Status of DNS David Lawrence, Nominum, Inc. Mathias Koerber, Nominum, Inc. ammended 24aug2001 David...
-
Upload
marvin-boyd -
Category
Documents
-
view
222 -
download
0
Transcript of Status of DNS David Lawrence, Nominum, Inc. Mathias Koerber, Nominum, Inc. ammended 24aug2001 David...
![Page 1: Status of DNS David Lawrence, Nominum, Inc. Mathias Koerber, Nominum, Inc. ammended 24aug2001 David Conrad, Nominum, Inc.](https://reader036.fdocuments.us/reader036/viewer/2022082411/5697bf8c1a28abf838c8b817/html5/thumbnails/1.jpg)
Status of DNS
David Lawrence, Nominum, Inc.
Mathias Koerber, Nominum, Inc.
ammended 24aug2001
David Conrad, Nominum, Inc.
![Page 2: Status of DNS David Lawrence, Nominum, Inc. Mathias Koerber, Nominum, Inc. ammended 24aug2001 David Conrad, Nominum, Inc.](https://reader036.fdocuments.us/reader036/viewer/2022082411/5697bf8c1a28abf838c8b817/html5/thumbnails/2.jpg)
Overview
• Name space hierarchy• Multilingual DNS• Software status
![Page 3: Status of DNS David Lawrence, Nominum, Inc. Mathias Koerber, Nominum, Inc. ammended 24aug2001 David Conrad, Nominum, Inc.](https://reader036.fdocuments.us/reader036/viewer/2022082411/5697bf8c1a28abf838c8b817/html5/thumbnails/3.jpg)
New generic TLDs
• ICANN adopted 7 new gTLDs• .aero (Air-tranport industry)• .biz (businesses)• .coop( cooperatives)• .info (unrestricted use)• .museum (museums)• .name (individuals)• .pro (accountants, lawyers etc)
• Expected to take up operation later this year
![Page 4: Status of DNS David Lawrence, Nominum, Inc. Mathias Koerber, Nominum, Inc. ammended 24aug2001 David Conrad, Nominum, Inc.](https://reader036.fdocuments.us/reader036/viewer/2022082411/5697bf8c1a28abf838c8b817/html5/thumbnails/4.jpg)
Root servers
• Root servers handle just the root zone• TLD's moved to separate servers
![Page 5: Status of DNS David Lawrence, Nominum, Inc. Mathias Koerber, Nominum, Inc. ammended 24aug2001 David Conrad, Nominum, Inc.](https://reader036.fdocuments.us/reader036/viewer/2022082411/5697bf8c1a28abf838c8b817/html5/thumbnails/5.jpg)
Multilinugual DNS, IETF
• Current IETF track focusing on application-only solutions
• Based on consensus of working group at San Diego IETF
• Will use an ASCII-Compatible Encoding (ACE) of Unicode.
• New IETF IDN WG task force formed to pick an ACE.
![Page 6: Status of DNS David Lawrence, Nominum, Inc. Mathias Koerber, Nominum, Inc. ammended 24aug2001 David Conrad, Nominum, Inc.](https://reader036.fdocuments.us/reader036/viewer/2022082411/5697bf8c1a28abf838c8b817/html5/thumbnails/6.jpg)
Multilingual DNS, IETF (2)
• IETF is committed to the principle of a single unified root for the Internet.
• Fast-tracked IDN within IETF.• Expect final standard in late 2001.
![Page 7: Status of DNS David Lawrence, Nominum, Inc. Mathias Koerber, Nominum, Inc. ammended 24aug2001 David Conrad, Nominum, Inc.](https://reader036.fdocuments.us/reader036/viewer/2022082411/5697bf8c1a28abf838c8b817/html5/thumbnails/7.jpg)
Multilingual DNS, Other Organizations
• MINC - Multilingual Internet Names Consortium• JET- Joint Engineering Taskforce
• CNNIC, JPNIC, KRNIC and TWNIC
• CDNC - Chinese Domain Name Consortium• CNNIC, HKNIC, MONIC, and TWNIC
• AINC - Arabic Internet Names Consortium• INFITT - Int'l Forum for IT in Tamil• ... more to come!
![Page 8: Status of DNS David Lawrence, Nominum, Inc. Mathias Koerber, Nominum, Inc. ammended 24aug2001 David Conrad, Nominum, Inc.](https://reader036.fdocuments.us/reader036/viewer/2022082411/5697bf8c1a28abf838c8b817/html5/thumbnails/8.jpg)
Multilingual DNS, MINC
• Formed early summer, 2000.• Working on both interoperability testing and
registration policy.• Testing plan is being developed now
• Intent is to contract one more organizations to perform testing on the behalf of MINC.
• Would certify software with a MINC seal as being IDN-compatible.
![Page 9: Status of DNS David Lawrence, Nominum, Inc. Mathias Koerber, Nominum, Inc. ammended 24aug2001 David Conrad, Nominum, Inc.](https://reader036.fdocuments.us/reader036/viewer/2022082411/5697bf8c1a28abf838c8b817/html5/thumbnails/9.jpg)
Software Status
• BIND-9.1.3 released• full BIND-9 release• complete re-write (no code from BIND-8 remains)• improved security (no glue-fetching by default, always
uses ID-pool for query/reply identification)• 9.2 in release candidate stage, Final in two weeks?
![Page 10: Status of DNS David Lawrence, Nominum, Inc. Mathias Koerber, Nominum, Inc. ammended 24aug2001 David Conrad, Nominum, Inc.](https://reader036.fdocuments.us/reader036/viewer/2022082411/5697bf8c1a28abf838c8b817/html5/thumbnails/10.jpg)
BIND-9 highlights:
• Multi-threading support (on MT-capable OSes)• Views• EDNS0 support (for future additions)• Full IPv6 & DNSSEC support• Zone transfers built-in (no separate executable)• named-checkconf & named-checkzone scripts
help zone-checking
![Page 11: Status of DNS David Lawrence, Nominum, Inc. Mathias Koerber, Nominum, Inc. ammended 24aug2001 David Conrad, Nominum, Inc.](https://reader036.fdocuments.us/reader036/viewer/2022082411/5697bf8c1a28abf838c8b817/html5/thumbnails/11.jpg)
BIND-9.1.x
• lightweight resolver• library• lwresd daemon• required for IPv6 (DNAME chaining, A6 record
handling)
• rndc remote nameserver administration tool• improved control over dynamic updates: update-
policy• new algorithm scheduling SOA queries - scales
better• hooks for DB backend
![Page 12: Status of DNS David Lawrence, Nominum, Inc. Mathias Koerber, Nominum, Inc. ammended 24aug2001 David Conrad, Nominum, Inc.](https://reader036.fdocuments.us/reader036/viewer/2022082411/5697bf8c1a28abf838c8b817/html5/thumbnails/12.jpg)
upgrade to BIND-9
• changes in named.conf syntax may require changes to backend tools
• changes to logging categories etc.• default TTL handling has changed• stricter zonefile syntax checking• stricter named.conf syntax checking• statistics will be available through rndc
![Page 13: Status of DNS David Lawrence, Nominum, Inc. Mathias Koerber, Nominum, Inc. ammended 24aug2001 David Conrad, Nominum, Inc.](https://reader036.fdocuments.us/reader036/viewer/2022082411/5697bf8c1a28abf838c8b817/html5/thumbnails/13.jpg)
Software status
• bugfix releases• 8.2.3: fixes vulnerability, exploits publically available!• recommended not to run BIND <= 8.2.2p7 anymore• 4.9.8: vulnerability fix for 4.9.7• BIND-9 not affected (new codebase!)• use of BIND-4 is not recommended!• 8.2.5 is in RC stage• 8.2.4 recommended for those who CAN’T migrate to 9• 8.2, 8.2.1, 8.2.2 all have publicly available exploits
![Page 14: Status of DNS David Lawrence, Nominum, Inc. Mathias Koerber, Nominum, Inc. ammended 24aug2001 David Conrad, Nominum, Inc.](https://reader036.fdocuments.us/reader036/viewer/2022082411/5697bf8c1a28abf838c8b817/html5/thumbnails/14.jpg)
new developments will be made to BIND-9
• BIND-9.2 has:• no SNMP support (DNS MIBS are historic)• BIND 8 resolver library for backward compatability• Internal parser to catch “corner” cases.• cache-size cap• AAAA synthesis if only A6 exists
![Page 15: Status of DNS David Lawrence, Nominum, Inc. Mathias Koerber, Nominum, Inc. ammended 24aug2001 David Conrad, Nominum, Inc.](https://reader036.fdocuments.us/reader036/viewer/2022082411/5697bf8c1a28abf838c8b817/html5/thumbnails/15.jpg)
Summary
• DNS is a critical part of the Internet Infrastructure• A successful Internet needs a well-run DNS
• Internet Enhancements (IPv6, security etc) require DNS enhancements• A lot of progress is being made in DNS
• On-going testbeds provide participants with valuable experience for upcoming implementation
![Page 16: Status of DNS David Lawrence, Nominum, Inc. Mathias Koerber, Nominum, Inc. ammended 24aug2001 David Conrad, Nominum, Inc.](https://reader036.fdocuments.us/reader036/viewer/2022082411/5697bf8c1a28abf838c8b817/html5/thumbnails/16.jpg)
Summary (cont.)
• Keep up to date with current versions!• better security (and bugfixes)• new features -> new services
![Page 17: Status of DNS David Lawrence, Nominum, Inc. Mathias Koerber, Nominum, Inc. ammended 24aug2001 David Conrad, Nominum, Inc.](https://reader036.fdocuments.us/reader036/viewer/2022082411/5697bf8c1a28abf838c8b817/html5/thumbnails/17.jpg)
Future…
• ISC will continue to track IETF DNS activities• OPT-IN, Delegation Signer, IDN, etc.
• Code continues to evolve• Genetic diversity encourages interoperability testing• Bug Fixes, Portability, Code contributions• Tool developments
• Do you want a feature?• ISC will be glad to consider your request… have cash
or check ready… :)