ICANN ccNSO Tech Day in Cairo

1,376 views

Published on

Presentation given on November 2008 at the Cairo ICANN Meeting. Overview of registry (ccTLD mostly) best practices and recommendations.

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,376
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
6
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

ICANN ccNSO Tech Day in Cairo

  1. 1. Registry Best Practices Jeremy Hitchcock Dynamic Network Services
  2. 2. Overview <ul><li>Registries are published zonefiles </li></ul><ul><li>Real time, always available </li></ul><ul><li>“ Critical Infrastructure” </li></ul><ul><li>More than just trademark registrations </li></ul><ul><li>Overview of best practices </li></ul>
  3. 3. Registry Operations <ul><li>Users modifying domains and contacts </li></ul><ul><li>Live provisioning online </li></ul><ul><li>Security model based on email (not good) </li></ul><ul><ul><li>comcast.net hijacking earlier this year </li></ul></ul><ul><li>Interface for registrars (open it up) </li></ul><ul><li>Use CoCCA (or something else) </li></ul>
  4. 4. Registrar Relations <ul><li>Registrars are good </li></ul><ul><li>Open up your TLD to the world </li></ul><ul><li>Speak EPP? </li></ul><ul><li>Make it easy for them, serve them </li></ul>
  5. 5. Registrant Relations <ul><li>Make it easy to register and renew </li></ul><ul><li>Email notifications are important </li></ul><ul><li>Serve them well </li></ul>
  6. 6. DNS Delivery <ul><li>Operating systems </li></ul><ul><li>Server software (BIND/NSD) </li></ul><ul><ul><li>Just tools </li></ul></ul><ul><li>Requires care and feeding </li></ul><ul><li>Anycast v. unicast (video example) </li></ul><ul><ul><li>Helps avoid outages, reduce latency </li></ul></ul>
  7. 7. Network Operations <ul><li>In country/out of country, reduce latency </li></ul><ul><li>Network and geographical diversity </li></ul><ul><li>Use requested IP and AS, not ISP </li></ul><ul><li>Graph and record query trending </li></ul><ul><li>Provide contact information </li></ul>
  8. 8. WHOIS Data <ul><li>Reduce data harvesting for spammers </li></ul><ul><li>Rate limit queries </li></ul><ul><li>Monitor for mechanized collection </li></ul>
  9. 9. Availability <ul><li>In order of importance </li></ul><ul><ul><li>DNS operations </li></ul></ul><ul><ul><li>Registry operations (website and registrar) </li></ul></ul><ul><ul><li>WHOIS and other services </li></ul></ul>
  10. 10. Monitoring <ul><li>More than just ping </li></ul><ul><li>Network/servers/applications </li></ul><ul><li>Latency checking from multiple places (Smokeping) </li></ul><ul><li>Website applications (can you register domain names?) </li></ul>
  11. 11. Abuse <ul><li>It happens </li></ul><ul><li>Fraud/Trademark/Phishing </li></ul><ul><li>Cybersquatting/(There’s the UDRP) </li></ul><ul><li>Free domains == bad </li></ul><ul><li>Provide contact information </li></ul><ul><li>React quickly and fairly (reputation) </li></ul>
  12. 12. DNSSEC <ul><li>Not a technical question next to the policy (key management) </li></ul><ul><li>Keep the keys safe (out of country?) </li></ul><ul><li>Solves some security issues when fully implemented (resolvers need to be aware) </li></ul><ul><li>Pretty easy to sign, just ask </li></ul><ul><li>Just implement it </li></ul>
  13. 13. IPv6 <ul><li>World is going IPv6 </li></ul><ul><li>Someday just going to happen </li></ul><ul><li>Pretty easy to do, just ask </li></ul><ul><li>Also, just implement it </li></ul>
  14. 14. Vendors and Software <ul><li>Pick what you want to be great/best </li></ul><ul><li>Lot of great open source tools </li></ul><ul><li>Choose a mix of providers </li></ul><ul><li>Diversity is good to prevent outages </li></ul>
  15. 15. IDNs and Symmetry <ul><li>Interested in hearing what operators have in mind for IDNs </li></ul><ul><li>What about xn--IDN.TLD and xn--IDN.xn--TLD? </li></ul><ul><ul><li>Be nice to see symmetry between </li></ul></ul>
  16. 16. Shameless Plug <ul><li>Dynamic Network Services provides DNS for .coop and a dozen other ccTLDs (maybe yours tomorrow?) </li></ul><ul><li>We do registry services </li></ul><ul><li>DynDNS.com - operator of dynamic DNS for individuals (2 million+ users) </li></ul><ul><li>Dynect Platform - Corporations with global server load balancing, etc) </li></ul><ul><li>Based in New Hampshire, USA </li></ul>
  17. 17. Questions <ul><li>[email_address] </li></ul><ul><li>+1-603-391-4494 </li></ul>

×