Presentation is loading. Please wait.

Presentation is loading. Please wait.

Binxing Fang Xiaohua Chen June,2015

Published byVincent Lanthier Modified over 6 years ago

Similar presentations

Presentation on theme: "Binxing Fang Xiaohua Chen June,2015"— Presentation transcript:

1 Binxing Fang Xiaohua Chen June,2015
Inter-Root: A New Self-Governed Architecture for DNS Root Zone Resolution Binxing Fang Xiaohua Chen June,2015 1

2 “State Network Sovereignty”is now a consensus among the international society
20. State sovereignty and international norms and principles that flow from sovereignty apply to State conduct of ICT-related activities, and to their jurisdiction over ICT infrastructure within their territory. In June 24, 2013,the UN published A/68/98 file: Report of the Group of Governmental Experts on Developments in the Field of ICT in the Context of International Security. 2

3 Fundamental Features of State Sovereignty
Jurisdiction: to make legal decisions and judgments by oneself Self-defense:to defend the well-being of oneself Equality:to be NOT subordinate to others Independence:the existence does not depend on others 3

4 Network Sovereignty The Internet within one country cannot exist independently due to the DNS architecture Almost every visit to any server in the Internet needs to use directly or indirectly the root name servers to resolve the server domain name, unless the IP address of the server is known. The root name servers could be utilized to disable the Internet within a country. This power is in the hand of the owner of root name servers, which is currently the ICANN / the US government. 4

5 Current DNS Architecture
. (root) Root servers, responsible for the root zone and TLD resolutions, are the start point of resolution and the center of structure cn com cu Namespace, represented by a label tree hieratical Distributed Database Lots of caching Resolution protocol recursive resolver Authority Server foo 1 2 3 www Recursive Resolver 5

6 Root Zone Management NTIA delegated IANA function to ICANN and VeriSign Any change in the root zone needs to be approved by the US government root zone file TLD operator 12 Root Server Operators (US 9、EU 2、Japan 1) 13 logical root servers and hundreds of mirrors 6

7 “Disappearing Threat”
The ccTLD of a country could be removed from the root zone database, so that the ccTLD is erased from the namespace,and the names under the ccTLD cannot be resolved. As reported, .iq (Iraq) in 2003 and .ly (Libya) in 2004 temporarily cannot be resolved. Independence . (root) ly com cn foo 1 2 3 www Libya China U R Disappearing I Recursive Resolver 7

8 “Blindness Threat” I 你 根 U R
Recursive resolvers within a country could be denied to the resolution service by the root servers, so that the users in that country cannot access the Internet. As reported, Somalia has been denied by the root servers Independence . (root) so com cn foo 1 2 3 www Somalia I Blindness U R China Recursive Resolver 8

9 “Isolation Threat” I 你 根 U R Independence
The network of a country may be completely isolated, so that any name resolution traffic via international gateways will be interrupted. Independence . (root) cu com cn 1 foo 2 www 3 Cuba China I Isolation U R Domestic recursive resolver Foreign recursive resolver 9

10 Threats in the current DNS
China Cuba Edit the root zone file U R Disappearing Very Easy I China Cuba Edit the ACL I Easy Blindness U R China Cuba Physically isolate the country I Not Easy Isolation U R 10

11 Related Work Under 3 Threats
Difficult to counteract the disappearing threat,because root zone data still comes from IANA. All solutions are sort of root mirrors in essence Disappearing Blindness Isolation Open root Universal root Recursive root Fake root Alternative root 11

12 Idea of Decentralizing Root Zone
Principle:maintain the logic structure with a single root,construct the system structure with multiple roots Names remain unique and human-understandable Root zone governance and operation are decentralized 12

13 Inter-Root : A New Self-Governed Resolution Architecture for DNS Root Zone
CRS:country self-governed public root server CRS provides root zone resolution, independent with current root server operators CRS may use IANA root zone file;In emergency, CRS safeguards the root zone resolution for the country 1, Establish Country Root Servers (CRSes) Inter-Root:a system of interconnected CRSes Inter-Root is established among countries,providing the root zone information exchanges among the countries In emergency,countries joining Inter-Root may provide resolution service for each other 2, Establish‘Inter-Root’among CRSes 13

14 Mesh Structure in Inter-Root
.CN CRS adopts IANA root zone file Reciprocal resolution service between countries CN root .NET .COM IANA RU root .RU TLD info exchange .GOV .CU CU root UK root .UK DE root .DE 14

15 Increments on current DNS
Replicate ccTLD info in CRS Namespace New CRS which coexists with current root servers Reciprocal resolution service for emergency response system Authority server Add CRS info in root hint Recursive resolver None Resolution protocol 15

16 Features of Inter-Root
Root zone resolution service is self-governed Resolution service within a country is self-governed Independence Inter-Root is open to any country joining or withdrawing CRS is open to all recursive resolvers Openness Inter-Root is about name resolution,not domain delegation Inter-Root is transparent to resolvers not using any CRS Compatibility Inter-Root inherits the scalability of current DNS The number of countries in Inter-Root is about 200 at most Scalability 16

17 Significance of Inter-Root
Recursive resolvers freely choose either CRS, or original root servers. Using CRS gets additional protection from their own government. Country DNS security enhanced Inter-Root provides a strategic deterrent that if a ccTLD is erased from the IANA root zone, then those countries concerning the threats will join Inter-Root. This supports the concept of “network sovereignty”. Strategic deterrent against 3 threats In the first World Internet Conference, Chairman Xi Jinping said: “China is willing to work together with other countries in the world, in the spirit of mutual respect and trust. We together deepen international cooperation, respect for the sovereignty of the network, maintain network security, and build a peaceful, secure, open and cooperative network. We hope to establish a multilateral, democratic, transparent international Internet governance system". Demonstrate Sovereignty Equality 17

18 Thanks 18

Download ppt "Binxing Fang Xiaohua Chen June,2015"

Similar presentations

IDN TLD Variants Implementation Guideline draft-yao-dnsop-idntld-implementation-01.txt Yao Jiankang.

IDN TLD Variants Implementation Guideline draft-yao-dnsop-idntld-implementation-01.txt Yao Jiankang.
CcTLD Management, ICANN, and the Public Interest July 26, 2001.

CcTLD Management, ICANN, and the Public Interest July 26, 2001.
INTERNET PROTOCOLS Class 9 CSCI 6433 David C. Roberts Entire contents copyright 2011, David C. Roberts, all rights reserved.

INTERNET PROTOCOLS Class 9 CSCI 6433 David C. Roberts Entire contents copyright 2011, David C. Roberts, all rights reserved.
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.

Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
Application Layer At long last we can ask the question - how does the user interface with the network?

Application Layer At long last we can ask the question - how does the user interface with the network?
Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.

Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.
Inter-Root: A New Self-Governed Architecture for DNS Root Zone Resolution Binxing Fang Xiaohua Chen June,2015 1.

Inter-Root: A New Self-Governed Architecture for DNS Root Zone Resolution Binxing Fang Xiaohua Chen June,
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
DNS. Outline r Domain Name System r DNS Hierarchy r Resolution.

DNS. Outline r Domain Name System r DNS Hierarchy r Resolution.
Chapter 25 Domain Name System

Chapter 25 Domain Name System
Name Resolution and DNS. Domain names and IP addresses r People prefer to use easy-to-remember names instead of IP addresses r Domain names are alphanumeric.

Name Resolution and DNS. Domain names and IP addresses r People prefer to use easy-to-remember names instead of IP addresses r Domain names are alphanumeric.
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
DNS: Domain Name System Mark Ciocco Chris Janik Networks Class Presentation Tuesday April 18, 2000 To insert your company logo on this slide From the Insert.

DNS: Domain Name System Mark Ciocco Chris Janik Networks Class Presentation Tuesday April 18, 2000 To insert your company logo on this slide From the Insert.
Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.
ICANN and the Internet Ecosystem. 2  A network of interactions among organisms, and between organisms and their environment.  The Internet is an ecosystem.

ICANN and the Internet Ecosystem. 2  A network of interactions among organisms, and between organisms and their environment.  The Internet is an ecosystem.
The Domain Name System. Computer Center, CS, NCTU 2 History of DNS  Before DNS ARPAnet  HOSTS.txt contains all the hosts’ information  Maintained by.

The Domain Name System. Computer Center, CS, NCTU 2 History of DNS  Before DNS ARPAnet  HOSTS.txt contains all the hosts’ information  Maintained by.
Chapter 16 – DNS. DNS Domain Name Service This service allows client machines to resolve computer names (domain names) to IP addresses DNS works at the.

Chapter 16 – DNS. DNS Domain Name Service This service allows client machines to resolve computer names (domain names) to IP addresses DNS works at the.
Domain names and IP addresses Resolver and name server DNS Name hierarchy Domain name system Domain names Top-level domains Hierarchy of name servers.

Domain names and IP addresses Resolver and name server DNS Name hierarchy Domain name system Domain names Top-level domains Hierarchy of name servers.
CcTLD/ICANN Contract for Services (Draft Agreements) A Comparison.

CcTLD/ICANN Contract for Services (Draft Agreements) A Comparison.

Similar presentations

Ads by Google