Root Server Deployment and Operations

Thumbnail for post.

Overview

In this course, three industry experts will be sharing their knowledge and experiences with root server deployment and operations.   

Firstly, Martin Pels will introduce the DNS Root Server System. During this talk he will describe the different types of root servers, and some of the (technical) details involved in running a DNS Root Server before concluding with recommendations for ISPs on how to contribute to a healthy Root Server ecosystem. 

Following this, Akira Kato will discuss how M-Root DNS Server started “small anycast” installation especially in Asia Pacific Region with APNIC. This talk will start with a brief overview of its traditional operational model, followed by the goal of “small anycast” sites. It will also explain the current model, status, and future plans.  

Our final speaker, Lars-Johan Liman, will share insights gained from 30 years’ operating a Root Name Server. I.root-servers.net recently celebrated 30 years of continuous operation. This talk illustrates some of the challenges with operating a root name server and how these challenges have changed over time. 

Outline

This course will cover the following topics:

Speaker One: Martin Pels  

  • Root Servers and the DNS hierarchy 
  • Root Server Operations 
  • What ISPs can do to contribute 

Speaker Two: Akira Kato  

  • Root DNS server operation 
  • Characteristics of Anycast 
  • Small Anycast operational model 

Speaker Three: Lars-Johan Liman 

  • Volunteer cooperation and collaboration work well as pillars for Internet’s infrastructure. 
  •  Political issues have always been a factor for operators of core Internet infrastructure and continue to be so. 
  • Evolving business models make it harder to provide infrastructure services free of charge. 

Course Materials

Martin Pels

Thumbnail for post.

Martin is a Senior System Engineer at RIPE NCC. He is part of the team that operates the K-Root and RIPE NCC Authoritive DNS services, as well as the Routing Information Service (RIS). Martin is co-founder of NLNOG RING.

Using RIPE Atlas for Network Diagnostics

Thumbnail for post.

Overview

RIPE Atlas is a global, open, distributed Internet measurement platform, consisting of thousands of measurement devices(probes) that measure Internet connectivity in real time. In this webinar, we will introduce the RIPE Atlas project and demonstrate measurements such as traceroute, DNS etc which can provide valuable insight into a network and enable troubleshooting. We will explore running measurements from the Web UI and also from the CLI, and finally share details about how you can host a software probe in your network.

Outline

This course will cover the following topics:

  • What is the RIPE Atlas project and why does it matter
  • Getting started with RIPE Atlas measurements – traceroute, dns etc
  • Demo of measurements from Web UI and CLI
  • Host a RIPE Atlas Software probe 

Course Materials

• Create an RIPE NCC Access account here: https://access.ripe.net/registration
• Login here: atlas.ripe.net

Slides: Using RIPE Atlas for Network Diagnostics

Arth Paulite

Thumbnail for post.

Arth is the Infrastructure Services Manager for APNIC, his role focuses on maintaining high availability and reliability of APNIC critical services and network infrastructure.

Arth started his career in 1993 as a Systems support Engineer in the Philippines while finishing off Computer Engineering degree. IN 1995, he joined Destiny Cable and helped established the first cable internet in the Philippines.

Reverse DNS for IPv4 and IPv6

Thumbnail for post.

Overview

Reverse DNS allows the mapping of a domain name from an IP address. This is achieved by the use of pseudo-domain names under in-addr.arpa (IPv4) and ip6.arpa (IPv6). For all IP address blocks that IANA (the Internet Assigned Numbers Authority) allocates to APNIC, it also delegates corresponding reverse DNS zones within the centrally administered “in-addr.arpa” and “ip6.arpa” domains.

Outline

This course will cover the following topics:

  • What is Reverse DNS?
  • Principles of DNS Tree
  • Creating Reverse Zones
  • Pointer (PTR) Records
  • IPv6 Reverse Lookups
  • Reverse delegation requirements
  • APNIC & ISPs responsibilities
  • Reverse Delegation Procedures
  • Whois domain object

Course Materials

DNS Ecosystem Security

Thumbnail for post.

Overview

The Domain Name System (DNS) is a critical part of Internet infrastructure. This course will provide an overview of the DNS Ecosystem, various threats and abuses in the DNS and important practices in protecting the DNS. The course will also touch on DNS Security Extensions (DNSSEC)

Outline

This course will cover the following topics:

  • Overview of DNS Ecosystem
  • DNS threats and abuses
  • Securing DNS

Course Materials

Champika Wijayatunga

Thumbnail for post.

Champika is the Technical Engagement Manager for the Asia Pacific region at Internet Corporation for Assigned Names and Numbers (ICANN). Prior to ICANN, Champika held managerial, specialist and liaison roles at the Asia Pacific Network Information Centre (APNIC), the Regional Internet Registry for the Asia Pacific. He started his career with IBM Corporation as a Technical Specialist and later worked in IT industry, academia, research, and training environments. He also serves in various technical community groups and committees.

DNS Privacy: DoH/DoT

Thumbnail for post.

Overview

Learn the concepts of DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT), and how standards development of DoH/DoT attempts to add encryption and security to the Domain Name System (DNS) and fix some of the long-standing privacy issues with DNS.

Outline

This course will cover the following topics:

  • A brief overview of DNS
  • DNS Privacy
  • DNS cloud providers
  • DNS over TLS
  • DNS over HTTPS
  • Issues and criticisms
  • Future of DNS privacy

DNSSEC

Thumbnail for post.

개요

강의 개요

DNS (도메일 이름 시스템)은 도메인 이름을 IP 주소로 변환하는 분산화된 계층적 시스템입니다. 인터넷 인프라 기능에 있어서 중요한 역할을 담당하기 때문에, DNS는 종종 악의적인 공격의 대상이 됩니다.

이 강의에서는 데이터 스푸핑을 방어해주는 DNS 보안 확장 (DNSSEC) 프로토콜에 대해 알아볼 것입니다.

강의 계획서

이 강의는 다음 주제들을 다룰 것입니다:

  • DNS 취약성
  • DNSSEC란 무엇인가?
  • DNSSEC 작동 방식
  • RRs 및 RRsets
  • DNSKEY
  • RRSIG
  • NSEC 레코드
  • NSEC RDATA
  • 트러스트 체인
  • 키 종류 & 키페어 생성
  • 보안구역 설정

강의 자료

DNS 개념

Thumbnail for post.

개요

강의  개요

도메인 이름 시스템 (DNS)은 인터넷 인프라의 핵심 파트이며 최대 규모의 분산 인터넷 디렉토리 서비스입니다. 이름을 IP 주소로 변환해주는 DNS은 웹 네비게이션, 이메일 발송 및 기타 인터넷 기능을 위해 필요합니다. 인터넷 서비스의 이용가능성을 보장하기 위해서, 네트워크 전문가들이 DNS 개념, 컨피규레이션, 오퍼레이션 및 기본적인 보안 측면을 이해하는 것이 중요합니다.

이 강의는, 기본적인 보안 매커니즘을 비롯하여, DNS 개념에 대해 논의할 것입니다.

강의 계획서

이 강의는 다음 주제들을 다룰 것입니다:

  • DNS란 무엇인가?
  • DNS의 특징
  • 도메인 및 이름스페이스
  • 영역 및 위임
  • DNS 트리 쿼리
  • 네임서버
  • 리소스 레코드
  • DNS 성능

강의 자료