FAQ (Frequently Asked Questions)

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "FAQ (Frequently Asked Questions)"

Transcription

1 FAQ (Frequently Asked Questions) Specific Questions about Afilias Managed DNS What is the Afilias DNS network? How long has Afilias been working within the DNS market? What are the names of the Afilias name servers? How does my configuration get propagated to DNS and how long does it take? How can I confirm that changes I make to my domains are being resolved on the Afilias network? For secondary DNS service, what happens if there is a failure when transferring the zone file from my primary server? How easy is it to move domains over from another DNS provider and will there be any downtime? What support does Afilias provide? Does the Afilias network support IPv6? What resource records does Afilias support? Can I do bulk changes? General DNS Questions What is DNS? Where can I get more information about DNS? What is DNSSEC? When will DNSSEC be available? What is BIND? What is the difference between a domain and a zone? What is a glue record? What is the difference between Primary, Secondary, Master and Slave DNS? Questions about Security What is a distributed denial of service attack, or DDoS? What is a botnet? What is spam? What is phishing? What is pharming? What is malware? What does the term Fast Flux refer to? Questions About Internet and DNS Administration What is ICANN? What is SSAC? What is RSSAC? Issue 1 (c)copyright 2009 Afilias 1

2 Issue 1 (c)copyright 2009 Afilias 2

3 Answers Specific Questions about Afilias Managed DNS Q. What is the Afilias DNS network? A. Afilias manages a global network of dedicated high performance servers that provides superior response times to all DNS lookups and queries. This network was developed to support all the top level domains (TLD, gtld, cctld) managed by Afilias registry services. Afilias Managed DNS now provides premium DNS service for other customers on this network. Q. How long has Afilias been working within the DNS market? A. Afilias has been a leader in the DNS market since 2000 when it won the ICANN bid to provide new registry services for the.info top level domain (TLD). It developed its premium DNS network in Q. What are the names of the Afilias name servers? A. The name servers for Afilias Managed DNS are shown on the SOA screen of each primary domain configuration. They are: a.service.afiliasdns.info b.service.afiliasdns.org c.service.afiliasdns.net d.service.afiliasdns.com e.service.afiliasdns.info f.service.afiliasdns.net Q. How does my configuration get propagated to DNS and how long does it take? A. Your primary (master) DNS configuration is stored in a database. Whenever you make changes, the serial number is automatically incremented. This triggers a notify message that is sent to the Afilias network. An Afilias server then does a DNS zone transfer to copy your changes and distribute them across the Afilias DNS network. This process is completed within a few minutes. Q. How can I confirm that changes I make to my domains are being resolved on the Afilias network? A. There are detailed examples in the User Guide of how to use dig and nslookup to verify your changes on the Afilias network and on the Internet. Issue 1 (c)copyright 2009 Afilias 3

4 Q. For secondary DNS service, what happens if there is a failure when transferring the zone file from my primary server? A. On release 1, there is no mechanism to deliver error messages on zone transfers (AXFR/IXFR) to the Afilias secondary service. You should run dig/nslookup (as shown in the Verification section of the User Guide) to confirm that the serial number of the zone on the Afilias network matches the serial on your primary server. If there is a mismatch, and you suspect the transfer has failed, you can send in a ticket using the Support screen on the web portal or call the Afilias Customer Service Center for further analysis of the problem. Q. How easy is it to move domains over from another DNS provider and will there be any downtime? A. If your domain is small, you can simply create it using the Afilias Managed DNS web portal. For a larger domain, if your current DNS provider has an export option, you can use this to create a file that can be imported (release 1.1). Once your primary domain is set up and you have verified it is resolving correctly on the Afilias network, you simply reconfigure the name servers on your other provider to point to the Afilias name servers. Providers generally take from 15 minutes to 1 day to complete this change. Some providers terminate DNS service as soon as name servers are configured to point off their network. You can increase the TTL on such providers in advance of making the change to mitigate downtime by increasing the time that caching DNS servers retain your domain information. Please see the Web Portal User Guide for Afilias Managed DNS Service for more information. Q. What support does Afilias provide? A. Afilias maintains a Customer Service Center that is staffed 24 hours a day, 7 days a week. You can contact them by phone at the number shown on the top of every web portal screen. You can also send in a request via the Support page on the web portal. This request will create a ticket that will be handled by a support analyst who will reply by . Q. Does the Afilias network support IPv6? A. The Afilias network is fully IPv6 compliant and can handle DNS queries from machines running IPv6. However, on release 1 of the Managed DNS Services, there is no support for defining AAAA records for resolution of IPv6 addresses. This feature will be added in release 2. Q. What resource records does Afilias support? A. For secondary service, Afilias zone transfers from your primary DNS will support all records supported by BIND 9. For primary DNS service, the records you can enter on release 1 are: A, Issue 1 (c)copyright 2009 Afilias 4

5 CNAME, MX, NS, TXT. Subsequent release will add support for other record types such as PTR, SRV, AAAA. Q. Can I do bulk changes? A. Release 1.0 does not have this feature. Subsequent releases will add two capabilities for bulk changes. First will be the ability to upload a BIND style text file for a whole domain. Second will be a command that allows entering a resource record once and having it apply to a group of domains. General DNS Questions Q. What is DNS? A. Computers on the Internet are identified by a unique numeric address, an IP address. The Domain Name System (DNS) makes using the Internet easier by allowing applications to use names instead of IP addresses. Instead of having to type in a web browser, a person can simply type The web browser will resolve the name and translate it to the necessary IP address by sending a query to a DNS server to do the lookup and translation. DNS also enables addresses to be used with names instead of IP addresses. Q. Where can I get more information about DNS? A. There are many good books that provide in depth descriptions of DNS. There are also many good tutorials and other articles about DNS on the Internet. The ultimate definition of the DNS protocol and best practices for managing DNS is provided by the RFC publications of the IETF, the Internet standards body. Q. What is DNSSEC? A. DNSSEC (DNS Security Extensions) is an enhancement to the DNS protocol. It allows zone administrators such as the IANA to sign their zone files using public key cryptography. DNS users can then use these signatures to verify that the information they receive from DNS servers, such as the root name servers, is authentic. This prevents manipulation of the data during storage on servers and during transmission. Q. When will DNSSEC be available? A. Deployment of this technology requires not only changes of software in all Internet hosts that want to benefit, but also changes of business practices and operational procedures throughout the DNS. This includes registries, registrars and holders of domain names. Because there are so many necessary changes, it will likely be 2-3 years before DNSSEC has spread far enough Issue 1 (c)copyright 2009 Afilias 5

6 to become truly effective on a global scale. ICANN s Security and Stability Advisory Committee is encouraging continued deployment of DNSSEC and recommending actions to be taken on issues not considered in protocol design and development and in controlled (test) environments. Q. What is BIND? A. BIND stands for Berkeley Internet Name Daemon. This was one of the first implementations of a DNS server. It is a standard component of most Unix and Linux systems and runs as the process named. It is estimated that as much as 80% of all DNS queries on the global Internet are handled by BIND servers. Q. What is the difference between a domain and a zone? A. A domain is a unique name within the DNS system that belongs to an individual or an organization. A zone is the information used by a DNS server to resolve the names in the domain. Very often a zone contains one domain, so the terms are often used interchangeably. The owner of a domain also has ownership of all the subdomains of that domain. For example, a company that has registered the domain more.info can set up different websites using the subdomains canada.more.info, europe.more.info. When they set up their DNS, they can include all the subdomain information in one zone, or they can delegate some or all of the subdomains to different zones. Q. What is a glue record? A. If a subdomain is delegated from one zone to another, the name server for that subdomain must be provided (in a NS resource record). If that name server is in the domain or subdomain of the zone being configured, then an A record must be created to provide the IP address of the name server. This A record is called a glue record and is required to avoid creating a circular dependency in DNS. Q. What is the difference between Primary, Secondary, Master and Slave DNS? A. Primary and Master are the same; Secondary and Slave are the same. The difference in terminology comes from different versions of BIND. A Primary DNS server is one that has its own copy of the zone configuration information. A Secondary is a server that gets its zone data from a Primary. There are several different ways that a Secondary can be set up so that it updates its zone data when the configuration on the Primary changes. When it comes to DNS resolution, there is no difference between a Primary and a Secondary; they both provide authoritative answers to DNS queries. Domain resolution is provided by a pool of name servers, generally at least 2 and a maximum of 13. Usually one is a Primary and the rest are Issue 1 (c)copyright 2009 Afilias 6

7 Secondary. There is no strict order in which the servers are queried; the Primary is not queried first. Questions About Security Q. What is a distributed denial of service attack, or DDoS? A. A DDoS attack on the Internet is one in which a multitude of compromised systems attack a single target and cause denial of service (DoS) for users of the targeted system. The large number of incoming messages forces the target system to slow down or even shut down, thereby denying service to legitimate users. Distribution increases the traffic and decreases the focus on the sources of the attack. Q. What is a botnet? A botnet is a collection of compromised computers or "zombies" under the control of one party (a "botherder"). The individual computers making up the botnet have been compromised via malware or hacking, without the informed consent of their owners. Botnets are used to perpetrate a variety of illegal acts, including spamming, hosting phishing sites and mounting distributed denial-of-service attacks (DDoS attacks). Q. What is spam? A. Electronic messaging systems are often used to send unsolicited bulk messages known as spam. The term may be applied to spam and similar abuses such as instant messaging spam, mobile messaging spam, and the spamming of Web sites and Internet forums. Q. What is phishing? A. Phishing refers to the use of counterfeit web pages designed to trick recipients into divulging sensitive data such as usernames, passwords or financial data. Phishing site are usually advertised via fraudulent spam s. Q. What is pharming? A. The redirecting of unknowing users to fraudulent sites or services, typically through DNS hijacking or poisoning. Q. What is malware? A. Software designed to infiltrate or damage a computer system without the owner's informed consent is called malware. Examples include computer viruses, worms, key loggers and Trojan horses. Issue 1 (c)copyright 2009 Afilias 7

8 Q. What does the term Fast Flux refer to? A. Fast Flux is a technique that disguises the location of a web site or other Internet service by frequently changing the location (IP address) on the Internet to which the domain name of an Internet host or name server resolves. Fast flux is usually associated with criminal uses of Internet resources, such as the hosting of phishing sites and is typically used by botnets. Questions About Internet and DNS Administration Q. What is ICANN? A. The Internet Corporation for Assigned Names and Numbers (ICANN) is an internationally organized, non-profit corporation that has responsibility for Internet Protocol (IP) address space allocation, protocol identifier assignment, generic (gtld) and country code (cctld) top-level domain name system management and root server system management functions. As a private-public partnership, ICANN is dedicated to preserving the operational stability of the Internet, promoting competition, achieving broad representation of global Internet communities, and developing policy appropriate to its mission through bottom-up, consensusbased processes. Q. What is SSAC? A. The Security and Stability Advisory Committee (SSAC) advises the ICANN community and board on matters relating to the security and integrity of the Internet s naming and address allocation systems. This includes operational matters (e.g., matters pertaining to the correct and reliable operation of the root name system), administrative matters (e.g., matters pertaining to address allocation and Internet number assignment), and registration matters (e.g., matters pertaining to registry and registrar services such as Whois). SSAC engages in ongoing threat assessment and risk analysis of the Internet naming and address allocation services to assess where the principal threats to stability and security lie, and advises the ICANN community accordingly. Q. What is RSSAC? A. The Root Server System Advisory Committee (RSSAC) advises the ICANN community and board about operation of the DNS root name servers. It also provides advice on the operational requirements of root name servers, including host hardware capacities, operating systems and name server software versions, network connectivity and physical environment. RSSAC examines and advises on security aspects of the root name server system, and reviews the number, location, and distribution of root name servers considering total system performance, robustness, and reliability. Issue 1 (c)copyright 2009 Afilias 8

Acceptable Use Policy and Terms of Service

Acceptable Use Policy and Terms of Service Acceptable Use Policy and Terms of Service Vox Populi Registry Ltd. 3-110 Governors Square 23 Lime Tree Bay Ave. Grand Cayman, Cayman Islands PO Box 1361, George Town, KY1-1108 www.nic.sucks Version 1.0

More information

ACCEPTABLE USE AND TAKEDOWN POLICY

ACCEPTABLE USE AND TAKEDOWN POLICY ACCEPTABLE USE AND TAKEDOWN POLICY This Acceptable Use and Takedown Policy ( Acceptable Use Policy ) of Wedding TLD2, LLC (the Registry ), is to be read together with the Registration Agreement and words

More information

DNS/DNSSEC Tutorial. Rick Lamb & Champika Wijayatunga Kathmandu Nepal 27 January 2016 In conjunction with SANOG27

DNS/DNSSEC Tutorial. Rick Lamb & Champika Wijayatunga Kathmandu Nepal 27 January 2016 In conjunction with SANOG27 DNS/DNSSEC Tutorial Rick Lamb & Champika Wijayatunga Kathmandu Nepal 27 January 2016 In conjunction with SANOG27 2 Brief Overview of DNS The World s Network the Domain Name System + Internet Protocol numbers

More information

DNS. The Root Name Servers. DNS Hierarchy. Computer System Security and Management SMD139. Root name server. .se name server. .

DNS. The Root Name Servers. DNS Hierarchy. Computer System Security and Management SMD139. Root name server. .se name server. . Computer System Security and Management SMD139 Lecture 5: Domain Name System Peter A. Jonsson DNS Translation of Hostnames to IP addresses Hierarchical distributed database DNS Hierarchy The Root Name

More information

Lesson 13: DNS Security. Javier Osuna josuna@gmv.com GMV Head of Security and Process Consulting Division

Lesson 13: DNS Security. Javier Osuna josuna@gmv.com GMV Head of Security and Process Consulting Division Lesson 13: DNS Security Javier Osuna josuna@gmv.com GMV Head of Security and Process Consulting Division Introduction to DNS The DNS enables people to use and surf the Internet, allowing the translation

More information

Computer Networks: Domain Name System

Computer Networks: Domain Name System Computer Networks: Domain Name System Domain Name System The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses DNS www.example.com 208.77.188.166 http://www.example.com

More information

DNS Security FAQ for Registrants

DNS Security FAQ for Registrants DNS Security FAQ for Registrants DNSSEC has been developed to provide authentication and integrity to the Domain Name System (DNS). The introduction of DNSSEC to.nz will improve the security posture of

More information

Lending Clarity to Security Risk Definitions by Dave Piscitello and Greg Aaron

Lending Clarity to Security Risk Definitions by Dave Piscitello and Greg Aaron Lending Clarity to Security Risk Definitions by Dave Piscitello and Greg Aaron In its Beijing Communiqué of 11 April 2013, the ICANN Government Advisory Committee (GAC) called on ICANN to have new gtld

More information

.tirol Anti-Abuse Policy

.tirol Anti-Abuse Policy Translation from German.tirol Anti-Abuse Policy This policy is based on Austrian legislation. In case of doubt the German version of this policy is in force. Page 1 Contents 1. Management Summary... 3

More information

.IBM TLD Registration Policy

.IBM TLD Registration Policy I. Introduction These registration conditions govern the rights and obligations of the Registry Operator, International Business Machines Corporation ( Registry Operator or IBM ), and the accredited registrars,

More information

SAC 049 SSAC Report on DNS Zone Risk Assessment and Management

SAC 049 SSAC Report on DNS Zone Risk Assessment and Management SAC 049 SSAC Report on DNS Zone Risk Assessment and Management A Report from the ICANN Security and Stability Advisory Committee (SSAC) 03 June 2011 SAC049 1 Preface This is a Report of the Security and

More information

DNS Abuse Handling. Champika Wijayatunga APRICOT2015 Fukuoka Japan Feb 2015

DNS Abuse Handling. Champika Wijayatunga APRICOT2015 Fukuoka Japan Feb 2015 DNS Abuse Handling Champika Wijayatunga APRICOT2015 Fukuoka Japan Feb 2015 Acknowledgements Dave Piscitello Vice President, Security and ICT Coordination ICANN 2 2 Agenda 1 2 3 Brief Overview of DNS Defining

More information

ICANN- INTERNET CORPORATION OF ASSIGNED NAMES & NUMBERS

ICANN- INTERNET CORPORATION OF ASSIGNED NAMES & NUMBERS ICANN- INTERNET CORPORATION OF ASSIGNED NAMES & NUMBERS Prof.Vivekanandan MHRD IP CHAIR PROFESSOR National Academy of Legal Studies Research University (NALSAR) www.nalsarpro.org vivekvc2001@yahoo.co.in

More information

Glossary of Technical Terms Related to IPv6

Glossary of Technical Terms Related to IPv6 AAAA Record An AAAA record stores a 128-bit Internet Protocol version 6 (IPv6) address, which does not fit the standard A record format. For example, 2007:0db6:85a3:0000:0000:6a2e:0371:7234 is a valid

More information

Acceptable Use Policy. This Acceptable Use Policy sets out the prohibited actions by a Registrant or User of every registered.bayern Domain Name.

Acceptable Use Policy. This Acceptable Use Policy sets out the prohibited actions by a Registrant or User of every registered.bayern Domain Name. This Acceptable Use Policy sets out the prohibited actions by a Registrant or User of every registered.bayern Domain Name. This Acceptable Use Policy forms part of the Registry Policies that apply to and

More information

INFORMATION SECURITY REVIEW

INFORMATION SECURITY REVIEW INFORMATION SECURITY REVIEW 14.10.2008 CERT-FI Information Security Review 3/2008 In the summer, information about a vulnerability in the internet domain name service (DNS) was released. If left unpatched,

More information

HTG XROADS NETWORKS. Network Appliance How To Guide: EdgeDNS. How To Guide

HTG XROADS NETWORKS. Network Appliance How To Guide: EdgeDNS. How To Guide HTG X XROADS NETWORKS Network Appliance How To Guide: EdgeDNS How To Guide V 3. 2 E D G E N E T W O R K A P P L I A N C E How To Guide EdgeDNS XRoads Networks 17165 Von Karman Suite 112 888-9-XROADS V

More information

Current Counter-measures and Responses by the Domain Name System Community

Current Counter-measures and Responses by the Domain Name System Community Current Counter-measures and Responses by the Domain Name System Community Paul Twomey President and CEO 22 April 2007 APEC-OECD Malware Workshop Manila, The Philippines 1 What we want you to do today

More information

Electronic Mail. The protocols used for Internet can be divided into three broad categories. transfer program. application.

Electronic Mail. The protocols used for Internet  can be divided into three broad categories. transfer program. application. Electronic Mail The protocols used for Internet email can be divided into three broad categories transfer program interface application interface application 33 The Simple Mail Transfer Protocol (SMTP)

More information

PLAN FOR ENHANCING INTERNET SECURITY, STABILITY, AND RESILIENCY

PLAN FOR ENHANCING INTERNET SECURITY, STABILITY, AND RESILIENCY PLAN FOR ENHANCING INTERNET SECURITY, STABILITY, AND RESILIENCY June 2009 Table of Contents Executive Summary... 1 ICANN s Role... 2 ICANN Security, Stability and Resiliency Programs... 3 Plans to Enhance

More information

Acceptable Use (Anti-Abuse) Policy

Acceptable Use (Anti-Abuse) Policy Acceptable Use (Anti-Abuse) Policy This document describes the Acceptable Use Policy for the Rightside registry. Copyright 2014 Rightside Registry Copyright 2014 Rightside Domains Europe Ltd. Rightside

More information

Measures to Protect (University) Domain Registrations and DNS Against Attacks. Dave Piscitello, ICANN dave.piscitello@icann.org

Measures to Protect (University) Domain Registrations and DNS Against Attacks. Dave Piscitello, ICANN dave.piscitello@icann.org Measures to Protect (University) Domain Registrations and DNS Against Attacks Dave Piscitello, ICANN dave.piscitello@icann.org Why are we talking about Domain names and DNS? Domain names and URLs define

More information

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory. Chapter 9: Configuring DNS for Active Directory

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory. Chapter 9: Configuring DNS for Active Directory MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 9: Configuring DNS for Active Directory Objectives Describe the structure of Domain Name System Install and use the DNS

More information

Part 5 DNS Security. SAST01 An Introduction to Information Security 2015-09-21. Martin Hell Department of Electrical and Information Technology

Part 5 DNS Security. SAST01 An Introduction to Information Security 2015-09-21. Martin Hell Department of Electrical and Information Technology SAST01 An Introduction to Information Security Part 5 DNS Security Martin Hell Department of Electrical and Information Technology How DNS works Amplification attacks Cache poisoning attacks DNSSEC 1 2

More information

Section 1 Overview... 4. Section 2 Home... 5

Section 1 Overview... 4. Section 2 Home... 5 ecogent User Guide 2012 Cogent Communications, Inc. All rights reserved. Every effort has been made to ensure that the information in this User Guide is accurate. Information in this document is subject

More information

Attacks Against The DNS. Dave Piscitello VP Security and ICT Coordination 27 June 2016

Attacks Against The DNS. Dave Piscitello VP Security and ICT Coordination 27 June 2016 Attacks Against The DNS Dave Piscitello VP Security and ICT Coordination 27 June 2016 dave.piscitello@icann.org Introduction VP Security and ICT Coordination, ICANN 40 year network and security practitioner

More information

Registry role in cctld. Jaromir Talir

Registry role in cctld. Jaromir Talir Registry role in cctld Jaromir Talir jaromir.talir@nic.cz 30.05.2016 Three levels structure Propagating changes to upper level (root) Technically maintaining delegated level (TLD) Joining lower level domains

More information

Copyright 2012 http://itfreetraining.com

Copyright 2012 http://itfreetraining.com In order to find resources on the network, computers need a system to look up the location of resources. This video looks at the DNS records that contain information about resources and services on the

More information

Acceptable Use Policy

Acceptable Use Policy Introduction This Acceptable Use Policy (AUP) sets forth the terms and conditions for the use by a Registrant of any domain name registered in the top-level domain (TLD). This Acceptable Use Policy (AUP)

More information

Description: Objective: Attending students will learn:

Description: Objective: Attending students will learn: Course: Introduction to Cyber Security Duration: 5 Day Hands-On Lab & Lecture Course Price: $ 3,495.00 Description: In 2014 the world has continued to watch as breach after breach results in millions of

More information

Internet-Praktikum I Lab 3: DNS

Internet-Praktikum I Lab 3: DNS Kommunikationsnetze Internet-Praktikum I Lab 3: DNS Mark Schmidt, Andreas Stockmayer Sommersemester 2015 kn.inf.uni-tuebingen.de Motivation for the DNS Problem IP addresses hard to remember for humans

More information

.BIO DOMAIN NAME POLICY v2.0 - Last Update: May 30, 2014. Starting Dot Ltd..BIO DOMAIN NAME POLICY - V1.0 - AS OF 30 MAY 2014 1

.BIO DOMAIN NAME POLICY v2.0 - Last Update: May 30, 2014. Starting Dot Ltd..BIO DOMAIN NAME POLICY - V1.0 - AS OF 30 MAY 2014 1 .BIO DOMAIN NAME POLICY v2.0 - Last Update: May 30, 2014 Starting Dot Ltd..BIO DOMAIN NAME POLICY - V1.0 - AS OF 30 MAY 2014 1 Background 1..bio (also designated as the ".BIO domain") is a generic Top-Level

More information

General Registration Rules Version 3.21, February 5, 2015

General Registration Rules Version 3.21, February 5, 2015 General Registration Rules Version 3.21, February 5, 2015 1. APPLICATION These Rules apply to the registration, renewal, transfer, modification, suspension and deletion of Domain Names and to other transactions

More information

How To Guide Edge Network Appliance How To Guide:

How To Guide Edge Network Appliance How To Guide: How To Guide Edge Network Appliance How To Guide: ActiveDNS v 4.01 Edge Network Appliance How To Guide: ActiveDNS 2007 XRoads Networks 17165 Von Karman, Suite 112 888-9-XROADS v 4.01 updated 09/11/07 Table

More information

Use Domain Name System and IP Version 6

Use Domain Name System and IP Version 6 Use Domain Name System and IP Version 6 What You Will Learn The introduction of IP Version 6 (IPv6) into an enterprise environment requires some changes both in the provisioned Domain Name System (DNS)

More information

Chapter 2. Outline 9/9/14 DNS

Chapter 2. Outline 9/9/14 DNS Chapter 2 Outline DNS " Overview " Recursive and Iterative Queries " Resource record and DNS query " DNS Protocol " DNS Caching " DNS Services " Reverse DNS lookup 1 DNS (Domain Name System) Internet host

More information

Fast Flux Hosting and DNS ICANN SSAC

Fast Flux Hosting and DNS ICANN SSAC Fast Flux Hosting and DNS ICANN SSAC What is Fast Flux Hosting? An evasion technique Goal Avoid detection and take down of web sites used for illegal purposes Technique Host illegal content at many sites

More information

The IANA Functions. An Introduction to the Internet Assigned Numbers Authority (IANA) Functions

The IANA Functions. An Introduction to the Internet Assigned Numbers Authority (IANA) Functions The IANA Functions An Introduction to the Internet Assigned Numbers Authority (IANA) Functions Contents SECTION 1: INTRODUCTION 4 SECTION 2: POLICY, STAKEHOLDERS AND STEWARDSHIP IMPLEMENTATION 6 SECTION

More information

VIDEO Intypedia013en LESSON 13: DNS SECURITY. AUTHOR: Javier Osuna García-Malo de Molina. GMV Head of Security and Process Consulting Division

VIDEO Intypedia013en LESSON 13: DNS SECURITY. AUTHOR: Javier Osuna García-Malo de Molina. GMV Head of Security and Process Consulting Division VIDEO Intypedia013en LESSON 13: DNS SECURITY AUTHOR: Javier Osuna García-Malo de Molina GMV Head of Security and Process Consulting Division Welcome to Intypedia. In this lesson we will study the DNS domain

More information

DNS and BIND. David White

DNS and BIND. David White DNS and BIND David White DNS: Backbone of the Internet Translates Domains into unique IP Addresses i.e. developcents.com = 66.228.59.103 Distributed Database of Host Information Works seamlessly behind

More information

The Domain Name System

The Domain Name System DNS " This is the means by which we can convert names like news.bbc.co.uk into IP addresses like 212.59.226.30 " Purely for the benefit of human users: we can remember numbers (e.g., telephone numbers),

More information

An Introduction to the Domain Name System

An Introduction to the Domain Name System An Introduction to the Domain Name System Olaf Kolkman Olaf@nlnetlabs.nl October 28, 2005 Stichting NLnet Labs This Presentation An introduction to the DNS Laymen level For non-technologists About protocol

More information

How to Add Domains and DNS Records

How to Add Domains and DNS Records How to Add Domains and DNS Records Configure the Barracuda NextGen X-Series Firewall to be the authoritative DNS server for your domains or subdomains to take advantage of Split DNS or dead link detection.

More information

Securing DNS Infrastructure Using DNSSEC

Securing DNS Infrastructure Using DNSSEC Securing DNS Infrastructure Using DNSSEC Ram Mohan Executive Vice President, Afilias rmohan@afilias.info February 28, 2009 Agenda Getting Started Finding out what DNS does for you What Can Go Wrong A Survival

More information

IANA Functions to cctlds Sofia, Bulgaria September 2008

IANA Functions to cctlds Sofia, Bulgaria September 2008 IANA Functions to cctlds Sofia, Bulgaria September 2008 Kim Davies Internet Assigned Numbers Authority Internet Corporation for Assigned Names & Numbers What is IANA? Internet Assigned Numbers Authority

More information

DNS at NLnet Labs. Matthijs Mekking

DNS at NLnet Labs. Matthijs Mekking DNS at NLnet Labs Matthijs Mekking Topics NLnet Labs DNS DNSSEC Recent events NLnet Internet Provider until 1997 The first internet backbone in Holland Funding research and software projects that aid the

More information

Domain Name System 2015-04-28 17:49:44 UTC. 2015 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

Domain Name System 2015-04-28 17:49:44 UTC. 2015 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement Domain Name System 2015-04-28 17:49:44 UTC 2015 Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement Contents Domain Name System... 4 Domain Name System... 5 How DNS Works

More information

KTH CSC, Domain Name System lab, rev: 1.5. Domain Name System KTH CSC. XEN version. Group Nr. Name1. Name2. Date. Grade. Instructor s Signature

KTH CSC, Domain Name System lab, rev: 1.5. Domain Name System KTH CSC. XEN version. Group Nr. Name1. Name2. Date. Grade. Instructor s Signature Domain Name System KTH CSC XEN version Group Nr Name1 Name2 Date Grade Instructor s Signature Table of Contents 1 Goals... 3 2 Preparation questions...3 2.1Fundamental DNS...3 2.2Record types and classes...3

More information

Networking Domain Name System

Networking Domain Name System System i Networking Domain Name System Version 6 Release 1 System i Networking Domain Name System Version 6 Release 1 Note Before using this information and the product it supports, read the information

More information

DNS. Computer networks - Administration 1DV202. fredag 30 mars 12

DNS. Computer networks - Administration 1DV202. fredag 30 mars 12 DNS Computer networks - Administration 1DV202 DNS History Who needs DNS? The DNS namespace How DNS works The DNS database The BIND software Server and client configuration The history of DNS RFC 882 and

More information

<.bloomberg> gtld Registration Policies

<.bloomberg> gtld Registration Policies gtld Registration Policies General Statement... 2 Definitions... 2 String Requirements... 3 Reserved Names... 3 Name Collision... 3 Acceptable Use... 4 Reservation of Rights... 4 Rapid Takedown

More information

Networking Domain Name System

Networking Domain Name System IBM i Networking Domain Name System Version 7.2 IBM i Networking Domain Name System Version 7.2 Note Before using this information and the product it supports, read the information in Notices on page

More information

Internet Security and Resiliency: A Collaborative Effort

Internet Security and Resiliency: A Collaborative Effort Internet Security and Resiliency: A Collaborative Effort Baher Esmat Manager, Regional Relations Middle East MENOG 4 Manama, 9 April 2009 1 WHAT IS THIS PRESENTATION ABOUT? ICANN s effort in enhancing

More information

THE MASTER LIST OF DNS TERMINOLOGY. v 2.0

THE MASTER LIST OF DNS TERMINOLOGY. v 2.0 THE MASTER LIST OF DNS TERMINOLOGY v 2.0 DNS can be hard to understand and if you re unfamiliar with the terminology, learning more about DNS can seem as daunting as learning a new language. To help people

More information

ECE 4321 Computer Networks. Network Programming

ECE 4321 Computer Networks. Network Programming ECE 4321 Computer Networks Network Programming Name Space System.Net Domain Name System (DNS) To resolve computer naming Host database is split up and distributed among multiple systems on the Internet

More information

DNSSEC Explained. Marrakech, Morocco June 28, 2006

DNSSEC Explained. Marrakech, Morocco June 28, 2006 DNSSEC Explained Marrakech, Morocco June 28, 2006 Ram Mohan rmohan@afilias.info Agenda Getting Started Finding out what DNS does for you What Can Go Wrong A Survival Guide to DNSSEC Why Techies Created

More information

Deploying DNSSEC: From End-Customer To Content

Deploying DNSSEC: From End-Customer To Content Deploying DNSSEC: From End-Customer To Content March 28, 2013 www.internetsociety.org Our Panel Moderator: Dan York, Senior Content Strategist, Internet Society Panelists: Sanjeev Gupta, Principal Technical

More information

.PROTECTION &.SECURITY POLICIES

.PROTECTION &.SECURITY POLICIES .PROTECTION &.SECURITY POLICIES Version 1.00 Last updated:12 October 2015 Contents 1. Introduction and Purpose 2. Definitions 3. General Provisions 3.1 Launch Timeline 3.2 Registration of names 3.3 Term

More information

DNS Response Modification

DNS Response Modification DNS Response Modification David Piscitello Senior Security Technologist ICANN 1 Intended web experience Type a URL: http://www.example.com/index.htm Browser asks DNS to find IP address of this host If

More information

SAC 044 A Registrant s Guide to Protecting Domain Name Registration Accounts

SAC 044 A Registrant s Guide to Protecting Domain Name Registration Accounts SAC 044 A Registrant s Guide to Protecting Domain Name Registration Accounts A Report from the ICANN Security and Stability Advisory Committee (SSAC) 05 November 2010 SAC 044 1 Preface This is a report

More information

WHITE PAPER. Best Practices DNSSEC Zone Management on the Infoblox Grid

WHITE PAPER. Best Practices DNSSEC Zone Management on the Infoblox Grid WHITE PAPER Best Practices DNSSEC Zone Management on the Infoblox Grid What Is DNSSEC, and What Problem Does It Solve? DNSSEC is a suite of Request for Comments (RFC) compliant specifications developed

More information

ARTE TLD REGISTRATION POLICY

ARTE TLD REGISTRATION POLICY ARTE TLD REGISTRATION POLICY 1. ELIGIBILITY Only Association Relative à la Télévision Européenne G.E.I.E. (ARTE), its Affiliates or the Trademark Licensees could be eligible to register a Domain Name under

More information

How to set up the Integrated DNS Server for Inbound Load Balancing

How to set up the Integrated DNS Server for Inbound Load Balancing How to set up the Integrated DNS Server for Introduction Getting Started Peplink Balance has a built-in DNS server for inbound link load balancing. You can delegate a domain s NS/SOA records, e.g. www.mycompany.com,

More information

Six Steps to Securing Your Domains

Six Steps to Securing Your Domains White Paper Six Steps to Securing Your Domains Abstract We all know that hackers and cybercriminals attack websites directly, skillfully and frequently. Now, with growing frequency, a new breed of politically-motivated

More information

DNS Basics. DNS Basics

DNS Basics. DNS Basics DNS Basics 1 A quick introduction to the Domain Name System (DNS). Shows the basic purpose of DNS, hierarchy of domain names, and an example of how the DNS protocol is used. There are many details of DNS

More information

THE DOMAIN NAME SYSTEM DNS

THE DOMAIN NAME SYSTEM DNS Announcements THE DOMAIN NAME SYSTEM DNS Internet Protocols CSC / ECE 573 Fall, 2005 N. C. State University copyright 2005 Douglas S. Reeves 2 Today s Lecture I. Names vs. Addresses II. III. IV. The Namespace

More information

DNS & IPv6. Agenda 4/14/2009. MENOG4, 8-9 April 2009. Raed Al-Fayez SaudiNIC CITC rfayez@citc.gov.sa, www.nic.net.sa. DNS & IPv6.

DNS & IPv6. Agenda 4/14/2009. MENOG4, 8-9 April 2009. Raed Al-Fayez SaudiNIC CITC rfayez@citc.gov.sa, www.nic.net.sa. DNS & IPv6. DNS & IPv6 MENOG4, 8-9 April 2009 Raed Al-Fayez SaudiNIC CITC rfayez@citc.gov.sa, www.nic.net.sa Agenda DNS & IPv6 Introduction What s next? SaudiNIC & IPv6 About SaudiNIC How a cctld Registry supports

More information

Networking Domain Name System

Networking Domain Name System System i Networking Domain Name System Version 5 Release 4 System i Networking Domain Name System Version 5 Release 4 Note Before using this information and the product it supports, read the information

More information

THE MASTER LIST OF DNS TERMINOLOGY. First Edition

THE MASTER LIST OF DNS TERMINOLOGY. First Edition THE MASTER LIST OF DNS TERMINOLOGY First Edition DNS can be hard to understand and if you re unfamiliar with the terminology, learning more about DNS can seem as daunting as learning a new language. To

More information

Domain Name System. KTH NS-Lab. Standalone VM version. Group Nr. Name1. Name2. Date. Grade. Instructor s Signature

Domain Name System. KTH NS-Lab. Standalone VM version. Group Nr. Name1. Name2. Date. Grade. Instructor s Signature KTH NS-Lab, Domain Name System lab, rev: 1.73 Domain Name System KTH NS-Lab Standalone VM version Group Nr Name1 Name2 Date Grade Instructor s Signature Table of Contents 1 Goals... 3 2 Connecting to the

More information

Domain Name Registration Policy

Domain Name Registration Policy Domain Name Registration Policy 1. Eligibility Only Progressive Casualty Insurance Company and its Affiliates and its qualifying Trademark Licensees are eligible to register a Domain Name under the

More information

Georgia College & State University

Georgia College & State University Georgia College & State University Milledgeville, GA Domain Name Service Procedures Domain Name Service Table of Contents TABLE OF REVISIONS... 3 SECTION 1: INTRODUCTION... 4 1.1 Scope and Objective...

More information

Basic DNS. DNS can also potentially do the reverse translating a numeric IP address to a fully qualified domain name.

Basic DNS. DNS can also potentially do the reverse translating a numeric IP address to a fully qualified domain name. DNS SERVER Basic DNS DNS is the network service that translates a fully qualified domain name, such as www.india.gov.in, to a numeric IP address, such as 164.100.129.97. Client DNS Server data DNS can

More information

Internet Technical Governance: Orange s view

Internet Technical Governance: Orange s view Internet Technical Governance: Orange s view 1 Internet Technical Governance: Orange s view With the increasing use of IP technologies in the electronic communication networks and services, Internet Technical

More information

Copyright International Business Machines Corporation 2001. All rights reserved. US Government Users Restricted Rights Use, duplication or disclosure

Copyright International Business Machines Corporation 2001. All rights reserved. US Government Users Restricted Rights Use, duplication or disclosure iseries DNS iseries DNS Copyright International Business Machines Corporation 2001. All rights reserved. US Government Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule

More information

CDN SERVICE ICSS ROUTE MANAGED DNS DEUTSCHE TELEKOM AG INTERNATIONAL CARRIER SALES AND SOLUTIONS (ICSS)

CDN SERVICE ICSS ROUTE MANAGED DNS DEUTSCHE TELEKOM AG INTERNATIONAL CARRIER SALES AND SOLUTIONS (ICSS) CDN SERVICE ICSS ROUTE MANAGED DNS DEUTSCHE TELEKOM AG INTERNATIONAL CARRIER SALES AND SOLUTIONS (ICSS) CDN FEATURE ICSS ROUTE ICSS ROUTE IS OUR NEW OFFERING TO HELP YOU MANAGE YOUR DOMAIN NAME SYSTEM

More information

Pre Delegation Testing (PDT) Frequently Asked Questions (FAQ)

Pre Delegation Testing (PDT) Frequently Asked Questions (FAQ) Pre Delegation Testing (PDT) Frequently Asked Questions (FAQ) [Ver 1.7 2013-06- 04] List of contents General questions Who do I contact with questions about Pre- Delegation Testing?... 3 What is the process

More information

CSE 265: System & Network Administration

CSE 265: System & Network Administration CSE 265: System & Network Administration DNS The Domain Name System History of DNS What does DNS do? The DNS namespace BIND software How DNS works DNS database Testing and debugging (tools) DNS History

More information

Internet Security [1] VU 184.216. Engin Kirda engin@infosys.tuwien.ac.at

Internet Security [1] VU 184.216. Engin Kirda engin@infosys.tuwien.ac.at Internet Security [1] VU 184.216 Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel chris@auto.tuwien.ac.at Administration Challenge 2 deadline is tomorrow 177 correct solutions Challenge 4 will

More information

SWITCHpki Identity Validation for Server Certificate Requests

SWITCHpki Identity Validation for Server Certificate Requests SWITCHpki Identity Validation for Server Certificate Requests Version 1.0, October 2008 1. Scope This document provides an overview of the validation procedures relating to a SWITCHpki server certificate

More information

DNS Root NameServers

DNS Root NameServers DNS Root NameServers An Overview Dr. Farid Farahmand Updated: 9/24/12 Who- is- Who! Over half million networks are connected to the Internet 5 billion users by 2015! Network numbers are managed by ICANN

More information

Computer Networks: DNS a2acks CS 1951e - Computer Systems Security: Principles and Prac>ce. Domain Name System

Computer Networks: DNS a2acks CS 1951e - Computer Systems Security: Principles and Prac>ce. Domain Name System Computer Networks: DNS a2acks CS 1951e - Computer Systems Security: Principles and Prac>ce 18/02/15 Networks: DNS attacks 1 Domain Name System The domain name system (DNS) is an applica>on- layer protocol

More information

Chapter 23 The Domain Name System (DNS)

Chapter 23 The Domain Name System (DNS) CSC521 Communication Protocols 網 路 通 訊 協 定 Chapter 23 The Domain Name System (DNS) 吳 俊 興 國 立 高 雄 大 學 資 訊 工 程 學 系 Outline 1. Introduction 2. Names For Machines 3. Flat Namespace 4. Hierarchical Names 5.

More information

5 DNS Security Risks That Keep You Up At Night (And How To Get Back To Sleep)

5 DNS Security Risks That Keep You Up At Night (And How To Get Back To Sleep) 5 DNS Security Risks That Keep You Up At Night (And How To Get Back To Sleep) survey says: There are things that go bump in the night, and things that go bump against your DNS security. You probably know

More information

Current Counter-measures and Responses by the Domain Name System Community

Current Counter-measures and Responses by the Domain Name System Community Current Counter-measures and Responses by the Domain Name System Community Paul Twomey President and CEO 22 April 2007 APEC-OECD Malware Workshop Manila, The Philippines 1 What I want to do today in 15

More information

F5 and Infoblox DNS Integrated Architecture Offering a Complete Scalable, Secure DNS Solution

F5 and Infoblox DNS Integrated Architecture Offering a Complete Scalable, Secure DNS Solution F5 and Infoblox DNS Integrated Architecture Offering a Complete Scalable, Secure DNS Solution As market leaders in the application delivery market and DNS, DHCP, and IP Address Management (DDI) market

More information

Fasthosts Internet Parallels Plesk 10 Manual

Fasthosts Internet Parallels Plesk 10 Manual Fasthosts Internet Parallels Plesk 10 Manual Introduction... 2 Before you begin... 2 Logging in to the Plesk control panel... 2 Securing access to the Plesk 10 control panel... 3 Configuring your new server...

More information

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper Protecting DNS Critical Infrastructure Solution Overview Radware Attack Mitigation System (AMS) - Whitepaper Table of Contents Introduction...3 DNS DDoS Attacks are Growing and Evolving...3 Challenges

More information

Response Policy Zones for the Domain Name System (DNS RPZ) By Paul Vixie, ISC (et.al.) 2010 World Tour

Response Policy Zones for the Domain Name System (DNS RPZ) By Paul Vixie, ISC (et.al.) 2010 World Tour Response Policy Zones for the Domain Name System (DNS ) By Paul Vixie, ISC (et.al.) 2010 World Tour Overview Motivation for DNS Response Policy Zones Relationship to DNS RBL (DNSBL) Constraints and Goals

More information

BEST PRACTICES FOR IMPROVING EXTERNAL DNS RESILIENCY AND PERFORMANCE

BEST PRACTICES FOR IMPROVING EXTERNAL DNS RESILIENCY AND PERFORMANCE BEST PRACTICES FOR IMPROVING EXTERNAL DNS RESILIENCY AND PERFORMANCE BEST PRACTICES FOR IMPROVING EXTERNAL DNS RESILIENCY AND PERFORMANCE Your external DNS is a mission critical business resource. Without

More information

General Registration Rules Version 3.18, January 13, 2013

General Registration Rules Version 3.18, January 13, 2013 General Registration Rules Version 3.18, January 13, 2013 1. APPLICATION These Rules apply to the registration, renewal, transfer, modification, suspension and deletion of Domain Names and to other transactions

More information

Before the. Committee on Energy and Commerce Subcommittee on Communications and Technology United States House of Representatives

Before the. Committee on Energy and Commerce Subcommittee on Communications and Technology United States House of Representatives Testimony of Fiona M. Alexander Associate Administrator, Office of International Affairs National Telecommunications and Information Administration United States Department of Commerce Before the Committee

More information

DNSSEC: A Vision. Anil Sagar. Additional Director Indian Computer Emergency Response Team (CERT-In)

DNSSEC: A Vision. Anil Sagar. Additional Director Indian Computer Emergency Response Team (CERT-In) DNSSEC: A Vision Anil Sagar Additional Director Indian Computer Emergency Response Team (CERT-In) Outline DNS Today DNS Attacks DNSSEC: An Approach Countering DNS Attacks Conclusion 2 DNS Today DNS is

More information

Enterprise Services. DomainTools. Delivering Domain Intelligence to Support Strategic Decisions DOMAINTOOLS SOLUTION BRIEF

Enterprise Services. DomainTools. Delivering Domain Intelligence to Support Strategic Decisions DOMAINTOOLS SOLUTION BRIEF 1 DomainTools Enterprise Services Delivering Domain Intelligence to Support Strategic Decisions DOMAINTOOLS SOLUTION BRIEF 2 INTRODUCTION: THE POWER OF BIG DATA Business decision makers have become increasingly

More information

DNS. Computer Networks. Seminar 12

DNS. Computer Networks. Seminar 12 DNS Computer Networks Seminar 12 DNS Introduction (Domain Name System) Naming system used in Internet Translate domain names to IP addresses and back Communication works on UDP (port 53), large requests/responses

More information

Strengthening our Ecosystem through Stakeholder Collaboration. Jia-Rong Low, Sr Director, Asia 20 August 2015

Strengthening our Ecosystem through Stakeholder Collaboration. Jia-Rong Low, Sr Director, Asia 20 August 2015 Strengthening our Ecosystem through Stakeholder Collaboration Jia-Rong Low, Sr Director, Asia 20 August 2015 Agenda 1 2 3 About ICANN and the Domain Name System (DNS) DNS attacks and their impact DNS Security

More information

ICANN, IPv6 and the Root

ICANN, IPv6 and the Root ICANN, IPv6 and the Root John L. Crain Chief Technical Officer Beijing, China April 12, 2007 1 In the beginning... 2 Internet s unique identifiers were coordinated through the Internet Address Naming Authority

More information

.SKI DOMAIN NAME POLICY. May 21, 2015. Starting Dot Ltd. .SKI DOMAIN NAME POLICY

.SKI DOMAIN NAME POLICY. May 21, 2015. Starting Dot Ltd. .SKI DOMAIN NAME POLICY .SKI DOMAIN NAME POLICY May 21, 2015 Starting Dot Ltd..SKI DOMAIN NAME POLICY 1 .SKI DOMAIN NAME POLICY BACKGROUND 1..SKI (the "TLD") is a generic top-level domain generally available for registration

More information

Domain Knowledge: How to Factor DNS into Your Privacy and Security Strategy

Domain Knowledge: How to Factor DNS into Your Privacy and Security Strategy SESSION ID: PDAC-T11 Domain Knowledge: How to Factor DNS into Your Privacy and Security Strategy Allison Mankin, Director Next Lab Burt Kaliski, Chief Technology Officer Verisign Agenda DNS Overview Emerging

More information

Acceptable Use Policy

Acceptable Use Policy Acceptable Use Policy Everstream uses various upstream providers to provide subscribers with direct access to the Internet via Everstream network services. Therefore, Everstream Subscribers use of Internet

More information