The new APNIC DNS generation system. Previous System Direct access to backend whois.db files – Constructed radix tree in memory from domain objects –

Slides:

Advertisements

Similar presentations

Operational Policies for NIRs in the APNIC Region NIR Meeting APNIC14, Kitakyushu, Japan 4 Sept 2002.

Advertisements

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

Sweeping lame DNS reverse delegations APNIC16 – DNS Operations SIG Seoul, Korea, 20 August 2003.

School of Electrical Engineering and Computer Science, 2004 Slide 1 Autonomic DNS Experiment Architecture, Symptom and Fault Identification.

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.

Implementing Domain Name System

Web Server Administration Chapter 4 Name Resolution.

1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.

McGraw-Hill©The McGraw-Hill Companies, Inc., Chapter 25 Domain Name System.

Domain Name System (DNS) Network Information Center (NIC) : HOSTS.TXT.

Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.

Domain Name System: DNS

Hands-On Microsoft Windows Server 2003 Administration Chapter 9 Administering DNS.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)

Domain Name System ( DNS )  DNS is the system that provides name to address mapping for the internet.

TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.

Reverse DNS. Overview Principles Creating reverse zones Setting up nameservers Reverse delegation procedures.

Technical Area Report Bryon Ellacott, Technical Area Manager APNIC 28.

Domain Name Services Oakton Community College CIS 238.

Peter Janssen, EURid.eu Ljubljana, RIPE 64, 2012 Peter Janssen, EURid.eu Ljubljana, RIPE 64, April

11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,

DNS. Introduction What is DNS? –Hierarchy or Tree –Dot used as a separator.

Module 3 DNS Types.

DNS and Active Directory Integration

Name Resolution Domain Name System.

Implementing DNS Module D 7: Implementing DNS

1 APNIC reverse DNS management roadmap DNS operations SIG, APNIC 21 2 March 2006.

Domain names and IP addresses Resolver and name server DNS Name hierarchy Domain name system Domain names Top-level domains Hierarchy of name servers.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 7: Domain Name System.

25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Network Protocols Chapter 25 (Data Communication & Networking Book): Domain Name System (DNS) 1.

Module 5: Planning a DNS Strategy. Overview Planning DNS Servers Planning a Namespace Planning Zones Planning Zone Replication and Delegation Integrating.

Chapter 17 Domain Name System

TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.

October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.

DNS Zones. DNS records kept in zones DNS server is authoritative for a domain if it hosts the zone for that domain Sub-domains can be kept in same zone.

Module 8 DNS Tools & Diagnostics. Objectives Understand dig and nslookup Understand BIND toolset Understand BIND logs Understand wire level messages.

Secured Dynamic Updates. Caution Portions of this slide set present features that do not appear in BIND until BIND 9.3 –Snapshot code is available for.

Regional Internet Registries Statistics & Activities IETF 55 Atlanta Prepared By APNIC, ARIN, LACNIC, RIPE NCC.

Technical Area Report Byron Ellacott Technical Area Manager.

Status report on Lame Delegations (work in progress) George Michaelson DB SIG APNIC17/APRICOT 2004 Feb KL, Malaysia.

1 Kyung Hee University Chapter 18 Domain Name System.

Tony Kombol ITIS DNS! overview history features architecture records name server resolver dnssec.

Early Registration Transfer Project Status Update.

Configuring Name Resolution and Additional Services Lesson 12.

Domain Name System (DNS). DNS Server Service Overview of Domain Name System What Is a Domain Namespace? Standards for DNS Naming.

Module 6: Designing Name Resolution. Module Overview Collecting Information for a Name Resolution Design Designing a DNS Server Strategy Designing a DNS.

Sweeping Lame DNS Delegations A Proposal DNS OPS SIG APNIC 15, Taipei, Taiwan 26 February 2003.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)

1 Discussion of the new DNS generation system DNS Operations SIG APNIC 18 2nd September 2004, Fiji.

MyAPNIC Survey 2015 What have we learned? APNIC Services Vivek Nigam 9 September 2015 Jakarta.

DNS DNS overview DNS operation DNS zones. DNS Overview Name to IP address lookup service based on Domain Names Some DNS servers hold name and address.

Linux Operations and Administration

Registry Functions Essential components for operating a ccTLD registry.

Web Server Administration Chapter 4 Name Resolution.

1 CMPT 471 Networking II DNS © Janice Regan,

OPTION section It is the first section of the named.conf User can use only one option statement and many option-value pair under the section. Syntax is.

TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.

APNIC LAME NS measurements. Overview Methodology Initial outcomes from 128 days runtime How bad is the problem? LAME-ness trends Proposals for dealing.

Aug 2008 KRNIC of NIDA KRNIC Updates.

WHAT IS DNS??????????.

APNIC DNSSEC deployment considerations APNIC 23, Bali George Michaelson R&D Officer APNIC.

1 Internet Service DNS & BIND OPS335 Seneca College of Applied Technology.

Module 5: Resolving Host Names by Using Domain Name System (DNS)

Implementation of ARIN's Lame DNS Delegation Policy

IMPLEMENTING NAME RESOLUTION USING DNS

Lame DNS Server Sweeping

Chapter 19 Domain Name System (DNS)

Presentation transcript:

The new APNIC DNS generation system

Previous System Direct access to backend whois.db files – Constructed radix tree in memory from domain objects – Walked tree in order to derive Zone files for changed zones Change was defined by changed: field in domain object being current date Zone files pushed to DNS via RSYNC Secondary zones controlled by PEERS files, p2n.pl script.

Problems Monolithic solution – Hard to add new options New database changed data format – backend SQL in v3 would require re- coding anyway NS reload slow, buggy – Too many periods with only one functional NS

Problems contd Secondary management intertwined with primary function – Needed better functional separation – Bind problems master / secondary / master Uneccessary DNS changes – SOA incremented for descr,nic-hdl changes

Goals for a new production system Make zone update more efficient Allow addition of new features Separate secondaries from main process Simplify zonefile production

Goals (continued) Make zone update more efficient – Can support dynamic processes when viable Allow addition of new features – DNSSEC zone signing – LAME delegation processing – NOTIFY based push to DNS from master – SOA serial increment on real change, not from changed: flag

Goals (continued) Separate secondaries from main process – Improves DNS stability Simplify zonefile production – staged pipeline of simple phases – Use UNIX tools

Simple Pipelined process Get Whois data Sort & collate Filter Notify DNS Check For zone change Make zones Easy to add parallel passes (eg to merge external data sources)

Separated secondary processes Not based on whois domain records Separate servers Better records management on prime source contacts Improved management processes Can offer scaleable secondary services – To ccTLD, AP-community, members

Integrating the ERX process ARIN ERX transfer process: – fetch of (partial) zone contents – Production of matching file for ARIN,RIPE to fetch from APNIC Staged pipeline highly amenable to both local and ERX processes Permits normal whois activity for end- user management of domain object.

Implementation timeline April identify need for new process – Discuss DNS generation with other RIR, IETF dnsops people June ERX discussions Toronto – Implementation of treewalk->flatfile July – Full DNS zone generation August – Deployment

Issues Time between ns1, ns3 restart – Needed to be kept to a minimum soa serial/contents mismatch – Ensure at least one NS was functional at all times Check in-addr.arpa resolution offsite Check non-reverse-tree DNS status – ccTLD secondaries, RIPE/ARIN secondaries

Interesting side-effects DNS lookup times in reverse are faster for clients when no cached data – Less recursion to find authoritative answer NXDOMAIN is faster – Less noise on the wire Top level /8 serial increments more often – We can adjust cache/ttl settings to tune

Traffic Measurements DNS cutover, Aug 19

Post-Upgrade behaviour DNS update is faster, simpler Less delay from whois -> DNS Overall DNS traffic dropped More consistent load share JP/AU US/Europe now fully serviced APNIC can deploy new services – Pre-creation of domain objects – LAME checks