Presentation is loading. Please wait.

Presentation is loading. Please wait.

Inter-Root: A New Self-Governed Architecture for DNS Root Zone Resolution Binxing Fang Xiaohua Chen June,2015 1.

Published byAlexandra Warren Modified over 9 years ago

Similar presentations

Presentation on theme: "Inter-Root: A New Self-Governed Architecture for DNS Root Zone Resolution Binxing Fang Xiaohua Chen June,2015 1."— Presentation transcript:

1 Inter-Root: A New Self-Governed Architecture for DNS Root Zone Resolution Binxing Fang Xiaohua Chen June,2015 1

2 In June 24, 2013 , the UN published A/68/98 file: Report of the Group of Governmental Experts on Developments in the Field of ICT in the Context of International Security. 20. State sovereignty and international norms and principles that flow from sovereignty apply to State conduct of ICT-related activities, and to their jurisdiction over ICT infrastructure within their territory. “State Network Sovereignty”is now a consensus among the international society 2

3  4 Fundamental Features : Jurisdiction : to make legal decisions and judgments by oneself Self-defense : to defend the well-being of oneself Equality : to be NOT subordinate to others Independence : the existence does not depend on others Fundamental Features of State Sovereignty 3

4 Network Sovereignty The Internet within one country cannot exist independently due to the DNS architecture Almost every visit to any server in the Internet needs to use directly or indirectly the root name servers to resolve the server domain name, unless the IP address of the server is known. The root name servers could be utilized to disable the Internet within a country. This power is in the hand of the owner of root name servers, which is currently the ICANN / the US government. 4

5 Current DNS Architecture. ( root) cn cu com foo www Recursive Resolver Root servers, responsible for the root zone and TLD resolutions, are the start point of resolution and the center of structure 1 2 3 Namespace , represented by a label tree hieratical Distributed Database Lots of caching Resolution protocol recursive resolver Authority Server 5

6 Root Zone Management TLD operator root zone file 12 Root Server Operators (US 9 、 EU 2 、 Japan 1) 13 logical root servers and hundreds of mirrors NTIA delegated IANA function to ICANN and VeriSign Any change in the root zone needs to be approved by the US government 6

7  Independence “Disappearing Threat” ly cn com foo www Recursive Resolver 1 2 3 The ccTLD of a country could be removed from the root zone database, so that the ccTLD is erased from the namespace , and the names under the ccTLD cannot be resolved. As reported,.iq (Iraq) in 2003 and.ly (Libya) in 2004 temporarily cannot be resolved. Li by a China 我 U R Disappearing I. ( root) 7

8  Independence so cn com foo www Recursive Resolver 1 2 3 Recursive resolvers within a country could be denied to the resolution service by the root servers, so that the users in that country cannot access the Internet. As reported, Somalia has been denied by the root servers S o m ali a I 你根 Blindness UR China. ( root) “Blindness Threat” 8

9  Independence cu cn com foo www Domestic recursive resolver Foreign recursive resolver. ( root) The network of a country may be completely isolated, so that any name resolution traffic via international gateways will be interrupted. Cuba C hi na I 你根 Isolation UR “Isolation Threat” 1 2 3 9

10 China Cuba Edit the root zone file 我 UR Disappearing Very Easy I China Cuba Edit the ACL I 你根 Easy Blindness UR China Cuba Physically isolate the country I 你根 Not Easy Isolation UR Threats in the current DNS 10

11 Related Work Under 3 Threats Disappearing BlindnessIsolation Universal root ☐  Alternative root ☐ ☐ Recursive root ☐   ☐  Open root ☐   Fake root   ☐ Difficult to counteract the disappearing threat , because root zone data still comes from IANA. All solutions are sort of root mirrors in essence 11

12 Idea of Decentralizing Root Zone Principle : maintain the logic structure with a single root , construct the system structure with multiple roots Names remain unique and human- understandable Root zone governance and operation are decentralized 12

13 Inter-Root : A New Self-Governed Resolution Architecture for DNS Root Zone 13 CRS : country self-governed public root server CRS provides root zone resolution, independent with current root server operators CRS may use IANA root zone file ; In emergency, CRS safeguards the root zone resolution for the country 1, Establish Country Root Servers (CRSes) Inter-Root : a system of interconnected CRSes Inter-Root is established among countries , providing the root zone information exchanges among the countries In emergency , countries joining Inter-Root may provide resolution service for each other 2, Establish ‘ Inter-Root ’ among CRSes

14 Mesh Structure in Inter-Root.CN.RU.UK.DE.CU.COM.NET.GOV CN root RU root UK root DE root CU root TLD info exchange Reciprocal resolution service between countries CRS adopts IANA root zone file IANA 14

15 Increments on current DNS 15 Replicate ccTLD info in CRS Namespace New CRS which coexists with current root servers Reciprocal resolution service for emergency response system Authority server Add CRS info in root hint Recursive resolver None Resolution protocol

16 Features of Inter-Root 16 Root zone resolution service is self-governed Resolution service within a country is self-governed Independence Inter-Root is open to any country joining or withdrawing CRS is open to all recursive resolvers Openness Inter-Root inherits the scalability of current DNS The number of countries in Inter-Root is about 200 at most Scalability Inter-Root is about name resolution , not domain delegation Inter-Root is transparent to resolvers not using any CRS Compatibility

17 Significance of Inter-Root 17 Inter-Root provides a strategic deterrent that if a ccTLD is erased from the IANA root zone, then those countries concerning the threats will join Inter-Root. This supports the concept of “network sovereignty”. Strategic deterrent against 3 threats Recursive resolvers freely choose either CRS, or original root servers. Using CRS gets additional protection from their own government. Country DNS security enhanced In the first World Internet Conference, Chairman Xi Jinping said: “China is willing to work together with other countries in the world, in the spirit of mutual respect and trust. We together deepen international cooperation, respect for the sovereignty of the network, maintain network security, and build a peaceful, secure, open and cooperative network. We hope to establish a multilateral, democratic, transparent international Internet governance system". Demonstrate Sovereignty Equality

18 Thanks 18

Download ppt "Inter-Root: A New Self-Governed Architecture for DNS Root Zone Resolution Binxing Fang Xiaohua Chen June,2015 1."

Similar presentations

IDN TLD Variants Implementation Guideline draft-yao-dnsop-idntld-implementation-01.txt Yao Jiankang.

IDN TLD Variants Implementation Guideline draft-yao-dnsop-idntld-implementation-01.txt Yao Jiankang.
INTERNET PROTOCOLS Class 9 CSCI 6433 David C. Roberts Entire contents copyright 2011, David C. Roberts, all rights reserved.

INTERNET PROTOCOLS Class 9 CSCI 6433 David C. Roberts Entire contents copyright 2011, David C. Roberts, all rights reserved.
Armenia and Multistakeholder Model of Internet Governance Dr. Grigori Saghyan, ISOC AM Vice-President Lianna Galstyan, ISOC AM Board Member Lianna Galstyan,

Armenia and Multistakeholder Model of Internet Governance Dr. Grigori Saghyan, ISOC AM Vice-President Lianna Galstyan, ISOC AM Board Member Lianna Galstyan,
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.

Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.

Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
Election AlgorithmsCS-4513 D-term 20081 Election Algorithms CS-4513 Distributed Computing Systems (Slides include materials from Operating System Concepts,

Election AlgorithmsCS-4513 D-term Election Algorithms CS-4513 Distributed Computing Systems (Slides include materials from Operating System Concepts,
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Application Layer At long last we can ask the question - how does the user interface with the network?

Application Layer At long last we can ask the question - how does the user interface with the network?
Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.

Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
CPSC 441: DNS1 Instructor: Anirban Mahanti Office: ICT 745 Class Location: ICT 121 Lectures: MWF 12:00 – 12:50 Notes derived.

CPSC 441: DNS1 Instructor: Anirban Mahanti Office: ICT Class Location: ICT 121 Lectures: MWF 12:00 – 12:50 Notes derived.
DNS. Outline r Domain Name System r DNS Hierarchy r Resolution.

DNS. Outline r Domain Name System r DNS Hierarchy r Resolution.
Chapter 25 Domain Name System

Chapter 25 Domain Name System
Domain Name Services Oakton Community College CIS 238.

Domain Name Services Oakton Community College CIS 238.
Microsoft Load Balancing and Clustering. Outline Introduction Load balancing Clustering.

Microsoft Load Balancing and Clustering. Outline Introduction Load balancing Clustering.
Understanding Active Directory

Understanding Active Directory
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
DNS: Domain Name System Mark Ciocco Chris Janik Networks Class Presentation Tuesday April 18, 2000 To insert your company logo on this slide From the Insert.

DNS: Domain Name System Mark Ciocco Chris Janik Networks Class Presentation Tuesday April 18, 2000 To insert your company logo on this slide From the Insert.

Similar presentations

Ads by Google