Upload
caitlin-julie-fletcher
View
228
Download
0
Embed Size (px)
Citation preview
Global Registry Services
com/net/org Registry Updatecom/net/org Registry Updatefor NANOG24for NANOG24
Matt Larson<[email protected]>
VeriSign Global Registry Services
2
Global Registry Services
Multiple Name Servers with the Multiple Name Servers with the Same IP AddressSame IP Address
• Multiple name servers (glue A records) with the same IP address have not been allowed.
• For example: foo.com. NS ns1.foo.com.
bar.com. NS ns1.bar.com.
ns1.foo.com. A 192.0.0.1 ; Only one
ns1.bar.com. A 192.0.0.1 ; allowed
3
Global Registry Services
Multiple Name Servers with the Multiple Name Servers with the Same IP AddressSame IP Address
• This restriction was relaxed as of January 19, 2002.
• Multiple name servers across com, net and org can all share the same IP address.
4
Global Registry Services
Changes Coming SoonChanges Coming Soon
• The following changes are scheduled for mid-May, 2002:– “Orphan” A record removal
– IPv6 support
– Zone file format changes
5
Global Registry Services
““Orphan” A Record RemovalOrphan” A Record Removal
• For historical reasons, “orphan” A records appear in the com, net and org zones.– Orphan A record: an A record whose owner name
does not appear in the RDATA of an NS record.– For example:
foo.com. NS ns1.foo.com. foo.com. NS ns2.foo.com. ns1.foo.com. A 192.0.0.1 ns2.foo.com. A 192.0.0.2 ns3.foo.com. A 192.0.0.3 ; Orphan
6
Global Registry Services
““Orphan” A Record ScenariosOrphan” A Record Scenarios
1. Domain is delegated; orphan in that domain exists.
– Orphan occludes any A records of the same domain name in the delegated zone.
– “Why can’t I change the IP address of www.mydomain.com?”
– Deleting the orphan might or might not cause a problem.
7
Global Registry Services
““Orphan” A Record ScenariosOrphan” A Record Scenarios
2. Orphan exists for an undelegated domain.
– E.g., A record for www.mydomain.com, but mydomain.com isn’t a registered domain.
– Getting a “free ride” and might or might not realize it.
– Potentially surprising when deleted.
8
Global Registry Services
““Orphan” A Record RemovalOrphan” A Record Removal
• About 200,000 orphan A records today.• Current plan is to delete them in mid-May,
2002.• What we’re doing:
– Sending registrars lists of their specific problem children.
– Publishing a list of all orphans on www.verisign-grs.com.
– Notifying interested parties, such as network operators, RIRs, etc.
9
Global Registry Services
IPv6 SupportIPv6 Support
• Currently, you can only register A records as name servers for com, net and org zones.
• Starting in mid-May, 2002, you can also register AAAA records.– No A6 support is planned.
• AAAA records, if present, will be returned along with A records in the Additional section of replies.
10
Global Registry Services
IPv6 SupportIPv6 Support
• Kinds of IPv6 addresses allowed:– Only global unicast
• No multicast, site-local unicast or link-local unicast
– No IPv4-compatible
– No IPv4-mapped
– Must be from a block allocated to an RIR
• Looking for feedback on these choices.
11
Global Registry Services
IPv6 SupportIPv6 Support
• Actual address ranges to be allowed:
• Looking for feedback on this list.
2001:0200::/29 APNIC
2001:0400::/29 ARIN
2001:0600::/29 RIPE NCC
2002::/16 6to4
3FFE::/16 6bone
12
Global Registry Services
• All com, net and org resolution continues over IPv4 transport only, just as today.
• Not planning on com, net and org name servers accessible via IPv6 transport until 2003.
IPv6 SupportIPv6 Support
13
Global Registry Services
Zone File Format ChangesZone File Format Changes
• VeriSign GRS generates the com, net, org and edu zone files twice daily.
• The current format is verbose and makes for large files.
• Optimizations coming in mid-May, 2002:– Relative (i.e., non-fully qualified) domain names
– Use $TTL to avoid explicit TTLs on every record
– Eliminate redundant IN class on every record
14
Global Registry Services
New Zone Format ExampleNew Zone Format Example
$ORIGIN COM.$TTL 518400@ IN SOA A.GTLD-SERVERS.NET. nstld.verisign-grs.com. ( 2002012100 ; serial 1800 ; refresh every 30 min 900 ; retry every 15 min 604800 ; expire after a week 3600 ) ; negative caching TTL
NS A.GTLD-SERVERS.NET. NS B.GTLD-SERVERS.NET. NS C.GTLD-SERVERS.NET. NS D.GTLD-SERVERS.NET.; ...A.GTLD-SERVERS.NET. A 192.5.6.30B.GTLD-SERVERS.NET. A 192.33.14.30C.GTLD-SERVERS.NET. A 192.26.92.30D.GTLD-SERVERS.NET. A 192.31.80.30; ...$TTL 172800BOGUS-EXAMPLE NS NS1.BOGUS-EXAMPLEBOGUS-EXAMPLE NS NS2.BOGUS-EXAMPLEBOGUS-EXAMPLE NS NS1.BIG-ISP.NET.; ...NS1.BOGUS-EXAMPLE A 192.1.1.1NS1.BOGUS-EXAMPLE A 192.1.1.2
15
Global Registry Services
RRP ChangesRRP Changes
• For any com/net/org registrars out there…
• VeriSign’s Registry Registrar Protocol (RRP) is being updated.
• RRP 2.0 provides support for, among other things, IPv6 addresses.
• The Internet-Draft is available at http://ftp.ietf.org/internet-drafts/draft-hollenbeck-rfc2832bis-00.txt
16
Global Registry Services
EPPEPP
• On a related topic…• The succesor to RRP is the Extensible
Provisioning Protocol (EPP), the work of the IETF provreg Working Group.
• The EPP documents recently passed WG last call and will be sent to the IESG soon.
• More information at http://www.ietf.org/html.charters/provreg-charter.html
17
Global Registry Services
Metrics: RegistrarsMetrics: Registrars
• 96 active ICANN-accredited registrars– As of December, 2001
• The registrars register com, net and org domains using the Shared Registration System (SRS).
18
Global Registry Services
Metrics: SRSMetrics: SRS
Total T ransactions
400
1400
2400
3400
4400
Millions
Failed W rite 4.4 7.2 3.8 3.2 2.3 39.0 30.9 61.4 63.4 52.1 203.7 420.4
Successful W rite 4.6 4.3 6.1 5.6 5.8 7.9 6.5 6.7 6.3 6.5 7.2 8.6
Read 53.0 61.5 86.6 75.8 85.4 89.6 81.2 67.7 58.6 71.4 68.9 95.3
Check 482.5 568.1 1059.1 856.8 833.4 1126.2 1509.9 1316.5 2516.9 2447.9 3408.3 3613.3
J an-01 Feb-01 Mar-01 Apr-01 May-01 J un-01 J ul-01 Aug-01 Sep-01 Oct-01 Nov-01 Dec-01
19
Global Registry Services
Metrics: SRSMetrics: SRS
Daily Average & Peak Transactions
020406080
100120140160
Millions
Daily Avg 17.6 22.9 37.3 31.4 29.9 42.1 52.5 46.8 88.2 83.2 122.9 133.5
Peak Day 24.1 35.2 57.7 65.1 44.2 59.6 68.9 94.0 123.6 125.2 143.6 148.5
J an- 01 Feb- 01 Mar- 01 Apr- 01 May- 01 J un- 01 J ul- 01 Aug- 01 Sep- 01 Oct- 01 Nov- 01 Dec- 01
20
Global Registry Services
Metrics: DNS, ZonesMetrics: DNS, Zones
TotalNS RRsets 29,058,698Resource records 63,506,915Zone file size (bytes) 3,200,021,449Average NS RRset size
NS RRset size distribution RRs RRsets % RRs RRsets % RRs RRsets %1 148,363 0.66% 1 29,830 0.75% 1 16,246 0.66%2 19,728,290 87.16% 2 3,488,754 88.21% 2 2,187,294 88.56%3 1,719,027 7.59% 3 303,201 7.67% 3 180,157 7.29%4 848,482 3.75% 4 102,651 2.60% 4 66,826 2.71%5 179,647 0.79% 5 28,641 0.72% 5 17,900 0.72%6 8,914 0.04% 6 1,444 0.04% 6 903 0.04%7 368 0.00% 7 91 0.00% 7 240 0.01%8 384 0.00% 8 164 0.00% 8 142 0.01%9 25 0.00% 9 25 0.00% 9 15 0.00%10 130 0.00% 10 39 0.00% 10 41 0.00%11 18 0.00% 11 3 0.00% 11 3 0.00%12 250 0.00% 12 90 0.00% 12 63 0.00%13 22 0.00% 13 11 0.00% 13 4 0.00%
2.17 2.14 2.14
2,469,834org
5,338,458263,358,725
net3,954,9448,627,527
426,658,095
22,633,920com
49,540,9302,510,004,629