1 discussion of the new dns generation system dns operations sig apnic 18 2nd september 2004, fiji
TRANSCRIPT
![Page 1: 1 Discussion of the new DNS generation system DNS Operations SIG APNIC 18 2nd September 2004, Fiji](https://reader036.vdocument.in/reader036/viewer/2022072006/56649f445503460f94c64944/html5/thumbnails/1.jpg)
1
Discussion of the new DNS generation system
DNS Operations SIG
APNIC 18
2nd September 2004, Fiji
![Page 2: 1 Discussion of the new DNS generation system DNS Operations SIG APNIC 18 2nd September 2004, Fiji](https://reader036.vdocument.in/reader036/viewer/2022072006/56649f445503460f94c64944/html5/thumbnails/2.jpg)
2
Overview
• Current DNS Generation process
• The New Process
• Implementation Status
• Future Considerations
• Discussion
![Page 3: 1 Discussion of the new DNS generation system DNS Operations SIG APNIC 18 2nd September 2004, Fiji](https://reader036.vdocument.in/reader036/viewer/2022072006/56649f445503460f94c64944/html5/thumbnails/3.jpg)
3
The current process
whois
Domain object
Zone files RIR
(ERX)
NIR
Zone merge
Zone files
DNS servers
![Page 4: 1 Discussion of the new DNS generation system DNS Operations SIG APNIC 18 2nd September 2004, Fiji](https://reader036.vdocument.in/reader036/viewer/2022072006/56649f445503460f94c64944/html5/thumbnails/4.jpg)
4
The current process
• Zones are a composite of:• WHOIS data (domain objects)• “zone-lets” received from NIR/RIR
• Zone generation takes 27minutes• (mostly data fetch delays)
• Zones valid, but ‘dirty’• /24 records in addition to covering /16
• Manual zone addition process• Not scalable
![Page 5: 1 Discussion of the new DNS generation system DNS Operations SIG APNIC 18 2nd September 2004, Fiji](https://reader036.vdocument.in/reader036/viewer/2022072006/56649f445503460f94c64944/html5/thumbnails/5.jpg)
5
The new process
whoisRIR (ERX)
NIR
Zone files
DNS servers
DNS database
![Page 6: 1 Discussion of the new DNS generation system DNS Operations SIG APNIC 18 2nd September 2004, Fiji](https://reader036.vdocument.in/reader036/viewer/2022072006/56649f445503460f94c64944/html5/thumbnails/6.jpg)
6
The new process
• Benefits• All inputs pre-validated• Zone generation under 1 minute• Zone management improvements• Lame delegation synergies• Future flexibility (SECDNS)• Zone consistency• ‘Cleaner’ zone files• Removal of manual processes
![Page 7: 1 Discussion of the new DNS generation system DNS Operations SIG APNIC 18 2nd September 2004, Fiji](https://reader036.vdocument.in/reader036/viewer/2022072006/56649f445503460f94c64944/html5/thumbnails/7.jpg)
7
Implementation state
• 95% functioning• Makes zones, not yet published to NS• No Management interface
• Zone state comparative testing• (against current system)
• Expected deployment date:• End of Nov ‘04
![Page 8: 1 Discussion of the new DNS generation system DNS Operations SIG APNIC 18 2nd September 2004, Fiji](https://reader036.vdocument.in/reader036/viewer/2022072006/56649f445503460f94c64944/html5/thumbnails/8.jpg)
8
Future considerations
• DNSSEC support• How to maintain delegates DNS KEY?• How to re-sign zone?• Ongoing coordination with RIR/NIR
• In-addr.arpa glue
• Direct update from stakeholders• Per delegation record!
• Dynamic DNS
![Page 9: 1 Discussion of the new DNS generation system DNS Operations SIG APNIC 18 2nd September 2004, Fiji](https://reader036.vdocument.in/reader036/viewer/2022072006/56649f445503460f94c64944/html5/thumbnails/9.jpg)
9
Discussion?