K-Root Name Server Operations



Similar documents
DNS Domain Name System

The role of JANET CSIRT

CS244A Review Session Routing and DNS

DNS : Domain Name System

BEST PRACTICES FOR IMPROVING EXTERNAL DNS RESILIENCY AND PERFORMANCE

D3.3: Enable China DNS and Root-Server with IPv6

F root anycast: What, why and how. João Damas ISC

DNS: Domain Name System

The Domain Name System

Best Practices in DNS Anycast Service-Provision Architecture. Version 1.1 March 2006 Bill Woodcock Gaurab Raj Upadhaya Packet Clearing House

Naming and the DNS. Focus. How do we name hosts etc.? Application Presentation Topics. Session Domain Name System (DNS) /URLs

DNS Measurements, Monitoring & Quality Control

Names vs. Addresses. Flat vs. Hierarchical Space. Domain Name System (DNS) Computer Networks. Lecture 5: Domain Name System

Domain Name System (or Service) (DNS) Computer Networks Term B10

Domain Name System. Overview. Domain Name System. Domain Name System

OVERVIEW OF THE DNS AND GLOSSARY OF TERMS

CMPE 80N: Introduction to Networking and the Internet

CS 355. Computer Networking. Wei Lu, Ph.D., P.Eng.

USING TRANSACTION SIGNATURES (TSIG) FOR SECURE DNS SERVER COMMUNICATION

The Canadian Internet Registration Authority (CIRA) manages a 100% up time service - the.ca domain name registry for over 2.

Domain Name System DNS

Distributed Systems. 09. Naming. Paul Krzyzanowski. Rutgers University. Fall 2015

Domain Name System (DNS) RFC 1034 RFC

Automated Online Grading for Virtual Machine-based Systems Administration Courses

How To Map Between Ip Address And Name On A Domain Name System (Dns)

Topic 1: Internet Architecture & Addressing

DNS Service on Linux. Supawit Wannapila CCNA, RHCE

FTP: the file transfer protocol

DNSSEC in your workflow

Domain Name System Richard T. B. Ma

ISP Systems Design. ISP Workshops. Last updated 24 April 2013

DNS and P2P File Sharing

Effect of anycast on K-root

Domain Name System (DNS)

Summary - ENUM functions that maps telephone numbers to Internet based addresses - A description and the possible introduction to Sweden

IANA Functions to cctlds Sofia, Bulgaria September 2008

On the Design and Implementation of Secure Network Protocols

Network(Security(Protocols(

The Application Layer: DNS

The IANA Functions. An Introduction to the Internet Assigned Numbers Authority (IANA) Functions

IPv6 support in the DNS

Computer Networks: Domain Name System

DNS: Domain Name System

Lecture 2 CS An example of a middleware service: DNS Domain Name System

Network Layers. CSC358 - Introduction to Computer Networks

Telecom and Internet Regulatory Challenges and Opportunities Names, Numbers, Internet Governance

The Internet Ecosystem

The Internet Ecosystem and ICANN!! Steve Stanford University, Center for Information and Society! 29 April 2013!

UAEnic at a Glance. Abdulla A. Hashim UAEnic Manager hashim@nic.ae. inet MEA Regional Conference. Cairo, Egypt, 8 May 2005

APNIC IPv6 Deployment

Internet Structure and Organization

Domain Name System (DNS) Reading: Section in Chapter 9

The Internet. On October 24, 1995, the FNC unanimously passed a resolution defining the term Internet.

Ch 6: Networking Services: NAT, DHCP, DNS, Multicasting

The Internet Introductory material.

IPv6 Support in the DNS. Workshop Name Workshop Location, Date

Glossary of Technical Terms Related to IPv6

THE MASTER LIST OF DNS TERMINOLOGY. v 2.0

DNS Root NameServers

Ch 6: Networking Services: NAT, DHCP, DNS, Multicasting, NTP

CS 43: Computer Networks Naming and DNS. Kevin Webb Swarthmore College September 17, 2015

Final. Dr. Paul Twomey President and Chief Executive Officer Internet Corporation for Assigned Names and Numbers (ICANN)

Chapter 2 Application Layer

State of the Cloud DNS Report

C 1. Last Time. CSE 486/586 Distributed Systems Domain Name System. Review: Causal Ordering. Review: Causally Ordered Multicast.

Making the Internet fast, reliable and secure. DE-CIX Customer Summit Steven Schecter <schecter@akamai.com>

Application. Transport. Network. Data Link. Physical. Network Layers. Goal

THE MASTER LIST OF DNS TERMINOLOGY. First Edition

ANATOMY OF A DDoS ATTACK AGAINST THE DNS INFRASTRUCTURE

State of the Cloud DNS Report

A Plan for the Continued Development of the DNS Statistics Collector

Transcription:

K-Root Name Server Operations Andrei Robachevsky andrei@ripe.net 1

Outline Root Server System brief update Architecture Current locations Anycast deployment K.root-servers.net Server Major milestones Current status K-Anycast deployment 2

Root Server System Provides nameservice for the root zone Root DNS node with pointers to the authoritative servers for all top-level domains (gtlds, cctlds). Thirteen name server operators Selected by IANA Diversity in organisations and location 13 is a practical limit a.root-server.net m.root-server.net - equal publishers All thirteen are authoritative servers for the root zone An average client comes here < 8 times per week 3

Root servers and operators Thirteen nameservers, selected before 1997 a.root-servers.net Verisign b.root-servers.net USC-ISI c.root-servers.net Cogent Communications d.root-servers.net University of Maryland e.root-servers.net NASA f.root-servers.net ISC g.root-servers.net US DoD (DISA) h.root-servers.net US DoD (ARL) i.root-servers.net Autonomica j.root-servers.net Verisign k.root-servers.net RIPE NCC l.root-servers.net ICANN m.root-servers.net WIDE Project Look at www.root-servers.org 4

Location of 13 DNS Root Servers (pre-anycast era) 5

Evolution of Root System Architecture Public primary nameserver a.root-servers.net primary Other 12 are secondary NSI generates the zone (Verisign since 2000) Enhanced architecture (2002) Hidden distribution master All letter servers are equal Authenticated transactions between the servers (TSIG) Wide deployment of anycast (2003) 6

Anycasting Point-to-point communication between a single client and the nearest destination server Basics described in RFC 1546 in 1993 Cloning a server Multiple locations Same operator Same IP address belonging to the operator Identical data Benefits Distribution Performance Resilience Redundancy 7

Location of 13 DNS Root Servers (spot the differences) 8

Location of 13 DNS Root Servers (spot the differences) 9

K-root Milestones Operated by RIPE NCC since May 1997 Hosted by LINX in London Running NSD since February 2003 Increased software diversity and performance Anycast since July 2003 Two global instances: London and Amsterdam Wider anycast deployment (2004) 3-5 global nodes 10-15 local nodes Frankfurt, 19 January 2004 10

K-root Locations 11

K-root Statistics London Amsterdam Frankfurt 12

Local Mirror Instances Objectives Improving access to K for a significant ISP community Isolating impact of an external DDoS Localising impact of a local DDoS Location Well connected points with significant ISP community (IXP, etc.) Improved responsiveness for the members of the IX Improved resilience of the whole system for others Model Hosted by a neutral party Open peering policy Fully funded by a hosting party Operations Exclusively performed by the RIPE NCC 13

Global Mirror Instances Ideally located at topologically equidistant places In practice there are not so many choices Globally reachable But less preferable then local mirror instances Powerful in terms of connectivity and CPU Have to sustain DDoS and local nodes failures The same management model as for local nodes RIPE NCC is the operator Different funding model No distinguished group of local beneficiaries Costs are shared between the host and the RIPE NCC 14

More Information Root operators http://www.root-servers.org http://[a-m].root-servers.org http://dnsmon.ripe.net Root server analysis http://www.caida.org/projects/dns-analysis/ Anycasting Host Anycasting Service, RFC1546, http://www.ietf.org/rfc/rfc1546.txt Distributing Authoritative Name Servers via Shared Unicast Addresses. RFC3258, http://www.ietf.org/rfc/rfc3258.txt 15

More Information (cont.) K-root http://k.root-servers.org K-root anycasting Distributing K-Root Service by Anycast Routing of 193.0.14.129, RIPE- 268, http://www.ripe.net/ripe/docs/ripe-268.html General Requirements and Guidelines, http://k.root-servers.org/hosting-guidelines-200311.html Contact at k-anycast@ripe.net 16

http://www.ripe.net/presentations 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information