1 / 8

Improving DNS contents in the RRR world

Improving DNS contents in the RRR world. Ólafur Guðmundsson Steve Crocker ogud@shinkuro.com steve@shinkuro.com. DNS view of the RRR world. Child DNS servers. DNS operator. Registrant. Registrar. DNS resolvers. Parent DNS servers. Registry.

lucy-burt
Download Presentation

Improving DNS contents in the RRR world

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Improving DNS contents in the RRR world Ólafur Guðmundsson Steve Crocker ogud@shinkuro.comsteve@shinkuro.com ogud@shinkuro.com

  2. DNS view of the RRR world Child DNS servers DNS operator Registrant Registrar DNS resolvers Parent DNS servers Registry ogud@shinkuro.com

  3. Relationship combinations:DNS information flow • Registrant operates DNS • Uses registration interface to change DNS information. • Registrar operates DNS • Registrar updates Registry directly • External party operates DNS • DNS operator asks registrant to make changes • (DNS operator never has access to registrant’s account ) ogud@shinkuro.com

  4. Current Situation: Observed problems • External DNS operator has hard time to change DNS records (NS and DS) in registry. • Technical Consequences: • Moving name servers is hard • Name server list goes partially stale • Each name server may have many names • DNSSEC Key change fails ogud@shinkuro.com

  5. Contacts vs Roles vs Accounts • ICANN registration requires 3 contacts, administrative, technical, billing • Commonly for each registration there is one account at registration  anyone with access to account can do everything, update, pay, transfer etc. ogud@shinkuro.com

  6. Administrative Solution: Sub accounts • The ability to delegate roles to other accounts • DNS operator is technical  update DNS • Billing is gets bills  can pay bills • Administrative can perform all operations, • only one able to do transfer ogud@shinkuro.com

  7. Technical Alternative: Registrar automates uploadof DNS information • With DNSSEC the contents of NS and DNSKEY sets can be authenticated and used for updated registry information • NS + RRSIG(NS)  NS in registry • DNSKEY + RRSIG(DNSKEY)  DS in registry • Possible: CDS + RRSIG(DNSKEY)  DS in registry • Registrars can either perform this on schedule or when Registrant or DNS Operator requests via automated registration interface ogud@shinkuro.com

  8. Thank you ogud@shinkuro.com

More Related