FAQ (Frequently Asked Questions)



Similar documents
Acceptable Use Policy and Terms of Service

ACCEPTABLE USE AND TAKEDOWN POLICY

DNS. The Root Name Servers. DNS Hierarchy. Computer System Security and Management SMD139. Root name server. .se name server. .

Lesson 13: DNS Security. Javier Osuna GMV Head of Security and Process Consulting Division

Computer Networks: Domain Name System

.tirol Anti-Abuse Policy

Glossary of Technical Terms Related to IPv6

SAC 049 SSAC Report on DNS Zone Risk Assessment and Management

INFORMATION SECURITY REVIEW

.IBM TLD Registration Policy

Acceptable Use Policy. This Acceptable Use Policy sets out the prohibited actions by a Registrant or User of every registered.bayern Domain Name.

HTG XROADS NETWORKS. Network Appliance How To Guide: EdgeDNS. How To Guide

Copyright

Part 5 DNS Security. SAST01 An Introduction to Information Security Martin Hell Department of Electrical and Information Technology

Acceptable Use Policy

Section 1 Overview Section 2 Home... 5

Acceptable Use (Anti-Abuse) Policy

Measures to Protect (University) Domain Registrations and DNS Against Attacks. Dave Piscitello, ICANN

Description: Objective: Attending students will learn:

Internet-Praktikum I Lab 3: DNS

Use Domain Name System and IP Version 6

DNS Basics. DNS Basics

PLAN FOR ENHANCING INTERNET SECURITY, STABILITY, AND RESILIENCY

DNS and BIND. David White

How To Guide Edge Network Appliance How To Guide:

VIDEO Intypedia013en LESSON 13: DNS SECURITY. AUTHOR: Javier Osuna García-Malo de Molina. GMV Head of Security and Process Consulting Division

How to Add Domains and DNS Records

IANA Functions to cctlds Sofia, Bulgaria September 2008

WHITE PAPER. Best Practices DNSSEC Zone Management on the Infoblox Grid

Domain Name System :49:44 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

Fast Flux Hosting and DNS ICANN SSAC

Securing DNS Infrastructure Using DNSSEC

The IANA Functions. An Introduction to the Internet Assigned Numbers Authority (IANA) Functions

.BIO DOMAIN NAME POLICY v2.0 - Last Update: May 30, Starting Dot Ltd..BIO DOMAIN NAME POLICY - V1.0 - AS OF 30 MAY

DNS at NLnet Labs. Matthijs Mekking

Networking Domain Name System

The Domain Name System

Deploying DNSSEC: From End-Customer To Content

DNS. Computer networks - Administration 1DV202. fredag 30 mars 12

ECE 4321 Computer Networks. Network Programming

An Introduction to the Domain Name System

THE MASTER LIST OF DNS TERMINOLOGY. v 2.0

How to set up the Integrated DNS Server for Inbound Load Balancing

<.bloomberg> gtld Registration Policies

Networking Domain Name System

DNS & IPv6. Agenda 4/14/2009. MENOG4, 8-9 April Raed Al-Fayez SaudiNIC CITC rfayez@citc.gov.sa, DNS & IPv6.

Networking Domain Name System

Chapter 23 The Domain Name System (DNS)

Internet Security and Resiliency: A Collaborative Effort

CDN SERVICE ICSS ROUTE MANAGED DNS DEUTSCHE TELEKOM AG INTERNATIONAL CARRIER SALES AND SOLUTIONS (ICSS)

Copyright International Business Machines Corporation All rights reserved. US Government Users Restricted Rights Use, duplication or disclosure

THE MASTER LIST OF DNS TERMINOLOGY. First Edition

Pre Delegation Testing (PDT) Frequently Asked Questions (FAQ)

Fasthosts Internet Parallels Plesk 10 Manual

DNS Root NameServers

THE DOMAIN NAME SYSTEM DNS

5 DNS Security Risks That Keep You Up At Night (And How To Get Back To Sleep)

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper

F5 and Infoblox DNS Integrated Architecture Offering a Complete Scalable, Secure DNS Solution

Response Policy Zones for the Domain Name System (DNS RPZ) By Paul Vixie, ISC (et.al.) 2010 World Tour

BEST PRACTICES FOR IMPROVING EXTERNAL DNS RESILIENCY AND PERFORMANCE

Computer Networks: DNS a2acks CS 1951e - Computer Systems Security: Principles and Prac>ce. Domain Name System

DNS Best Practices. Mike Jager Network Startup Resource Center

ARTE TLD REGISTRATION POLICY

DNSSEC: A Vision. Anil Sagar. Additional Director Indian Computer Emergency Response Team (CERT-In)

Trend Micro Hosted Security. Best Practice Guide

Understanding DNS: Essential knowledge for all IT professionals

DNS. Computer Networks. Seminar 12

Internet Security [1] VU Engin Kirda

- Domain Name System -

DNSSEC - Why Network Operators Should Care And How To Accelerate Deployment

Building a Linux IPv6 DNS Server

Strengthening our Ecosystem through Stakeholder Collaboration. Jia-Rong Low, Sr Director, Asia 20 August 2015

Internet Technical Governance: Orange s view

DNSSEC. Introduction. Domain Name System Security Extensions. AFNIC s Issue Papers. 1 - Organisation and operation of the DNS

CYBERSECURITY INESTIGATION AND ANALYSIS

Understanding DNS (the Domain Name System)

Introduction to Network Operating Systems

Local DNS Attack Lab. 1 Lab Overview. 2 Lab Environment. SEED Labs Local DNS Attack Lab 1

A PKI For IDR Public Key Infrastructure and Number Resource Certification

PRODUCT DESCRIPTION OF SERVICES PROVIDED BY IPEER

Lecture 2 CS An example of a middleware service: DNS Domain Name System

.SKI DOMAIN NAME POLICY. May 21, Starting Dot Ltd. .SKI DOMAIN NAME POLICY

Transcription:

FAQ (Frequently Asked Questions) Specific Questions about Afilias Managed DNS What is the Afilias DNS network? How long has Afilias been working within the DNS market? What are the names of the Afilias name servers? How does my configuration get propagated to DNS and how long does it take? How can I confirm that changes I make to my domains are being resolved on the Afilias network? For secondary DNS service, what happens if there is a failure when transferring the zone file from my primary server? How easy is it to move domains over from another DNS provider and will there be any downtime? What support does Afilias provide? Does the Afilias network support IPv6? What resource records does Afilias support? Can I do bulk changes? General DNS Questions What is DNS? Where can I get more information about DNS? What is DNSSEC? When will DNSSEC be available? What is BIND? What is the difference between a domain and a zone? What is a glue record? What is the difference between Primary, Secondary, Master and Slave DNS? Questions about Security What is a distributed denial of service attack, or DDoS? What is a botnet? What is spam? What is phishing? What is pharming? What is malware? What does the term Fast Flux refer to? Questions About Internet and DNS Administration What is ICANN? What is SSAC? What is RSSAC? Issue 1 (c)copyright 2009 Afilias 1

Issue 1 (c)copyright 2009 Afilias 2

Answers Specific Questions about Afilias Managed DNS Q. What is the Afilias DNS network? A. Afilias manages a global network of dedicated high performance servers that provides superior response times to all DNS lookups and queries. This network was developed to support all the top level domains (TLD, gtld, cctld) managed by Afilias registry services. Afilias Managed DNS now provides premium DNS service for other customers on this network. Q. How long has Afilias been working within the DNS market? A. Afilias has been a leader in the DNS market since 2000 when it won the ICANN bid to provide new registry services for the.info top level domain (TLD). It developed its premium DNS network in 2005. Q. What are the names of the Afilias name servers? A. The name servers for Afilias Managed DNS are shown on the SOA screen of each primary domain configuration. They are: a.service.afiliasdns.info b.service.afiliasdns.org c.service.afiliasdns.net d.service.afiliasdns.com e.service.afiliasdns.info f.service.afiliasdns.net Q. How does my configuration get propagated to DNS and how long does it take? A. Your primary (master) DNS configuration is stored in a database. Whenever you make changes, the serial number is automatically incremented. This triggers a notify message that is sent to the Afilias network. An Afilias server then does a DNS zone transfer to copy your changes and distribute them across the Afilias DNS network. This process is completed within a few minutes. Q. How can I confirm that changes I make to my domains are being resolved on the Afilias network? A. There are detailed examples in the User Guide of how to use dig and nslookup to verify your changes on the Afilias network and on the Internet. Issue 1 (c)copyright 2009 Afilias 3

Q. For secondary DNS service, what happens if there is a failure when transferring the zone file from my primary server? A. On release 1, there is no mechanism to deliver error messages on zone transfers (AXFR/IXFR) to the Afilias secondary service. You should run dig/nslookup (as shown in the Verification section of the User Guide) to confirm that the serial number of the zone on the Afilias network matches the serial on your primary server. If there is a mismatch, and you suspect the transfer has failed, you can send in a ticket using the Support screen on the web portal or call the Afilias Customer Service Center for further analysis of the problem. Q. How easy is it to move domains over from another DNS provider and will there be any downtime? A. If your domain is small, you can simply create it using the Afilias Managed DNS web portal. For a larger domain, if your current DNS provider has an export option, you can use this to create a file that can be imported (release 1.1). Once your primary domain is set up and you have verified it is resolving correctly on the Afilias network, you simply reconfigure the name servers on your other provider to point to the Afilias name servers. Providers generally take from 15 minutes to 1 day to complete this change. Some providers terminate DNS service as soon as name servers are configured to point off their network. You can increase the TTL on such providers in advance of making the change to mitigate downtime by increasing the time that caching DNS servers retain your domain information. Please see the Web Portal User Guide for Afilias Managed DNS Service for more information. Q. What support does Afilias provide? A. Afilias maintains a Customer Service Center that is staffed 24 hours a day, 7 days a week. You can contact them by phone at the number shown on the top of every web portal screen. You can also send in a request via the Support page on the web portal. This request will create a ticket that will be handled by a support analyst who will reply by email. Q. Does the Afilias network support IPv6? A. The Afilias network is fully IPv6 compliant and can handle DNS queries from machines running IPv6. However, on release 1 of the Managed DNS Services, there is no support for defining AAAA records for resolution of IPv6 addresses. This feature will be added in release 2. Q. What resource records does Afilias support? A. For secondary service, Afilias zone transfers from your primary DNS will support all records supported by BIND 9. For primary DNS service, the records you can enter on release 1 are: A, Issue 1 (c)copyright 2009 Afilias 4

CNAME, MX, NS, TXT. Subsequent release will add support for other record types such as PTR, SRV, AAAA. Q. Can I do bulk changes? A. Release 1.0 does not have this feature. Subsequent releases will add two capabilities for bulk changes. First will be the ability to upload a BIND style text file for a whole domain. Second will be a command that allows entering a resource record once and having it apply to a group of domains. General DNS Questions Q. What is DNS? A. Computers on the Internet are identified by a unique numeric address, an IP address. The Domain Name System (DNS) makes using the Internet easier by allowing applications to use names instead of IP addresses. Instead of having to type 206.153.158.4 in a web browser, a person can simply type www.somewhere.info. The web browser will resolve the name and translate it to the necessary IP address by sending a query to a DNS server to do the lookup and translation. DNS also enables email addresses to be used with names instead of IP addresses. Q. Where can I get more information about DNS? A. There are many good books that provide in depth descriptions of DNS. There are also many good tutorials and other articles about DNS on the Internet. The ultimate definition of the DNS protocol and best practices for managing DNS is provided by the RFC publications of the IETF, the Internet standards body. Q. What is DNSSEC? A. DNSSEC (DNS Security Extensions) is an enhancement to the DNS protocol. It allows zone administrators such as the IANA to sign their zone files using public key cryptography. DNS users can then use these signatures to verify that the information they receive from DNS servers, such as the root name servers, is authentic. This prevents manipulation of the data during storage on servers and during transmission. Q. When will DNSSEC be available? A. Deployment of this technology requires not only changes of software in all Internet hosts that want to benefit, but also changes of business practices and operational procedures throughout the DNS. This includes registries, registrars and holders of domain names. Because there are so many necessary changes, it will likely be 2-3 years before DNSSEC has spread far enough Issue 1 (c)copyright 2009 Afilias 5

to become truly effective on a global scale. ICANN s Security and Stability Advisory Committee is encouraging continued deployment of DNSSEC and recommending actions to be taken on issues not considered in protocol design and development and in controlled (test) environments. Q. What is BIND? A. BIND stands for Berkeley Internet Name Daemon. This was one of the first implementations of a DNS server. It is a standard component of most Unix and Linux systems and runs as the process named. It is estimated that as much as 80% of all DNS queries on the global Internet are handled by BIND servers. Q. What is the difference between a domain and a zone? A. A domain is a unique name within the DNS system that belongs to an individual or an organization. A zone is the information used by a DNS server to resolve the names in the domain. Very often a zone contains one domain, so the terms are often used interchangeably. The owner of a domain also has ownership of all the subdomains of that domain. For example, a company that has registered the domain more.info can set up different websites using the subdomains canada.more.info, europe.more.info. When they set up their DNS, they can include all the subdomain information in one zone, or they can delegate some or all of the subdomains to different zones. Q. What is a glue record? A. If a subdomain is delegated from one zone to another, the name server for that subdomain must be provided (in a NS resource record). If that name server is in the domain or subdomain of the zone being configured, then an A record must be created to provide the IP address of the name server. This A record is called a glue record and is required to avoid creating a circular dependency in DNS. Q. What is the difference between Primary, Secondary, Master and Slave DNS? A. Primary and Master are the same; Secondary and Slave are the same. The difference in terminology comes from different versions of BIND. A Primary DNS server is one that has its own copy of the zone configuration information. A Secondary is a server that gets its zone data from a Primary. There are several different ways that a Secondary can be set up so that it updates its zone data when the configuration on the Primary changes. When it comes to DNS resolution, there is no difference between a Primary and a Secondary; they both provide authoritative answers to DNS queries. Domain resolution is provided by a pool of name servers, generally at least 2 and a maximum of 13. Usually one is a Primary and the rest are Issue 1 (c)copyright 2009 Afilias 6

Secondary. There is no strict order in which the servers are queried; the Primary is not queried first. Questions About Security Q. What is a distributed denial of service attack, or DDoS? A. A DDoS attack on the Internet is one in which a multitude of compromised systems attack a single target and cause denial of service (DoS) for users of the targeted system. The large number of incoming messages forces the target system to slow down or even shut down, thereby denying service to legitimate users. Distribution increases the traffic and decreases the focus on the sources of the attack. Q. What is a botnet? A botnet is a collection of compromised computers or "zombies" under the control of one party (a "botherder"). The individual computers making up the botnet have been compromised via malware or hacking, without the informed consent of their owners. Botnets are used to perpetrate a variety of illegal acts, including spamming, hosting phishing sites and mounting distributed denial-of-service attacks (DDoS attacks). Q. What is spam? A. Electronic messaging systems are often used to send unsolicited bulk messages known as spam. The term may be applied to e-mail spam and similar abuses such as instant messaging spam, mobile messaging spam, and the spamming of Web sites and Internet forums. Q. What is phishing? A. Phishing refers to the use of counterfeit web pages designed to trick recipients into divulging sensitive data such as usernames, passwords or financial data. Phishing site are usually advertised via fraudulent spam e-mails. Q. What is pharming? A. The redirecting of unknowing users to fraudulent sites or services, typically through DNS hijacking or poisoning. Q. What is malware? A. Software designed to infiltrate or damage a computer system without the owner's informed consent is called malware. Examples include computer viruses, worms, key loggers and Trojan horses. Issue 1 (c)copyright 2009 Afilias 7

Q. What does the term Fast Flux refer to? A. Fast Flux is a technique that disguises the location of a web site or other Internet service by frequently changing the location (IP address) on the Internet to which the domain name of an Internet host or name server resolves. Fast flux is usually associated with criminal uses of Internet resources, such as the hosting of phishing sites and is typically used by botnets. Questions About Internet and DNS Administration Q. What is ICANN? A. The Internet Corporation for Assigned Names and Numbers (ICANN) is an internationally organized, non-profit corporation that has responsibility for Internet Protocol (IP) address space allocation, protocol identifier assignment, generic (gtld) and country code (cctld) top-level domain name system management and root server system management functions. As a private-public partnership, ICANN is dedicated to preserving the operational stability of the Internet, promoting competition, achieving broad representation of global Internet communities, and developing policy appropriate to its mission through bottom-up, consensusbased processes. Q. What is SSAC? A. The Security and Stability Advisory Committee (SSAC) advises the ICANN community and board on matters relating to the security and integrity of the Internet s naming and address allocation systems. This includes operational matters (e.g., matters pertaining to the correct and reliable operation of the root name system), administrative matters (e.g., matters pertaining to address allocation and Internet number assignment), and registration matters (e.g., matters pertaining to registry and registrar services such as Whois). SSAC engages in ongoing threat assessment and risk analysis of the Internet naming and address allocation services to assess where the principal threats to stability and security lie, and advises the ICANN community accordingly. Q. What is RSSAC? A. The Root Server System Advisory Committee (RSSAC) advises the ICANN community and board about operation of the DNS root name servers. It also provides advice on the operational requirements of root name servers, including host hardware capacities, operating systems and name server software versions, network connectivity and physical environment. RSSAC examines and advises on security aspects of the root name server system, and reviews the number, location, and distribution of root name servers considering total system performance, robustness, and reliability. Issue 1 (c)copyright 2009 Afilias 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information