Status of DNS David Lawrence, Nominum, Inc. Mathias Koerber, Nominum, Inc. ammended 24aug2001 David Conrad, Nominum, Inc.
Download ReportTranscript Status of DNS David Lawrence, Nominum, Inc. Mathias Koerber, Nominum, Inc. ammended 24aug2001 David Conrad, Nominum, Inc.
Status of DNS David Lawrence, Nominum, Inc. Mathias Koerber, Nominum, Inc. ammended 24aug2001 David Conrad, Nominum, Inc. Overview • • • Name space hierarchy Multilingual DNS Software status New generic TLDs • ICANN adopted 7 new gTLDs .aero (Air-tranport industry) • .biz (businesses) • .coop( cooperatives) • .info (unrestricted use) • .museum (museums) • .name (individuals) • .pro (accountants, lawyers etc) • • Expected to take up operation later this year Root servers • • Root servers handle just the root zone TLD's moved to separate servers Multilinugual DNS, IETF Current IETF track focusing on application-only solutions • Based on consensus of working group at San Diego IETF • Will use an ASCII-Compatible Encoding (ACE) of Unicode. • New IETF IDN WG task force formed to pick an ACE. • Multilingual DNS, IETF (2) IETF is committed to the principle of a single unified root for the Internet. • Fast-tracked IDN within IETF. • Expect final standard in late 2001. • Multilingual DNS, Other Organizations MINC - Multilingual Internet Names Consortium • JET- Joint Engineering Taskforce • • • CNNIC, JPNIC, KRNIC and TWNIC CDNC - Chinese Domain Name Consortium • CNNIC, HKNIC, MONIC, and TWNIC AINC - Arabic Internet Names Consortium • INFITT - Int'l Forum for IT in Tamil • ... more to come! • Multilingual DNS, MINC Formed early summer, 2000. • Working on both interoperability testing and registration policy. • Testing plan is being developed now • • • Intent is to contract one more organizations to perform testing on the behalf of MINC. Would certify software with a MINC seal as being IDN-compatible. Software Status • BIND-9.1.3 released full BIND-9 release • complete re-write (no code from BIND-8 remains) • improved security (no glue-fetching by default, always uses ID-pool for query/reply identification) • 9.2 in release candidate stage, Final in two weeks? • BIND-9 highlights: • • • • • • Multi-threading support (on MT-capable OSes) Views EDNS0 support (for future additions) Full IPv6 & DNSSEC support Zone transfers built-in (no separate executable) named-checkconf & named-checkzone scripts help zone-checking BIND-9.1.x • lightweight resolver • • • library lwresd daemon required for IPv6 (DNAME chaining, A6 record handling) rndc remote nameserver administration tool • improved control over dynamic updates: updatepolicy • new algorithm scheduling SOA queries - scales better • hooks for DB backend • upgrade to BIND-9 • • • • • • changes in named.conf syntax may require changes to backend tools changes to logging categories etc. default TTL handling has changed stricter zonefile syntax checking stricter named.conf syntax checking statistics will be available through rndc Software status • bugfix releases 8.2.3: fixes vulnerability, exploits publically available! • recommended not to run BIND <= 8.2.2p7 anymore • 4.9.8: vulnerability fix for 4.9.7 • BIND-9 not affected (new codebase!) • use of BIND-4 is not recommended! • 8.2.5 is in RC stage • 8.2.4 recommended for those who CAN’T migrate to 9 • 8.2, 8.2.1, 8.2.2 all have publicly available exploits • new developments will be made to BIND-9 • BIND-9.2 has: no SNMP support (DNS MIBS are historic) • BIND 8 resolver library for backward compatability • Internal parser to catch “corner” cases. • cache-size cap • AAAA synthesis if only A6 exists • Summary • DNS is a critical part of the Internet Infrastructure • • Internet Enhancements (IPv6, security etc) require DNS enhancements • • A successful Internet needs a well-run DNS A lot of progress is being made in DNS On-going testbeds provide participants with valuable experience for upcoming implementation Summary (cont.) • Keep up to date with current versions! • • better security (and bugfixes) new features -> new services Future… • ISC will continue to track IETF DNS activities • • Code continues to evolve • • • • OPT-IN, Delegation Signer, IDN, etc. Genetic diversity encourages interoperability testing Bug Fixes, Portability, Code contributions Tool developments Do you want a feature? • ISC will be glad to consider your request… have cash or check ready… :)