Security and Stability Advisory Committee ICANN Meetings Rio de Janeiro March 26, 2003.

ICANN Security and Stability Advisory Committee ICANN Meetings Rio de Janeiro March 26, 2003.
APNIC Member Services George Kuo. MyAPNIC 2 What is MyAPNIC A secure Member services website Internet resources management, for example: –Whois updates.

APNIC Member Services George Kuo. MyAPNIC 2 What is MyAPNIC A secure Member services website Internet resources management, for example: –Whois updates.
Deploying DNSSEC in Windows Server 2012 David Cates Platform Services Group Microsoft Corporation.

Deploying DNSSEC in Windows Server 2012 David Cates Platform Services Group Microsoft Corporation.
Bangkok October 2005 Slide 1 Whois Services Jaap Akkerhuis

Bangkok October 2005 Slide 1 Whois Services Jaap Akkerhuis
Measuring DNSSEC validation i.e. how to do it Ólafur Guðmundsson Steve Crocker ogud, steve at shinkuro.com.

Measuring DNSSEC validation i.e. how to do it Ólafur Guðmundsson Steve Crocker ogud, steve at shinkuro.com.
.| The Trusted Channel Centric Marketplace Domain Name Transfers & Domain Delegation.

.| The Trusted Channel Centric Marketplace Domain Name Transfers & Domain Delegation.
Massive Scale Name Management: Lessons Learned from the.COM Namespace Mark Kosters 20 Aug 1999.

Massive Scale Name Management: Lessons Learned from the.COM Namespace Mark Kosters 20 Aug 1999.
IANA Status Update ARIN XXVI meeting, Atlanta Barbara Roseman October 2010.

IANA Status Update ARIN XXVI meeting, Atlanta Barbara Roseman October 2010.
Survey of DNSSEC Lutz Donnerhacke DNSSEC Meeting (2008-01-16)

Survey of DNSSEC Lutz Donnerhacke DNSSEC Meeting ( )
1 SecSpider: Distributed DNSSEC Monitoring Eric Osterweil Michael Ryan Dan Massey Lixia Zhang.

1 SecSpider: Distributed DNSSEC Monitoring Eric Osterweil Michael Ryan Dan Massey Lixia Zhang.

Similar presentations

Ads by Google