Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Jaromir Talir Agenda ● Quick intro ● Features (registrations, zone file generation, invoicing...) ● Technologies (IDN,

Published byMiranda Clark Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Jaromir Talir Agenda ● Quick intro ● Features (registrations, zone file generation, invoicing...) ● Technologies (IDN,"— Presentation transcript:

1 1 Jaromir Talir http://fred.nic.cz 27. 5. 2009

2 2 Agenda ● Quick intro ● Features (registrations, zone file generation, invoicing...) ● Technologies (IDN, DNSSEC, ENUM) ● Architecture (EPP, WHOIS...) ● Customization ● Performance ● How to become registry in 15 minutes?

3 3 Quick intro About ● Full-blown software for running domain registry ● Multiple domains / any level with objects sharing ● Runs on Linux (plus other Un*xes?) – On Windows client only ● 100% free/open source – FRED code under GPLv2 – Including components ● IPv6 supported

4 4 Quick intro Availability ● http://fred.nic.cz http://fred.nic.cz ● Mailing list (archives) ● Available as: – Source code – DEB (Ubuntu LTS) – RPM (Fedora) ● LiveCD – Test drive everything w/o installing anything :) – Slightly outdated, but still... main functionality has not changed

5 5 Quick intro Who is using it? ● In production: –.CZ,.0.2.4.e164.arpa - Czech Republic (560 000 domains) –.IT.AO,.CO.AO - Angola (10 000? domains) ● Implementation: –.TZ - Tanzania (6 000 domains) –.CR - Costa Rica (12 000 domains) –.FO - Farao Islands ● Testing: –.RW - Rwanda –.SN - Senegal

6 6 Features Overview ● Registry – registrar model ● Registrations of domains, contacts, nameserver sets and key sets ● Zone file generation ● Email notification of contacts ● Prepaid invoicing system ● Technical checks of nameservers

7 7 Features Registry – Registrar model ● No direct connection to domain registrants – Except registry event notification, complains... ● Signed agreement with each registrar – Registration rules (http://dsdng.nic.cz)http://dsdng.nic.cz – No other restrictions ● Responsibility for checking identity of holders ● System registrar for own registry manipulation – Registration of our domains – Deleting expired domains

8 8 Features Objects in registry ● Contact – Name and contact information, some identification, disclose flags for whois, ● Nameserver set – List of nameserver hosts – names and adresses (IPv4 or Ipv6) – Administrative contacts ● Key set – List of DNSSEC keys – Administrative contacts ● Domain – Expiration date – Domain holder – Nameserver set, Key set

9 9 Features Registrars and objects ● Same rules for domains, contacts, nameserver sets and key sets ● Creating registrar, updating registrar ● Designated registrar – only registrar to make changes ● Transfer supported by shared secret (authinfo) – Gain authinfo – Give it to now registrar – New registrar send EPP transfer command authorized with authinfo ● Holder can ask registry for sending auth info ● Simplification by cross authorization (holder instead of domain)

10 10 Features Expiration and renew ● Expired domains are held for 30 days in zone ● Next 15 days domains still stay in register ● After that domain is deleted and made available to others ● Renew allows maximal 10 year registration ● Contacts and nssets are unregistred after 6 month of not using it ● Registrants are notified about these changes ● All these numbers here are configurable

11 11 Features Zone configuration ● Multiple zones in one registry – Contacts, NS sets and Key sets are shared ● Registrar access to registry is allowed per zone ● Zones can overlap (.org.cz,.cz) ● Zone data includes zonefile generation headers (SOA,...) ● Support for ENUM domains

12 12 Features Zonefile generation ● Rules when domain is generated into zone: – Must have nameserver set – Current date is before expiration date + 30 days – There are no requests to hold domain out of zone ● Process is inhibited by command line tools ● Just delegation (and secure delegation) in zones – NS + A, DS records ● Change tests to protect against bugs ● Hidden master is restarted with generated zone file ● Secondary servers download new version

13 13 Features Email notification ● Notification of EPP actions – Optional on presence of notifyEmail in contact ● Notification about state changes of object – Sent to email in contact on expiration, removal from zone and unregistration – Before unregistration we sent them letter with warning ● Template system for email content ● Email archivation ● Undelivered emails handling

14 14 Features Technical checks ● Checks of nameservers in registry – Nameservers are reachable – They run DNS – They contain domains delegated to them – Heterogenous systems ● They are only informative! – Do not affect registration process ● Periodical or manually requested – Results of periodical tests sent to email of nameserver admins – Results of requested tests sent to registrar over EPP messaging

15 15 Features Invoicing ● Prepaid credit model ● Periodical scan for payments on our accounts ● Identification of registrar from payment data ● Advance invoice is generated with credit ● Each create and renew domain operation lower credit – According to price list, prices are per zone – If there is no enough credit, operation fail – If price list is empty no actions are taken ● Once a month we issue accounting invoice – List of operations in last month

16 16 Technologies IDN ● Internationalized Domain Names ● Almost full support ● Whois service is ready ● EPP interface blocks IDN registrations – No request for IDN in.CZ – But easy to enable it ● Character set checking is missing

17 17 Technologies DNSSEC ● Secure extension to DNS based on cryptography ●.CZ is secured since October 2008 ● Fully suppored in FRED... – Registration of subdomain keys (Key set object) – Zone file generation (DS records) ●... but with support of other tools (Bind tools for DNSSEC) – TLD key generation (dnssec-keygen) – TLD zone signing (dnssec-signzone)

18 18 Technologies ENUM ● Support Voice over IP technology ● Phone numbers registered as domains in DNS – +420 222 745 111 -> 1.1.1.5.4.7.2.2.2.0.2.4.e164.arpa ● DNS as dictionary (yellow pages) for phone numbers ● Fully suppored in FRED – Unlimited level of domain registrations – Checking of overlaping registrations – ENUM domain has validation date (updated by registrar)

19 19 Architecture Schema

20 20 Architecture Registrar interface ● EPP protocol - the only way to send request into registry ● Slightly modified standard – Nameserver set is completly different – Few changes in contact detail ● Referential implementation of client in python – Command line and GUI version ● Notification of registrars – EPP messaging mechanism

21 21 Architecture Registrar interface

22 22 Architecture Public interface ● Two forms – web based, classical unix whois ● Common features – Lookup into all objects (domain, contact, nameserver set, registrars) – Privacy concerns (disclose flags about details of contact) ● Classical unix whois – Reverse search (domains by holder...) ● Web whois – Hypertext links between associated objects – CAPTCHA – Online list of registrars – Forms to apply for some service from registry

23 23 Architecture Public interface

24 24 Architecture Public interface

25 25 Architecture Administration interface ● Web based, mainly for making queries into database: – Registrar activity – History of objects ● Few update features: – Registrar creation – Processing of public requests created through web interface ● High priority in current development ● Command line tools support regular processes – Invoicing, banking – Regular unregistration, notification – Zone generation

26 26 Customization Overview ● Manual at this time ● Zone configuration – Name, SOA headers, periods – Admin command line tools to generate templates ● Email templates – ClearSilver templating system ● PDF documents – ReportLab templating system ● Object state change parameters ● Configuration options of application

27 27 Performance Benchmark setup ● Clean registry ● 10 concurrent clients – multi-threaded client – over 1Gbit LAN ● Write operations combo – create contact – create nameserver set – create domain ● Logging disabled

28 28 Performance Benchmark results ● 3 000 000 objects registered in 5 hours ● Progress in time... ● Average 150 write operations per second

29 29 How to become registry Installation ● Install OS Fedora 10 (http://www.fedoraproject.org)http://www.fedoraproject.org ● Configure installation mechanism to know about our repository with FRED packages: – rpm -i http://archive.nic.cz/yum/fred/10/i386/fred-repo-1.0-1.noarch.rpm ● Install all fred components – yum install fred-* ● Install bind nameserver – yum install bind ● If you have just installed PostgreSQL, it must be initialized: – /etc/init.d/postgresql initdb

30 30 How to become registry Startup ● Start all servers: – /etc/init.d/omniNames start – /etc/init.d/postgresql start – /etc/init.d/fred-server start – /etc/init.d/httpd start – /etc/init.d/fred-webadmin-server start – /etc/init.d/named start

31 31 How to become registry Configuration ● Configure your zone for zone file generation: – /usr/sbin/fred-admin --zone_add --zone_fqdn=co -- ex_period_min=12 --ex_period_max=120 --ttl=18000 -- hostmaster=hostmaster@nic.co --refresh=10600 -- update_retr=3600 --expiry=1209600 --minimum=7200 -- ns_fqdn=ns.nic.sv\-- hostmaster=hostmaster@nic.co – /usr/sbin/fred-admin --zone_ns_add --zone_fqdn=sv --ns_fqdn=ns.nic.co --addr=111.111.111.111

32 32 How to become registry Configuration ● Create new Bind configuration files for new zones: – /usr/bin/genzone_client -g /etc/named.fred.conf -z /var/named ● Update Bind configuration to include new config file: – echo 'include "/etc/named.fred.conf";' >> /etc/named.conf ● Update Bind configuration to accept queries: – sed -i 's/\tlisten-on/\t#listen-on/g' /etc/named.conf – sed -i 's/\tallow-query/\t#allow-query/g' /etc/named.conf – sed -i 's/recursion yes;/recursion no;/g' /etc/named.conf ● Configure regular zone file generation: – echo "* * * * * root ( /usr/bin/genzone_client -z /var/named -o; /etc/init.d/named restart )" > /etc/cron.d/fred-genzone

33 33 How to become registry Finish? Done...

34 34 How to become registry Finish?...of course not.

35 35 How to become registry Remaining ● Configure price of domain for each zone ● Customize components – Change style and translation of emails – Change style of PDF generated files ● Migration of data – Use FRED registry client

36 36 How to become registry Relyable service ● Multiple authoritative nameservers – Configure distribution of zone files ● Dual localities – Configure replication of database ● Monitoring – Setup monitoring procedures

37 37 Thank you Questions? Jaromir Talir jaromir.talir@nic.cz http://fred.nic.cz

Download ppt "1 Jaromir Talir Agenda ● Quick intro ● Features (registrations, zone file generation, invoicing...) ● Technologies (IDN,"

Similar presentations

NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.

NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.
.| The Trusted Channel Centric Marketplace Domain Name Transfers & Domain Delegation.

.| The Trusted Channel Centric Marketplace Domain Name Transfers & Domain Delegation.
Web Server Administration

Web Server Administration
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
Compliance on Demand. Introduction ComplianceKeeper is a web-based Licensing and Learning Management System (LLMS), that allows users to manage all Company,

Compliance on Demand. Introduction ComplianceKeeper is a web-based Licensing and Learning Management System (LLMS), that allows users to manage all Company,
Web Server Administration Chapter 4 Name Resolution.

Web Server Administration Chapter 4 Name Resolution.
1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.

1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.
The Domain Name System. CeylonLinux DNS concepts using BIND 2 Hostnames IP Addresses are great for computers –IP address includes information used for.

The Domain Name System. CeylonLinux DNS concepts using BIND 2 Hostnames IP Addresses are great for computers –IP address includes information used for.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.

Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.
Hands-On Microsoft Windows Server 2003 Networking Chapter 7 Windows Internet Naming Service.

Hands-On Microsoft Windows Server 2003 Networking Chapter 7 Windows Internet Naming Service.
Hands-On Microsoft Windows Server 2003 Administration Chapter 9 Administering DNS.

Hands-On Microsoft Windows Server 2003 Administration Chapter 9 Administering DNS.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
Introduction to the Secure SMTP Server service. Secure SMTP server is a secure, reliable SMTP mail relay server for your outgoing mail. Secure SMTP service.

Introduction to the Secure SMTP Server service. Secure SMTP server is a secure, reliable SMTP mail relay server for your outgoing mail. Secure SMTP service.
Reverse DNS. Overview Principles Creating reverse zones Setting up nameservers Reverse delegation procedures.

Reverse DNS. Overview Principles Creating reverse zones Setting up nameservers Reverse delegation procedures.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.
Overview What are the provisioning methods used in the Australian registry system? How are these provisioning systems secured?

Overview What are the provisioning methods used in the Australian registry system? How are these provisioning systems secured?

Similar presentations

Ads by Google