1 / 18

IANA TLD Zone Inspection

IANA TLD Zone Inspection. Shanghai, China Louis Touton 29 October 2002. Zone File Contents. Includes: List of Domain Names in Zone (‘yahoo.com’) Names of Nameservers (‘ns1.yahoo.com’) IP Addresses of Nameservers (‘192.3.55.2’) Timer Information (‘86400’ seconds) Example contents:

quana
Download Presentation

IANA TLD Zone Inspection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IANA TLD Zone Inspection Shanghai, China Louis Touton 29 October 2002

  2. Zone File Contents Includes: • List of Domain Names in Zone (‘yahoo.com’) • Names of Nameservers (‘ns1.yahoo.com’) • IP Addresses of Nameservers (‘192.3.55.2’) • Timer Information (‘86400’ seconds) Example contents: yahoo.com. 86400 in ns ns1.yahoo.com. ns1.yahoo.com. 86400 in a 192.3.55.2

  3. Zone File Contents Does NOT Include: • Identity of Registrant • Home (or any other) Addresses • Telephone/Fax Numbers • E-mail Addresses • Billing Information

  4. Zone File Contents Does NOT Include: • Identity of Registrant • Home (or any other) Addresses • Telephone/Fax Numbers • E-mail Addresses • Billing Information

  5. Zone File Contents • Zone-file information is public information: • DNS is a public database • That’s how it works: information must be available to everyone on a query basis • Domain names, nameserver names, IP addresses are gathered for publication purposes

  6. Zone File Contents • TLD zone files have are typically available to everyone • .arpa, .edu, .int, root available for ftp download at InterNIC • gTLDs (.com, .net, .biz, .info, .org) available for download on signing zone-file access agreement • 85% of ccTLDs available for public download • Several legitimate public purposes (caching, studies, etc.)

  7. Limits on Access • Early 1990s – Excessive nameserver load problems • Late 1990s – Improper data mining • 1994 – BIND introduces xfernets (later allow-transfer)

  8. IANA Zone File Inspection • Until now, almost always done at time of processing nameserver change requests • Purposes: • Checking technical compliance/interoperability • Allegations of ISP preferences • (Possible) Very short term proxy service

  9. Nameserver Change Process (Typical) • Receive request from TLD operator • Acknowledge request • Verify authorization/authenticity • Assess transition sequence • Verify new nameserver operational status • Obtain zone file • Submit request for root-zone change • Inspect zone file, advise operator of any potential problems • Monitor making of change

  10. Technical Compliance • Many aspects can be checked by individual queries • Some types of problems cannot easily be checked without inspecting zone file: • Multiple nameservers • Malformed host names • Excessive/inappropriate glue records • Unusual RR types • Unusual Domain Inclusions in Zone

  11. History of Zone Inspections • Overall IANA responsibility (RFC 1591): “The Internet Assigned Numbers Authority (IANA) is responsible for the overall coordination and management of the Domain Name System (DNS) . . . .” • In 1980s/early 1990s, IANA (Jon Postel) does zone inspections at time of setting up and changing ccTLD nameservice.

  12. History of Zone Inspections • Manager and IANA responsibilities documented in RFC 1591 (March 1994): “The designated manager must do a satisfactory job of operating the DNS service for the domain. “There must be a primary and a secondary nameserver that have IP connectivity to the Internet and can be easily checked for operational status and database accuracy by the IR [the InterNIC] and the IANA. “

  13. History of Zone Inspections • Manager and IANA responsibilities documented in RFC 1591 (March 1994): “The designated manager must do a satisfactory job of operating the DNS service for the domain. “There must be a primary and a secondary nameserver that have IP connectivity to the Internet and can be easily checked for operational status and database accuracy by the IR [the InterNIC] and the IANA. “

  14. History of Zone Inspections • ICP-1 (May 1999) reiterates zone-file access requirement. • GAC Principles (February 2000) – ccTLD managers should commit to provide IANA access “for purposes of verifying and ensuring the operational stability of the ccTLD only”.

  15. History of Zone Inspections • Principle also adopted by ITU in its January 1999 proposal to operate .int: “13. Name servers “For registration of active domain names there must be an operational primary and an operational secondary Internet Domain Name System (DNS) name server preferably located on different continents. Both need permanent IP connectivity to the Internet (for queries and zone transfers) in order that they can be easily checked for operational status and database accuracy at any time by the Registrar.”

  16. History of Zone Inspections • KPNQwest Bankruptcy—May 2002 • 67 ccTLDs hosted on ns.eu.net • RIPE NCC agrees to operate indefinitely • 62 of 67 allow zone access; 5 do not • Discussion highlights need for process improvements to address DNS Quality issues • Cerf/Lynn message to Names Council • Names Council resolution endorsing referral to Security Committee

  17. Status of ns.eu.net Changes As of 24 October 2002: • 67 changes to be made • 44 completed • 10 in process • 13 ccTLD managers prompted to submit request

  18. Addressing the DNS Quality Issue (Thanks to ccTLD managers for these suggestions: ) • Improved information flow/education • Option for third-part audit • Self-evaluation through IANA-supplied scripts

More Related