Presentation is loading. Please wait.

Presentation is loading. Please wait.

Providing A Subset of Whois Data Via DNS Shuang Zhu Xing Li CERNET Center.

Published byAshlee Merritt Modified over 8 years ago

Similar presentations

Presentation on theme: "Providing A Subset of Whois Data Via DNS Shuang Zhu Xing Li CERNET Center."— Presentation transcript:

1 Providing A Subset of Whois Data Via DNS Shuang Zhu Xing Li CERNET Center

2 Problem Statement Network operators frequently need to check the consistency of the Internet routing Network operators frequently need to check the consistency of the Internet routing Wrong IP prefix announcements (e.g. PA holes) Wrong IP prefix announcements (e.g. PA holes) Unauthorized IP prefix announcements Unauthorized IP prefix announcements But it is sometimes difficult to tell which AS an IP originates and should originate from. But it is sometimes difficult to tell which AS an IP originates and should originate from.

3 Problem Statement A standardized mechanism to determine the AS origin of an IP address would be useful, particularly as a diagnostic aid for operators. A standardized mechanism to determine the AS origin of an IP address would be useful, particularly as a diagnostic aid for operators.

4 Current Practices To tell which AS an IP address originates from To tell which AS an IP address originates from sort of routeviews projects, CIDR report, …. sort of routeviews projects, CIDR report, …. analysis of routing tables analysis of routing tables To determine which AS an IP address should originate from To determine which AS an IP address should originate from route registration is a part of the services of IRR route registration is a part of the services of IRR

5 IRR Providers Global scope IRR providers, typically are: RIR RIR APNIC, RIPE, …. APNIC, RIPE, …. Non-RIR Non-RIR RADB, SAVVIS, …. RADB, SAVVIS, ….

6 The Observations There exist some shortcomings of IRR There exist some shortcomings of IRR lack of authority lack of authority less accuracy less accuracy not kept up to date not kept up to date

7 The Observations RIR IRRs RIR IRRs have the authority of route blocks have the authority of route blocks Need membership to register the route, by specifying mnt-routes in inetnum objects Need membership to register the route, by specifying mnt-routes in inetnum objects however, ISPs are sometimes lazy or reluctant to maintain however, ISPs are sometimes lazy or reluctant to maintain In APNIC route database, only about 10% allocated IP addresses registered routes there. In APNIC route database, only about 10% allocated IP addresses registered routes there.

8 The Observations Non-RIR IRRs Non-RIR IRRs No authority of the route blocks No authority of the route blocks No check, No accuracy guarantee No check, No accuracy guarantee

9 Non-RIR IRR Examples For example, the answer to the following IRR whois query is obviously incorrect, for 211.64.0.0/13 actually originates from CERNET AS4538. For example, the answer to the following IRR whois query is obviously incorrect, for 211.64.0.0/13 actually originates from CERNET AS4538. % whois -h whois.radb.net. 211.64.0.0 % whois -h whois.radb.net. 211.64.0.0 % whois -h rr.savvis.net. 211.64.0.0 % whois -h rr.savvis.net. 211.64.0.0 route: 211.64.0.0/13 descr: China United Telecom origin: AS9800 mnt-by: MAINT-AS9800 changed: noc@cnuninet.com 20050112 source: SAVVIS

10 Are There Alternatives? Can we indicate IRR route origin, a subset of whois data, via DNS? Can we indicate IRR route origin, a subset of whois data, via DNS? RIR’s IP Allocation database is authoritative RIR’s IP Allocation database is authoritative APNIC, ARIN, RIPE, …. APNIC, ARIN, RIPE, …. There is also a natural authorization, along with the delegation of reverse DNS of the route block There is also a natural authorization, along with the delegation of reverse DNS of the route block

11 How To Do Via DNS Network operators publish the AS origin of their routing announcements by use of TXT RR in its reverse DNS Network operators publish the AS origin of their routing announcements by use of TXT RR in its reverse DNS.in-addr.arpa. IN TXT “ " “ " “ “.in-addr.arpa. IN TXT “ " “ " “ “e.g. 64.211.in-addr.arpa. IN TXT "4538" "211.64.0.0" "13“ 65.211.in-addr.arpa. IN TXT "4538" "211.64.0.0" "13" 66.211.in-addr.arpa. IN TXT "4538" "211.64.0.0" "13" 67.211.in-addr.arpa. IN TXT "4538" "211.64.0.0" "13“ ….

12 Example Details Example Details 211.64.0.0/13 is the allocation from APNIC for CERNET 211.64.0.0/13 is the allocation from APNIC for CERNET inetnum: 211.64.0.0 - 211.69.255.255 netname: CERNET-CN descr: China Education and Research Network descr: Room 224, Tsinghua University descr: Beijing, China country: CN … mnt-by: APNIC-HM mnt-lower: MAINT-CERNET-AP changed: hostmaster@apnic.net 19990917 status: ALLOCATED PORTABLE changed: hm-changed@apnic.net 20041214 source: APNIC

13 Example Details Example Details 211.64.0.0/13 is the allocation from APNIC for CERNET 211.64.0.0/13 is the allocation from APNIC for CERNET inetnum: 211.70.0.0 - 211.71.255.255 netname: CERNET descr: China Education and Research Network descr: Room 224, Tsinghua University descr: Beijing, China country: CN … mnt-by: APNIC-HM mnt-lower: MAINT-CERNET-AP changed: hostmaster@apnic.net 20000801 status: ALLOCATED PORTABLE source: APNIC

14 Example Details Example Details APNIC delegates 64-71.211.in-addr.arpa. to CERNET name servers. APNIC delegates 64-71.211.in-addr.arpa. to CERNET name servers. % dig @ns1.apnic.net. +norecurse 64.211.in-addr.arpa. ns ;; QUESTION SECTION: ;64.211.in-addr.arpa. IN NS ;; AUTHORITY SECTION: 64.211.in-addr.arpa. 172800 IN NS dns2.edu.cn. 64.211.in-addr.arpa. 172800 IN NS dns.edu.cn. 64.211.in-addr.arpa. 172800 IN NS ns2.net.edu.cn.

15 Example Details Example Details CERNET makes 211.64.0.0/13 announcement CERNET makes 211.64.0.0/13 announcement CERNET sets up 64.211.in-addr.arpa. zone data CERNET sets up 64.211.in-addr.arpa. zone data 64.211.in-addr.arpa. IN SOA NS2.NET.EDU.CN. HOSTMASTER.NET.EDU.CN. 2006072518 28800 7200 604800 86400 64.211.in-addr.arpa. IN NS NS2.NET.EDU.CN. 64.211.in-addr.arpa. IN NS DNS.EDU.CN. 64.211.in-addr.arpa. IN NS DNS2.EDU.CN. 64.211.in-addr.arpa. IN TXT "4538" "211.64.0.0" "13"

16 Example Details Example Details Network operaters make the query, with /16, /24 reverse names Network operaters make the query, with /16, /24 reverse names %dig 64.211.in-addr.arpa. txt ;; QUESTION SECTION: ;64.211.in-addr.arpa. IN TXT ;; ANSWER SECTION: 64.211.in-addr.arpa. 86400 IN TXT "4538" "211.64.0.0" "13" …

17 Advantages Natural authorization along with the delegation of reverse dns of the route block Natural authorization along with the delegation of reverse dns of the route block The DNS TXT records are maintained locally, and most likely easy to keep up to date The DNS TXT records are maintained locally, and most likely easy to keep up to date The DNS is a prevalent distributed service with easy adoption The DNS is a prevalent distributed service with easy adoption No obvious disadvantage. No obvious disadvantage.

18 Conclusion We propose an alternative for establishing IP to AS origin mapping via DNS, hopefully overcoming the drawbacks of IRR. We propose an alternative for establishing IP to AS origin mapping via DNS, hopefully overcoming the drawbacks of IRR. We think this mechanism of providing a subset of Whois Data via DNS is helpful, and easy to implement. We think this mechanism of providing a subset of Whois Data via DNS is helpful, and easy to implement.

19 Thanks for your time! Comments?

Download ppt "Providing A Subset of Whois Data Via DNS Shuang Zhu Xing Li CERNET Center."

Similar presentations

BGP Unallocated Address Route Server Geoff Huston March 2002.

BGP Unallocated Address Route Server Geoff Huston March 2002.
Database SIG Summary Report Chair – Xing Li APNIC Annual Member Meeting Bangkok, March 7 2002.

Database SIG Summary Report Chair – Xing Li APNIC Annual Member Meeting Bangkok, March
APNIC Internet Routing Registry Routing SIG APNIC-15, Taipei 26 February 2003.

APNIC Internet Routing Registry Routing SIG APNIC-15, Taipei 26 February 2003.
Handling Internet Network Abuse Reports at APNIC 21 October 2010 LAP-CNSA Workshop, Melbourne George Kuo.

Handling Internet Network Abuse Reports at APNIC 21 October 2010 LAP-CNSA Workshop, Melbourne George Kuo.
Sweeping lame DNS reverse delegations APNIC16 – DNS Operations SIG Seoul, Korea, 20 August 2003.

Sweeping lame DNS reverse delegations APNIC16 – DNS Operations SIG Seoul, Korea, 20 August 2003.
IANA Status Update ARIN XXVI meeting, Atlanta Barbara Roseman October 2010.

IANA Status Update ARIN XXVI meeting, Atlanta Barbara Roseman October 2010.
IPv6 Addressing – Status and Policy Report Paul Wilson Director General, APNIC.

IPv6 Addressing – Status and Policy Report Paul Wilson Director General, APNIC.
1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.

1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.
APNIC Internet Routing Registry An introduction to the IRR TWNIC Meeting, 3 December 2003 Nurani Nimpuno, APNIC.

APNIC Internet Routing Registry An introduction to the IRR TWNIC Meeting, 3 December 2003 Nurani Nimpuno, APNIC.
A Study of DNS Lameness Edward Lewis. July 14, 2002 IETF 54 Slide 2 Agenda Lameness Why (Surprise:) Spotty(?) results Approach Plans.

A Study of DNS Lameness Edward Lewis. July 14, 2002 IETF 54 Slide 2 Agenda Lameness Why (Surprise:) Spotty(?) results Approach Plans.
Copyright (c) 2003 Intec NetCore, Inc. All rights Reserved. 1 Proposal: NIR Operated IRR Kuniaki KONDO Intec NetCore, Inc. JPNIC IRR Planning Team Chair.

Copyright (c) 2003 Intec NetCore, Inc. All rights Reserved. 1 Proposal: NIR Operated IRR Kuniaki KONDO Intec NetCore, Inc. JPNIC IRR Planning Team Chair.
Andrei Robachevsky, Shane Kerr. APNIC/APRICOT2001, February 2001, Kuala Lumpur, Malaysia. 1 Routing Registry Consistency Check Presented.

Andrei Robachevsky, Shane Kerr. APNIC/APRICOT2001, February 2001, Kuala Lumpur, Malaysia. 1 Routing Registry Consistency Check Presented.
Reverse DNS. Overview Principles Creating reverse zones Setting up nameservers Reverse delegation procedures.

Reverse DNS. Overview Principles Creating reverse zones Setting up nameservers Reverse delegation procedures.
Technical Area Report Bryon Ellacott, Technical Area Manager APNIC 28.

Technical Area Report Bryon Ellacott, Technical Area Manager APNIC 28.
Anne Lord & Mirjam Kühne. AfNOG Workshop, 10 May 2001. The whois Database Introduction and Usage.

Anne Lord & Mirjam Kühne. AfNOG Workshop, 10 May The whois Database Introduction and Usage.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E Database SIG APNIC Database Privacy Issues 1 March 2001 APRICOT, Malaysia Fabrina.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E Database SIG APNIC Database Privacy Issues 1 March 2001 APRICOT, Malaysia Fabrina.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Introduction and Overview ITU/PITA Joint Workshop Brisbane, October 2001.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Introduction and Overview ITU/PITA Joint Workshop Brisbane, October 2001.
The APNIC Whois Database Introduction and Usage. whois.apnic.net whois.ripe.netwhois.arin.net Server Unix Client ‘X’ Client Command Prompt / Web Interface.

The APNIC Whois Database Introduction and Usage. whois.apnic.net whois.ripe.netwhois.arin.net Server Unix Client ‘X’ Client Command Prompt / Web Interface.
1 IN-ADDR.ARPA and the UNINET Project address space Presentation to ISOC-ZA Workshop Friday 13 September 2002.

1 IN-ADDR.ARPA and the UNINET Project address space Presentation to ISOC-ZA Workshop Friday 13 September 2002.
Copyright © 2011 Japan Network Information Center JPNIC ’ s RQA and Routing Related Activities JPNIC IP Department Izumi Okutani APNIC32 Aug 2011, Busan.

Copyright © 2011 Japan Network Information Center JPNIC ’ s RQA and Routing Related Activities JPNIC IP Department Izumi Okutani APNIC32 Aug 2011, Busan.

Similar presentations

Ads by Google