1 / 21

Update on Multiple Name Servers Policy

This update covers changes allowing multiple name servers to share the same IP address across .com, .net, and .org domains, including removal of orphan A records and introduction of IPv6 support. Feedback sought on IPv6 address ranges. Zone file format improvements coming. VeriSign's RRP 2.0 with IPv6 support.

nsilver
Download Presentation

Update on Multiple Name Servers Policy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. com/net/org Registry Updatefor NANOG24 Matt Larson <mlarson@verisign.com> VeriSign Global Registry Services

  2. Multiple Name Servers with the Same IP Address • Multiple name servers (glue A records) with the same IP address have not been allowed. • For example: foo.com. NS ns1.foo.com. bar.com. NS ns1.bar.com. ns1.foo.com. A 192.0.0.1 ; Only one ns1.bar.com. A 192.0.0.1 ; allowed

  3. Multiple Name Servers with the Same IP Address • This restriction was relaxed as of January 19, 2002. • Multiple name servers across com, net and org can all share the same IP address.

  4. Changes Coming Soon • The following changes are scheduled for mid-May, 2002: • “Orphan” A record removal • IPv6 support • Zone file format changes

  5. “Orphan” A Record Removal • For historical reasons, “orphan” A records appear in the com, net and org zones. • Orphan A record: an A record whose owner name does not appear in the RDATA of an NS record. • For example: foo.com. NS ns1.foo.com. foo.com. NS ns2.foo.com. ns1.foo.com. A 192.0.0.1 ns2.foo.com. A 192.0.0.2 ns3.foo.com. A 192.0.0.3 ; Orphan

  6. “Orphan” A Record Scenarios • Domain is delegated; orphan in that domain exists. • Orphan occludes any A records of the same domain name in the delegated zone. • “Why can’t I change the IP address of www.mydomain.com?” • Deleting the orphan might or might not cause a problem.

  7. “Orphan” A Record Scenarios • Orphan exists for an undelegated domain. • E.g., A record for www.mydomain.com, but mydomain.com isn’t a registered domain. • Getting a “free ride” and might or might not realize it. • Potentially surprising when deleted.

  8. “Orphan” A Record Removal • About 200,000 orphan A records today. • Current plan is to delete them in mid-May, 2002. • What we’re doing: • Sending registrars lists of their specific problem children. • Publishing a list of all orphans on www.verisign-grs.com. • Notifying interested parties, such as network operators, RIRs, etc.

  9. IPv6 Support • Currently, you can only register A records as name servers for com, net and org zones. • Starting in mid-May, 2002, you can also register AAAA records. • No A6 support is planned. • AAAA records, if present, will be returned along with A records in the Additional section of replies.

  10. IPv6 Support • Kinds of IPv6 addresses allowed: • Only global unicast • No multicast, site-local unicast or link-local unicast • No IPv4-compatible • No IPv4-mapped • Must be from a block allocated to an RIR • Looking for feedback on these choices.

  11. IPv6 Support • Actual address ranges to be allowed: • Looking for feedback on this list.

  12. IPv6 Support • All com, net and org resolution continues over IPv4 transport only, just as today. • Not planning on com, net and org name servers accessible via IPv6 transport until 2003.

  13. Zone File Format Changes • VeriSign GRS generates the com, net, org and edu zone files twice daily. • The current format is verbose and makes for large files. • Optimizations coming in mid-May, 2002: • Relative (i.e., non-fully qualified) domain names • Use $TTL to avoid explicit TTLs on every record • Eliminate redundant IN class on every record

  14. New Zone Format Example $ORIGIN COM. $TTL 518400 @ IN SOA A.GTLD-SERVERS.NET. nstld.verisign-grs.com. ( 2002012100 ; serial 1800 ; refresh every 30 min 900 ; retry every 15 min 604800 ; expire after a week 3600 ) ; negative caching TTL NS A.GTLD-SERVERS.NET. NS B.GTLD-SERVERS.NET. NS C.GTLD-SERVERS.NET. NS D.GTLD-SERVERS.NET. ; ... A.GTLD-SERVERS.NET. A 192.5.6.30 B.GTLD-SERVERS.NET. A 192.33.14.30 C.GTLD-SERVERS.NET. A 192.26.92.30 D.GTLD-SERVERS.NET. A 192.31.80.30 ; ... $TTL 172800 BOGUS-EXAMPLE NS NS1.BOGUS-EXAMPLE BOGUS-EXAMPLE NS NS2.BOGUS-EXAMPLE BOGUS-EXAMPLE NS NS1.BIG-ISP.NET. ; ... NS1.BOGUS-EXAMPLE A 192.1.1.1 NS1.BOGUS-EXAMPLE A 192.1.1.2

  15. RRP Changes • For any com/net/org registrars out there… • VeriSign’s Registry Registrar Protocol (RRP) is being updated. • RRP 2.0 provides support for, among other things, IPv6 addresses. • The Internet-Draft is available at http://ftp.ietf.org/internet-drafts/draft-hollenbeck-rfc2832bis-00.txt

  16. EPP • On a related topic… • The succesor to RRP is the Extensible Provisioning Protocol (EPP), the work of the IETF provreg Working Group. • The EPP documents recently passed WG last call and will be sent to the IESG soon. • More information at http://www.ietf.org/html.charters/provreg-charter.html

  17. Metrics: Registrars • 96 active ICANN-accredited registrars • As of December, 2001 • The registrars register com, net and org domains using the Shared Registration System (SRS).

  18. Metrics: SRS

  19. Metrics: SRS

  20. Metrics: DNS, Zones

  21. Metrics: DNS, Resolution

More Related