ICANN ccNSO Tech Day in Cairo

Registry Best Practices Jeremy Hitchcock Dynamic Network Services

Overview
Registries are published zonefiles
Real time, always available
“ Critical Infrastructure”
More than just trademark registrations
Overview of best practices

Registry Operations
Users modifying domains and contacts
Live provisioning online
Security model based on email (not good)
comcast.net hijacking earlier this year
Interface for registrars (open it up)
Use CoCCA (or something else)

Registrar Relations
Registrars are good
Open up your TLD to the world
Speak EPP?
Make it easy for them, serve them

Registrant Relations
Make it easy to register and renew
Email notifications are important
Serve them well

DNS Delivery
Operating systems
Server software (BIND/NSD)
Just tools
Requires care and feeding
Anycast v. unicast (video example)
Helps avoid outages, reduce latency

Network Operations
In country/out of country, reduce latency
Network and geographical diversity
Use requested IP and AS, not ISP
Graph and record query trending
Provide contact information

WHOIS Data
Reduce data harvesting for spammers
Rate limit queries
Monitor for mechanized collection

Availability
In order of importance
DNS operations
Registry operations (website and registrar)
WHOIS and other services

Monitoring
More than just ping
Network/servers/applications
Latency checking from multiple places (Smokeping)
Website applications (can you register domain names?)

Abuse
It happens
Fraud/Trademark/Phishing
Cybersquatting/(There’s the UDRP)
Free domains == bad
Provide contact information
React quickly and fairly (reputation)

DNSSEC
Not a technical question next to the policy (key management)
Keep the keys safe (out of country?)
Solves some security issues when fully implemented (resolvers need to be aware)
Pretty easy to sign, just ask
Just implement it

IPv6
World is going IPv6
Someday just going to happen
Pretty easy to do, just ask
Also, just implement it

Vendors and Software
Pick what you want to be great/best
Lot of great open source tools
Choose a mix of providers
Diversity is good to prevent outages

IDNs and Symmetry
Interested in hearing what operators have in mind for IDNs
What about xn--IDN.TLD and xn--IDN.xn--TLD?
Be nice to see symmetry between

Shameless Plug
Dynamic Network Services provides DNS for .coop and a dozen other ccTLDs (maybe yours tomorrow?)
We do registry services
DynDNS.com - operator of dynamic DNS for individuals (2 million+ users)
Dynect Platform - Corporations with global server load balancing, etc)
Based in New Hampshire, USA

Questions
[email_address]
+1-603-391-4494

ICANN ccNSO Tech Day in Cairo

by Dyn on Feb 08, 2009

Accessibility

Tags

Upload Details

Usage Rights

Statistics

ICANN ccNSO Tech Day in Cairo — Presentation Transcript