Root Server Deployment and Operations

Thumbnail for post.

Overview

In this course, three industry experts will be sharing their knowledge and experiences with root server deployment and operations.   

Firstly, Martin Pels will introduce the DNS Root Server System. During this talk he will describe the different types of root servers, and some of the (technical) details involved in running a DNS Root Server before concluding with recommendations for ISPs on how to contribute to a healthy Root Server ecosystem. 

Following this, Akira Kato will discuss how M-Root DNS Server started “small anycast” installation especially in Asia Pacific Region with APNIC. This talk will start with a brief overview of its traditional operational model, followed by the goal of “small anycast” sites. It will also explain the current model, status, and future plans.  

Our final speaker, Lars-Johan Liman, will share insights gained from 30 years’ operating a Root Name Server. I.root-servers.net recently celebrated 30 years of continuous operation. This talk illustrates some of the challenges with operating a root name server and how these challenges have changed over time. 

Outline

This course will cover the following topics:

Speaker One: Martin Pels  

  • Root Servers and the DNS hierarchy 
  • Root Server Operations 
  • What ISPs can do to contribute 

Speaker Two: Akira Kato  

  • Root DNS server operation 
  • Characteristics of Anycast 
  • Small Anycast operational model 

Speaker Three: Lars-Johan Liman 

  • Volunteer cooperation and collaboration work well as pillars for Internet’s infrastructure. 
  •  Political issues have always been a factor for operators of core Internet infrastructure and continue to be so. 
  • Evolving business models make it harder to provide infrastructure services free of charge. 

Course Materials

Martin Pels

Thumbnail for post.

Martin is a Senior System Engineer at RIPE NCC. He is part of the team that operates the K-Root and RIPE NCC Authoritive DNS services, as well as the Routing Information Service (RIS). Martin is co-founder of NLNOG RING.

Using RIPE Atlas for Network Diagnostics

Thumbnail for post.

Overview

RIPE Atlas is a global, open, distributed Internet measurement platform, consisting of thousands of measurement devices(probes) that measure Internet connectivity in real time. In this webinar, we will introduce the RIPE Atlas project and demonstrate measurements such as traceroute, DNS etc which can provide valuable insight into a network and enable troubleshooting. We will explore running measurements from the Web UI and also from the CLI, and finally share details about how you can host a software probe in your network.

Outline

This course will cover the following topics:

  • What is the RIPE Atlas project and why does it matter
  • Getting started with RIPE Atlas measurements – traceroute, dns etc
  • Demo of measurements from Web UI and CLI
  • Host a RIPE Atlas Software probe 

Course Materials

• Create an RIPE NCC Access account here: https://access.ripe.net/registration
• Login here: atlas.ripe.net

Slides: Using RIPE Atlas for Network Diagnostics

Arth Paulite

Thumbnail for post.

Arth is the Infrastructure Services Manager for APNIC, his role focuses on maintaining high availability and reliability of APNIC critical services and network infrastructure.

Arth started his career in 1993 as a Systems support Engineer in the Philippines while finishing off Computer Engineering degree. IN 1995, he joined Destiny Cable and helped established the first cable internet in the Philippines.

Reverse DNS for IPv4 and IPv6

Thumbnail for post.

Overview

Reverse DNS allows the mapping of a domain name from an IP address. This is achieved by the use of pseudo-domain names under in-addr.arpa (IPv4) and ip6.arpa (IPv6). For all IP address blocks that IANA (the Internet Assigned Numbers Authority) allocates to APNIC, it also delegates corresponding reverse DNS zones within the centrally administered “in-addr.arpa” and “ip6.arpa” domains.

Outline

This course will cover the following topics:

  • What is Reverse DNS?
  • Principles of DNS Tree
  • Creating Reverse Zones
  • Pointer (PTR) Records
  • IPv6 Reverse Lookups
  • Reverse delegation requirements
  • APNIC & ISPs responsibilities
  • Reverse Delegation Procedures
  • Whois domain object

Course Materials

DNS Ecosystem Security

Thumbnail for post.

Overview

The Domain Name System (DNS) is a critical part of Internet infrastructure. This course will provide an overview of the DNS Ecosystem, various threats and abuses in the DNS and important practices in protecting the DNS. The course will also touch on DNS Security Extensions (DNSSEC)

Outline

This course will cover the following topics:

  • Overview of DNS Ecosystem
  • DNS threats and abuses
  • Securing DNS

Course Materials

Champika Wijayatunga

Thumbnail for post.

Champika is the Technical Engagement Manager for the Asia Pacific region at Internet Corporation for Assigned Names and Numbers (ICANN). Prior to ICANN, Champika held managerial, specialist and liaison roles at the Asia Pacific Network Information Centre (APNIC), the Regional Internet Registry for the Asia Pacific. He started his career with IBM Corporation as a Technical Specialist and later worked in IT industry, academia, research, and training environments. He also serves in various technical community groups and committees.

DNS Privacy: DoH/DoT

Thumbnail for post.

Overview

Learn the concepts of DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT), and how standards development of DoH/DoT attempts to add encryption and security to the Domain Name System (DNS) and fix some of the long-standing privacy issues with DNS.

Outline

This course will cover the following topics:

  • A brief overview of DNS
  • DNS Privacy
  • DNS cloud providers
  • DNS over TLS
  • DNS over HTTPS
  • Issues and criticisms
  • Future of DNS privacy

DNSSEC

Thumbnail for post.

Тойм

Хичээлийн тойм

DNS (буюу Домэйн Нэрийн Систем) нь домэйн нэрийг IP хаягт хуваарилах тархмал, шаталсан систем юм. Энэ нь Интернэтийн дэд бүтцийн үйл ажиллагаанд чухал үүрэг гүйцэтгэдэг тул DNS нь ихэвчлэн хорлон сүйтгэх үйлдлийн бай болдог.

Энэ хичээлээр өгөгдлийг хуурахаас хамгаалдаг DNS Security Extensions (DNSSEC) протоколыг танилцуулна.

Хичээлийн тойм

Энэ хичээлээр дараах сэдвийг үзнэ.

  • DNS эмзэг тал
  • DNSSEC гэж юу вэ?
  • DNSSEC хэрхэн ажилладаг вэ
  • RRs, RRsets
  • DNSKEY
  • RRSIG
  • NSEC бүртгэл
  • NSEC RDATA
  • Итгэлийн гинж
  • Түлхүүрийн төрөл, Хос түлхүүр үүсгэх
  • Аюулгүй бүс үүсгэх

Хичээлийн материал

DNS-ийн тухай ойлголт

Thumbnail for post.

Хичээлийн танилцуулга

Хичээлийн танилцуулга

Домэйн Нэрийн Систем (DNS) нь интернет дэд бүтцийн чухал хэсэг бөгөөд хамгийн өргөн тархсан интернетийн директори үйлчилгээ юм. DNS систем нь вебээр хандахад, мэйл илгээхэд болон бусад Интернет функцэд шаардлагатай нэрийг IP хаягруу хөрвүүлдэг систем юм. Интернетийн үйлчилгээг хүртээмжтэй болгохын тулд сүлжээний мэргэжилтнүүд DNS-ийн тухайн ойлголт, тохиргоо, ажиллагаа, аюулгүй байдлын үндсэн ойлголтуудыг нь мэдэх нь чухал юм.

Энэ хичээлээр DNS-ийн тухайн ойлголт, аюулгүй байдлын үндсэн механизмыг үзнэ.

Хичээлийн тойм

Энэ хичээлээр дараах сэдвүүдийг хамарна.

  • DNS гэж юу вэ?
  • DNS-ийн онцлогуудын талаар
  • Домэйн болон Namespaces-н талаар
  • DNS Бүс, хуваарилалт-н талаар
  • DNS-ийн шаталсан мод хэлбэрийн асуулгууд
  • Nameservers-н талаар
  • Нөөцийн бүртгэлийн талаар
  • DNS-ийн гүйцэтгэлийн талаар

Хичээлийн материал