iana tld zone inspection shanghai, china louis touton 29 october 2002
TRANSCRIPT
IANA TLD Zone Inspection
Shanghai, China
Louis Touton
29 October 2002
Zone File Contents
Includes:• List of Domain Names in Zone (‘yahoo.com’)
• Names of Nameservers (‘ns1.yahoo.com’)
• IP Addresses of Nameservers (‘192.3.55.2’)
• Timer Information (‘86400’ seconds)
Example contents:yahoo.com. 86400 in ns ns1.yahoo.com.
ns1.yahoo.com. 86400 in a 192.3.55.2
Zone File Contents
Does NOT Include:
• Identity of Registrant
• Home (or any other) Addresses
• Telephone/Fax Numbers
• E-mail Addresses
• Billing Information
Zone File Contents
Does NOT Include:
• Identity of Registrant
• Home (or any other) Addresses
• Telephone/Fax Numbers
• E-mail Addresses
• Billing Information
Zone File Contents
• Zone-file information is public information:– DNS is a public database– That’s how it works: information must be
available to everyone on a query basis– Domain names, nameserver names, IP
addresses are gathered for publication purposes
Zone File Contents
• TLD zone files have are typically available to everyone– .arpa, .edu, .int, root available for ftp download at
InterNIC
– gTLDs (.com, .net, .biz, .info, .org) available for download on signing zone-file access agreement
– 85% of ccTLDs available for public download
• Several legitimate public purposes (caching, studies, etc.)
Limits on Access
• Early 1990s – Excessive nameserver load problems
• Late 1990s – Improper data mining
• 1994 – BIND introduces xfernets (later allow-transfer)
IANA Zone File Inspection
• Until now, almost always done at time of processing nameserver change requests
• Purposes:– Checking technical compliance/interoperability– Allegations of ISP preferences– (Possible) Very short term proxy service
Nameserver Change Process (Typical)
• Receive request from TLD operator• Acknowledge request• Verify authorization/authenticity• Assess transition sequence• Verify new nameserver operational status• Obtain zone file• Submit request for root-zone change• Inspect zone file, advise operator of any potential
problems• Monitor making of change
Technical Compliance
• Many aspects can be checked by individual queries
• Some types of problems cannot easily be checked without inspecting zone file:– Multiple nameservers
– Malformed host names
– Excessive/inappropriate glue records
– Unusual RR types
– Unusual Domain Inclusions in Zone
History of Zone Inspections
• Overall IANA responsibility (RFC 1591): “The Internet Assigned Numbers Authority
(IANA) is responsible for the overall coordination and management of the Domain Name System (DNS) . . . .”
• In 1980s/early 1990s, IANA (Jon Postel) does zone inspections at time of setting up and changing ccTLD nameservice.
History of Zone Inspections
• Manager and IANA responsibilities documented in RFC 1591 (March 1994):
“The designated manager must do a satisfactory job of operating the DNS service for the domain.
“There must be a primary and a secondary nameserver that have IP connectivity to the Internet and can be easily checked for operational status and database accuracy by the IR [the InterNIC] and the IANA. “
History of Zone Inspections
• Manager and IANA responsibilities documented in RFC 1591 (March 1994):
“The designated manager must do a satisfactory job of operating the DNS service for the domain.
“There must be a primary and a secondary nameserver that have IP connectivity to the Internet and can be easily checked for operational status and database accuracy by the IR [the InterNIC] and the IANA. “
History of Zone Inspections
• ICP-1 (May 1999) reiterates zone-file access requirement.
• GAC Principles (February 2000) – ccTLD managers should commit to provide IANA access “for purposes of verifying and ensuring the operational stability of the ccTLD only”.
History of Zone Inspections
• Principle also adopted by ITU in its January 1999 proposal to operate .int:
“13. Name servers
“For registration of active domain names there must be an operational primary and an operational secondary Internet Domain Name System (DNS) name server preferably located on different continents. Both need permanent IP connectivity to the Internet (for queries and zone transfers) in order that they can be easily checked for operational status and database accuracy at any time by the Registrar.”
History of Zone Inspections
• KPNQwest Bankruptcy—May 2002– 67 ccTLDs hosted on ns.eu.net
– RIPE NCC agrees to operate indefinitely
– 62 of 67 allow zone access; 5 do not
– Discussion highlights need for process improvements to address DNS Quality issues
– Cerf/Lynn message to Names Council
– Names Council resolution endorsing referral to Security Committee
Status of ns.eu.net Changes
As of 24 October 2002:
• 67 changes to be made
• 44 completed
• 10 in process
• 13 ccTLD managers prompted to submit request
Addressing the DNS Quality Issue
(Thanks to ccTLD managers for these suggestions: )
• Improved information flow/education
• Option for third-part audit
• Self-evaluation through IANA-supplied scripts