29jun2005Bill Manning IPv6 and DNS why is the root not available over IPV6 transport and when will it be fixed? bill manning - LACNIC-VIII.

Slides:

Advertisements

Similar presentations

IPv6 DNS LAC NIC VII October 26, 2004 Wilfried

Advertisements

ICANN John L. Crain LACNIC V, La Habana,

Measuring IPv6 Deployment Geoff Huston George Michaelson

Testing IPv6 Address Records in the DNS Root APNIC 23 February 2007 Geoff Huston Chief Scientist APNIC.

The Domain Name System Continuity of Operations Apricot 2008 Taipei TAIWAN 28feb2008.

Update on IANA APNIC Meeting 29 February 2008 Barbara Roseman Internet Assigned Numbers Authority.

Naming: The Domain Name System Nick Feamster CS 4251 Fall 2008.

Copyright © 2001 Nominum, Inc. IPv6 DNS Ashley Kitto Nominum, Inc.

IANA TLD Zone Inspection Shanghai, China Louis Touton 29 October 2002.

Daves DNS Show Read at your own risk. Domain Name Service Maps IP addresses to more human readable domain names Every domain name ultimately resolves.

INTERNET PROTOCOLS Class 9 CSCI 6433 David C. Roberts Entire contents copyright 2011, David C. Roberts, all rights reserved.

Moving from IPv4 to IPv6. Page 2 Why did we do this? IPv6 is coming We want a head start Learning by doing Gain the experience and knowledge Someone else.

Network Attack via DNS Fagpakke: IT Sikkerhed Modul: Introduktion til IT Sikkerhed Jesper Buus Nielsen.

IPv6.kr DNS Deployment Plan Feb, 2004 Seung-hoon Lee & Billy Cheon IP Address Management Team Korea Network Information Center.

1 Addition of IPv6 servers to in-addr.arpa tree DNS Operations Sig APNIC 18 2 September 2004, Fiji.

IPv6 and.HK Ben Lee HKIRC 01 March Agenda 1. Why IPv6 for.hk 2. Roadmap of IPv6 deployment 3. Current status 4. Considerations 5. Further work.

© NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.Creative Commons Attribution 3.0 Unported License Introduction.

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.

Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.

DNS Domain Name System. Domain names and IP addresses People prefer to use easy-to-remember names instead of IP addresses Domain names are alphanumeric.

The Domain Name System. CeylonLinux DNS concepts using BIND 2 Hostnames IP Addresses are great for computers –IP address includes information used for.

Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

1 DNS,NFS & RPC Rizwan Rehman, CCS, DU. Netprog: DNS and name lookups 2 Hostnames IP Addresses are great for computers –IP address includes information.

DNS. Outline r Domain Name System r DNS Hierarchy r Resolution.

Module 12: Domain Name System (DNS)

DOMAIN NAME SYSTEM. Domain Name System Hostname Resolution DNS Name Lookup with DNS Domain Name Servers DNS Database Reverse Lookups.

DNS Domain Name Systems Introduction 1. DNS DNS is not needed for the internet to work IP addresses are all that is needed The internet would be extremely.

DNS: Domain Name System Mark Ciocco Chris Janik Networks Class Presentation Tuesday April 18, 2000 To insert your company logo on this slide From the Insert.

11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,

NET0183 Networks and Communications Lecture 25 DNS Domain Name System 8/25/20091 NET0183 Networks and Communications by Dr Andy Brooks.

Advanced Module 3 Stealth Configurations.

Netprog: DNS and name lookups1 Address Conversion Functions and The Domain Name System Refs: Chapter 9 RFC 1034 RFC 1035.

TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)

Ch-9: NAME SERVICES By Srinivasa R. Gudipati. To be discussed.. Fundamentals of Naming Services Naming Resolution The Domain Name System (DNS) Directory.

DNS Domain Name System. Domain names and IP addresses People prefer to use easy-to-remember names instead of IP addresses Domain names are alphanumeric.

Windows Server 2008 R2 Domain Name System Chapter 5.

Domain names and IP addresses Resolver and name server DNS Name hierarchy Domain name system Domain names Top-level domains Hierarchy of name servers.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 7: Domain Name System.

Architecture of DNS CS 718 Activity 4 Submitted by Parag Abhyankar Anup S. Kunte

Paper Presentation – CAP Page 2 Outline Review - DNS Proposed Solution Simulation Results / Evaluation Discussion.

Zone Properties. Zone Properties Continued Aging allows zone to remove “stale” or “old” records for clients who have not updated within a certain period.

Chapter 29 Domain Name System (DNS) Allows users to reference computer names via symbolic names translates symbolic host names into associated IP addresses.

October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.

Netprog: DNS and name lookups1 Address Conversion Functions and The Domain Name System Refs: Chapter 9 RFC 1034 RFC 1035.

Naming March 8, Networks What is naming?  Associations between some elements in a set of names and some elements in a set of values  Binding.

1 Kyung Hee University Chapter 18 Domain Name System.

Domain Name System Refs: Chapter 9 RFC 1034 RFC 1035.

Domain Name System (DNS). DNS Server Service Overview of Domain Name System What Is a Domain Namespace? Standards for DNS Naming.

1 Domain Name System (DNS). 2 3 How DNS Works Application Transport Internet Network Application Transport Internet Network DNS Resolver Name Server.

DNS Session 5 Additional Topics Joe Abley AfNOG 2006, Nairobi, Kenya.

Happy Eyeballs for the DNS Geoff Huston, George Michaelson APNIC Labs October 2015.

What if Everyone Did It? Geoff Huston APNIC Labs.

AfNOG-2003 Domain Name System (DNS) Ayitey Bulley

Web Server Administration Chapter 4 Name Resolution.

1 CMPT 471 Networking II DNS © Janice Regan,

1. Internet hosts:  IP address (32 bit) - used for addressing datagrams  “name”, e.g., ww.yahoo.com - used by humans DNS: provides translation between.

ITU ccTLD Workshop March 3, 2003 A Survey of ccTLD DNS Vulnerabilities.

WHAT IS DNS??????????.

So DNS is A client-server application that maps domain names into their corresponding IP addresses with the help of name servers. Mapping domain names.

AfNOG-2003 Domain Name System (DNS) Ayitey Bulley Setting up an Authoritative Name Server.

Using Digital Signature with DNS. DNS structure Virtually every application uses the Domain Name System (DNS). DNS database maps: –Name to IP address.

Security Issues with Domain Name Systems

Configuring and Troubleshooting DNS

Chapter 25 Domain Name System.

Chapter 25 Domain Name System.

Domain Name System Refs: Chapter 9 RFC 1034 RFC 1035.

DNS : Domain Name System

Presentation transcript:

29jun2005Bill Manning IPv6 and DNS why is the root not available over IPV6 transport and when will it be fixed? bill manning - LACNIC-VIII

29jun2005Bill Manning Before a Priming Query §it is proposed to augment the existing root servers with IPv6 capability in their transport and in their DNS server code. Once these capabilities are in place, it is expected to formally announce the availability of the root zone over both IP4 and IPv6 transport and using both A and AAAA resource records. §seven of the 13 root servers have IPv6 transport capability and all are running IPv6 capable code. so what's the problem? §Issues surrounding why there is no IPv6 native access to root nameservers YET….

29jun2005Bill Manning DNS Resolution name server au name server gov.au name server gbrmpa.gov.au name server IMR resolver QueryReply aunzsg govedu saipsgbrmpa Query girigiri.gbrmpa.gov.au Refer to au NS Query girigiri.gbrmpa.gov.au Refer to gov.au NS Refer to gbrmpa.gov.au NS Query girigiri.gbrmpa.gov.au Query girigiri.gbrmpa.gov.au Address of girigiri.gbrmpa.gov.au A hints

29jun2005Bill Manning The Priming Query §The first question asked by an IMR to the root servers §Based on the belt&suspenders data - in the case of UNIX, the hints or root.cache file. §What is in this file anyway? l glue - a list of server names and the associated IP addresses. Today only IPv4

29jun2005Bill Manning Root Hints ; formerly NS.INTERNIC.NET ; IN NS A.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET A ; ; formerly NS1.ISI.EDU ; NS B.ROOT-SERVERS.NET. B.ROOT-SERVERS.NET A ;

29jun2005Bill Manning What will happen when IPv6 data is added to this file? §the problem lies not with the augmented root servers or the zone file, but with the systems that generate priming queries NS Z.IP6.INT. Z.IP6.INT A Z.IP6.INT AAAA 3ffe:0:1::c620:242 ; NS Y.IP6.INT. Y.IP6.INT AAAA 3ffe:50e::1

29jun2005Bill Manning The agony of choice §How does the IMR select which protocol to use first? l Some use IPv4 first, then IPv6, some use IPv6 first, then IPv4. l How are mapped IPv4 addresses interpreted? §Does the IMR DNS software support IPv6? l with over 146 variants, its tough to tell. l Some audits indicate BIND is/remains the predominant version for authoritative servers… What about the IMRs?

29jun2005Bill Manning How many IMRs are there and what are they running? §IMRs are not listed in any configuration file. §Need to audit. l Query logs were taken from B, H, and J root servers. logs were 4, 1, and 24 hours l Sort out the priming queries (about 3% of total traffic, but that is another talk) l Fingerprint the sorted servers to identify DNS variant.

29jun2005Bill Manning IMR distribution § H IMRs, 14 variants, 123 running non-AAAA compliant §J IMRs, 141 variants, running non-AAAA compliant §B IMRs, 51 variants, running non-AAAA compliant §32,979 servers of 87,764 or 32% of IMRs appear unable to properly process AAAA addresses

29jun2005Bill Manning DNS Resolution name server au name server gov.au name server gbrmpa.gov.au name server IMR resolver QueryReply aunzsg govedu saipsgbrmpa Query girigiri.gbrmpa.gov.au Refer to au NS Query girigiri.gbrmpa.gov.au Refer to gov.au NS Refer to gbrmpa.gov.au NS Query girigiri.gbrmpa.gov.au Query girigiri.gbrmpa.gov.au Address of girigiri.gbrmpa.gov.au AAAA/A hints

29jun2005Bill Manning Known evolution for BIND §pre 9.2.0a1 - l bug If the root hints contained only AAAA addresses, named would be unable to perform resolution. l bug The ADB didn't find AAAA glue in a zone unless A6 glue was also present §pre l bug don't pre-fetch missing additional address records if we have one of A/AAAA l bug don't lookup A/AAAA records for nameservers if we don't support the address at the transport level

29jun2005Bill Manning For these systems with old code.. §Will an IMR re-prime if the first address it sees is a AAAA record? §Early testing indicates that for two tested versions of BIND, the answer is NO. These tested versions comprise 2.3% of the total tested IMR base l e.g. the nameserver STOPS and needs to be restarted (and hope that a AAAA record does not show up)

29jun2005Bill Manning What we have not tested §IMR OS capabilities §Most DNS variants §Extensive searches for more comprehensive IMR lists

29jun2005Bill Manning Questions? §Presuming the 32% is a valid number, is it safe to recommend to RSSAC & ICANN to add IPv6 addresses to the root servers and make this publicly available? §What is the IMR client base? A given IMR may be the only recursive view into the DNS for thousands of endsystems. §Other issues w/ old BIND (and by extrapoltation - other DNS code?) :: l Upgrading - even in the face of known security lapses - is nearly impossible to force. What do you think? Carrot? - delay native IPv6 - maintain stability Stick? - add native IPv6 - force software upgrades

29jun2005Bill Manning Thank You