Transcript IANA TLD Zone Inspection - ICANN | Archives | Internet

IANA TLD Zone Inspection
Shanghai, China
Louis Touton
29 October 2002
Zone File Contents
Includes:
• List of Domain Names in Zone (‘yahoo.com’)
• Names of Nameservers (‘ns1.yahoo.com’)
• IP Addresses of Nameservers (‘192.3.55.2’)
• Timer Information (‘86400’ seconds)
Example contents:
yahoo.com.
86400 in
ns1.yahoo.com. 86400 in
ns
a
ns1.yahoo.com.
192.3.55.2
Zone File Contents
Does NOT Include:
• Identity of Registrant
• Home (or any other) Addresses
• Telephone/Fax Numbers
• E-mail Addresses
• Billing Information
Zone File Contents
Does NOT Include:
• Identity of Registrant
• Home (or any other) Addresses
• Telephone/Fax Numbers
• E-mail Addresses
• Billing Information
Zone File Contents
• Zone-file information is public information:
– DNS is a public database
– That’s how it works: information must be
available to everyone on a query basis
– Domain names, nameserver names, IP
addresses are gathered for publication purposes
Zone File Contents
• TLD zone files have are typically available to
everyone
– .arpa, .edu, .int, root available for ftp download at
InterNIC
– gTLDs (.com, .net, .biz, .info, .org) available for
download on signing zone-file access agreement
– 85% of ccTLDs available for public download
• Several legitimate public purposes (caching,
studies, etc.)
Limits on Access
• Early 1990s – Excessive nameserver load
problems
• Late 1990s – Improper data mining
• 1994 – BIND introduces xfernets (later
allow-transfer)
IANA Zone File Inspection
• Until now, almost always done at time of
processing nameserver change requests
• Purposes:
– Checking technical compliance/interoperability
– Allegations of ISP preferences
– (Possible) Very short term proxy service
Nameserver Change Process (Typical)
•
•
•
•
•
•
•
•
Receive request from TLD operator
Acknowledge request
Verify authorization/authenticity
Assess transition sequence
Verify new nameserver operational status
Obtain zone file
Submit request for root-zone change
Inspect zone file, advise operator of any potential
problems
• Monitor making of change
Technical Compliance
• Many aspects can be checked by individual
queries
• Some types of problems cannot easily be checked
without inspecting zone file:
–
–
–
–
–
Multiple nameservers
Malformed host names
Excessive/inappropriate glue records
Unusual RR types
Unusual Domain Inclusions in Zone
History of Zone Inspections
•
Overall IANA responsibility (RFC 1591):
“The Internet Assigned Numbers Authority (IANA)
is responsible for the overall coordination and
management of the Domain Name System (DNS) .
. . .”
•
In 1980s/early 1990s, IANA (Jon
Postel) does zone inspections at time
of setting up and changing ccTLD
nameservice.
History of Zone Inspections
•
Manager and IANA responsibilities
documented in RFC 1591 (March 1994):
“The designated manager must do a satisfactory
job of operating the DNS service for the domain.
“There must be a primary and a secondary
nameserver that have IP connectivity to the Internet
and can be easily checked for operational status
and database accuracy by the IR [the InterNIC] and
the IANA. “
History of Zone Inspections
•
Manager and IANA responsibilities
documented in RFC 1591 (March 1994):
“The designated manager must do a satisfactory
job of operating the DNS service for the domain.
“There must be a primary and a secondary
nameserver that have IP connectivity to the Internet
and can be easily checked for operational status
and database accuracy by the IR [the InterNIC] and
the IANA. “
History of Zone Inspections
• ICP-1 (May 1999) reiterates zone-file
access requirement.
• GAC Principles (February 2000) – ccTLD
managers should commit to provide IANA
access “for purposes of verifying and
ensuring the operational stability of the
ccTLD only”.
History of Zone Inspections
• Principle also adopted by ITU in its January
1999 proposal to operate .int:
“13. Name servers
“For registration of active domain names there must be an
operational primary and an operational secondary Internet
Domain Name System (DNS) name server preferably located on
different continents. Both need permanent IP connectivity to the
Internet (for queries and zone transfers) in order that they can be
easily checked for operational status and database accuracy at
any time by the Registrar.”
History of Zone Inspections
• KPNQwest Bankruptcy—May 2002
–
–
–
–
67 ccTLDs hosted on ns.eu.net
RIPE NCC agrees to operate indefinitely
62 of 67 allow zone access; 5 do not
Discussion highlights need for process improvements to
address DNS Quality issues
– Cerf/Lynn message to Names Council
– Names Council resolution endorsing referral to Security
Committee
Status of ns.eu.net Changes
As of 24 October 2002:
• 67 changes to be made
• 44 completed
• 10 in process
• 13 ccTLD managers prompted to submit
request
Addressing the DNS Quality
Issue
(Thanks to ccTLD managers for these
suggestions: )
• Improved information flow/education
• Option for third-part audit
• Self-evaluation through IANA-supplied
scripts