Root Server Deployment and Operations

Thumbnail for post.

Overview

In this course, three industry experts will be sharing their knowledge and experiences with root server deployment and operations.   

Firstly, Martin Pels will introduce the DNS Root Server System. During this talk he will describe the different types of root servers, and some of the (technical) details involved in running a DNS Root Server before concluding with recommendations for ISPs on how to contribute to a healthy Root Server ecosystem. 

Following this, Akira Kato will discuss how M-Root DNS Server started “small anycast” installation especially in Asia Pacific Region with APNIC. This talk will start with a brief overview of its traditional operational model, followed by the goal of “small anycast” sites. It will also explain the current model, status, and future plans.  

Our final speaker, Lars-Johan Liman, will share insights gained from 30 years’ operating a Root Name Server. I.root-servers.net recently celebrated 30 years of continuous operation. This talk illustrates some of the challenges with operating a root name server and how these challenges have changed over time. 

Outline

This course will cover the following topics:

Speaker One: Martin Pels  

  • Root Servers and the DNS hierarchy 
  • Root Server Operations 
  • What ISPs can do to contribute 

Speaker Two: Akira Kato  

  • Root DNS server operation 
  • Characteristics of Anycast 
  • Small Anycast operational model 

Speaker Three: Lars-Johan Liman 

  • Volunteer cooperation and collaboration work well as pillars for Internet’s infrastructure. 
  •  Political issues have always been a factor for operators of core Internet infrastructure and continue to be so. 
  • Evolving business models make it harder to provide infrastructure services free of charge. 

Course Materials

Martin Pels

Thumbnail for post.

Martin is a Senior System Engineer at RIPE NCC. He is part of the team that operates the K-Root and RIPE NCC Authoritive DNS services, as well as the Routing Information Service (RIS). Martin is co-founder of NLNOG RING.

Using RIPE Atlas for Network Diagnostics

Thumbnail for post.

Overview

RIPE Atlas is a global, open, distributed Internet measurement platform, consisting of thousands of measurement devices(probes) that measure Internet connectivity in real time. In this webinar, we will introduce the RIPE Atlas project and demonstrate measurements such as traceroute, DNS etc which can provide valuable insight into a network and enable troubleshooting. We will explore running measurements from the Web UI and also from the CLI, and finally share details about how you can host a software probe in your network.

Outline

This course will cover the following topics:

  • What is the RIPE Atlas project and why does it matter
  • Getting started with RIPE Atlas measurements – traceroute, dns etc
  • Demo of measurements from Web UI and CLI
  • Host a RIPE Atlas Software probe 

Course Materials

• Create an RIPE NCC Access account here: https://access.ripe.net/registration
• Login here: atlas.ripe.net

Slides: Using RIPE Atlas for Network Diagnostics

Arth Paulite

Thumbnail for post.

Arth is the Infrastructure Services Manager for APNIC, his role focuses on maintaining high availability and reliability of APNIC critical services and network infrastructure.

Arth started his career in 1993 as a Systems support Engineer in the Philippines while finishing off Computer Engineering degree. IN 1995, he joined Destiny Cable and helped established the first cable internet in the Philippines.

Reverse DNS for IPv4 and IPv6

Thumbnail for post.

Overview

Reverse DNS allows the mapping of a domain name from an IP address. This is achieved by the use of pseudo-domain names under in-addr.arpa (IPv4) and ip6.arpa (IPv6). For all IP address blocks that IANA (the Internet Assigned Numbers Authority) allocates to APNIC, it also delegates corresponding reverse DNS zones within the centrally administered “in-addr.arpa” and “ip6.arpa” domains.

Outline

This course will cover the following topics:

  • What is Reverse DNS?
  • Principles of DNS Tree
  • Creating Reverse Zones
  • Pointer (PTR) Records
  • IPv6 Reverse Lookups
  • Reverse delegation requirements
  • APNIC & ISPs responsibilities
  • Reverse Delegation Procedures
  • Whois domain object

Course Materials

DNS Ecosystem Security

Thumbnail for post.

Overview

The Domain Name System (DNS) is a critical part of Internet infrastructure. This course will provide an overview of the DNS Ecosystem, various threats and abuses in the DNS and important practices in protecting the DNS. The course will also touch on DNS Security Extensions (DNSSEC)

Outline

This course will cover the following topics:

  • Overview of DNS Ecosystem
  • DNS threats and abuses
  • Securing DNS

Course Materials

Champika Wijayatunga

Thumbnail for post.

Champika is the Technical Engagement Manager for the Asia Pacific region at Internet Corporation for Assigned Names and Numbers (ICANN). Prior to ICANN, Champika held managerial, specialist and liaison roles at the Asia Pacific Network Information Centre (APNIC), the Regional Internet Registry for the Asia Pacific. He started his career with IBM Corporation as a Technical Specialist and later worked in IT industry, academia, research, and training environments. He also serves in various technical community groups and committees.

DNS Privacy: DoH/DoT

Thumbnail for post.

Overview

Learn the concepts of DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT), and how standards development of DoH/DoT attempts to add encryption and security to the Domain Name System (DNS) and fix some of the long-standing privacy issues with DNS.

Outline

This course will cover the following topics:

  • A brief overview of DNS
  • DNS Privacy
  • DNS cloud providers
  • DNS over TLS
  • DNS over HTTPS
  • Issues and criticisms
  • Future of DNS privacy

DNSSEC

Thumbnail for post.

Ikhtisar

Ikhtisar Kursus

DNS (atau Sistem Nama Domain) adalah sistem hierarki terdistribusi untuk memetakan nama domain ke alamat IP. Karena DNS memiliki peran yang sangat penting dalam berfungsinya infrastruktur Internet, DNS sering dijadikan sasaran aktivitas kejahatan.

Kursus ini akan menguraikan protokol Ekstensi Keamanan DNS (DNSSEC) yang melindungi terhadap spoofing data.

Garis Besar Kursus

Kursus ini akan membahas topik-topik berikut:

  • Kerentanan DNS
  • Apa itu DNSSEC?
  • Cara Kerja DNSSEC
  • RR dan RRset
  • DNSKEY
  • RRSIG
  • Catatan NSEC
  • NSEC RDATA
  • Rantai Kepercayaan
  • Jenis Kunci & Menghasilkan Pasangan Kunci
  • Menyiapkan Zona Aman

Materi Kursus

Konsep DNS

Thumbnail for post.

Ikhtisar

Ikhtisar Kursus

Sistem Nama Domain (DNS) adalah bagian yang sangat penting dari infrastruktur Internet dan merupakan layanan direktori Internet terdistribusi paling besar. DNS menerjemahkan nama menjadi alamat IP, yang dibutuhkan untuk navigasi web, pengiriman email, dan fungsi Internet lainnya. Untuk menjamin ketersediaan layanan Internet, sangat penting bagi profesional jaringan untuk memahami konsep, konfigurasi, pengoperasian, dan aspek keamanan dasar DNS.

Kursus ini akan membahas konsep DNS, termasuk mekanisme keamanan dasar.

Garis Besar Kursus

Kursus ini akan membahas topik-topik berikut:

  • Apa itu DNS?
  • Fitur DNS
  • Domain dan Namespace
  • Zona dan Delegasi
  • Mengkueri Pohon DNS
  • Nameserver
  • Catatan Sumber Daya
  • Kinerja DNS

Materi Kursus