Root Server Deployment and Operations

Thumbnail for post.

Overview

In this course, three industry experts will be sharing their knowledge and experiences with root server deployment and operations.   

Firstly, Martin Pels will introduce the DNS Root Server System. During this talk he will describe the different types of root servers, and some of the (technical) details involved in running a DNS Root Server before concluding with recommendations for ISPs on how to contribute to a healthy Root Server ecosystem. 

Following this, Akira Kato will discuss how M-Root DNS Server started “small anycast” installation especially in Asia Pacific Region with APNIC. This talk will start with a brief overview of its traditional operational model, followed by the goal of “small anycast” sites. It will also explain the current model, status, and future plans.  

Our final speaker, Lars-Johan Liman, will share insights gained from 30 years’ operating a Root Name Server. I.root-servers.net recently celebrated 30 years of continuous operation. This talk illustrates some of the challenges with operating a root name server and how these challenges have changed over time. 

Outline

This course will cover the following topics:

Speaker One: Martin Pels  

  • Root Servers and the DNS hierarchy 
  • Root Server Operations 
  • What ISPs can do to contribute 

Speaker Two: Akira Kato  

  • Root DNS server operation 
  • Characteristics of Anycast 
  • Small Anycast operational model 

Speaker Three: Lars-Johan Liman 

  • Volunteer cooperation and collaboration work well as pillars for Internet’s infrastructure. 
  •  Political issues have always been a factor for operators of core Internet infrastructure and continue to be so. 
  • Evolving business models make it harder to provide infrastructure services free of charge. 

Course Materials

Martin Pels

Thumbnail for post.

Martin is a Senior System Engineer at RIPE NCC. He is part of the team that operates the K-Root and RIPE NCC Authoritive DNS services, as well as the Routing Information Service (RIS). Martin is co-founder of NLNOG RING.

Using RIPE Atlas for Network Diagnostics

Thumbnail for post.

Overview

RIPE Atlas is a global, open, distributed Internet measurement platform, consisting of thousands of measurement devices(probes) that measure Internet connectivity in real time. In this webinar, we will introduce the RIPE Atlas project and demonstrate measurements such as traceroute, DNS etc which can provide valuable insight into a network and enable troubleshooting. We will explore running measurements from the Web UI and also from the CLI, and finally share details about how you can host a software probe in your network.

Outline

This course will cover the following topics:

  • What is the RIPE Atlas project and why does it matter
  • Getting started with RIPE Atlas measurements – traceroute, dns etc
  • Demo of measurements from Web UI and CLI
  • Host a RIPE Atlas Software probe 

Course Materials

• Create an RIPE NCC Access account here: https://access.ripe.net/registration
• Login here: atlas.ripe.net

Slides: Using RIPE Atlas for Network Diagnostics

Arth Paulite

Thumbnail for post.

Arth is the Infrastructure Services Manager for APNIC, his role focuses on maintaining high availability and reliability of APNIC critical services and network infrastructure.

Arth started his career in 1993 as a Systems support Engineer in the Philippines while finishing off Computer Engineering degree. IN 1995, he joined Destiny Cable and helped established the first cable internet in the Philippines.

Reverse DNS for IPv4 and IPv6

Thumbnail for post.

Overview

Reverse DNS allows the mapping of a domain name from an IP address. This is achieved by the use of pseudo-domain names under in-addr.arpa (IPv4) and ip6.arpa (IPv6). For all IP address blocks that IANA (the Internet Assigned Numbers Authority) allocates to APNIC, it also delegates corresponding reverse DNS zones within the centrally administered “in-addr.arpa” and “ip6.arpa” domains.

Outline

This course will cover the following topics:

  • What is Reverse DNS?
  • Principles of DNS Tree
  • Creating Reverse Zones
  • Pointer (PTR) Records
  • IPv6 Reverse Lookups
  • Reverse delegation requirements
  • APNIC & ISPs responsibilities
  • Reverse Delegation Procedures
  • Whois domain object

Course Materials

DNS Ecosystem Security

Thumbnail for post.

Overview

The Domain Name System (DNS) is a critical part of Internet infrastructure. This course will provide an overview of the DNS Ecosystem, various threats and abuses in the DNS and important practices in protecting the DNS. The course will also touch on DNS Security Extensions (DNSSEC)

Outline

This course will cover the following topics:

  • Overview of DNS Ecosystem
  • DNS threats and abuses
  • Securing DNS

Course Materials

Champika Wijayatunga

Thumbnail for post.

Champika is the Technical Engagement Manager for the Asia Pacific region at Internet Corporation for Assigned Names and Numbers (ICANN). Prior to ICANN, Champika held managerial, specialist and liaison roles at the Asia Pacific Network Information Centre (APNIC), the Regional Internet Registry for the Asia Pacific. He started his career with IBM Corporation as a Technical Specialist and later worked in IT industry, academia, research, and training environments. He also serves in various technical community groups and committees.

DNS Privacy: DoH/DoT

Thumbnail for post.

Overview

Learn the concepts of DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT), and how standards development of DoH/DoT attempts to add encryption and security to the Domain Name System (DNS) and fix some of the long-standing privacy issues with DNS.

Outline

This course will cover the following topics:

  • A brief overview of DNS
  • DNS Privacy
  • DNS cloud providers
  • DNS over TLS
  • DNS over HTTPS
  • Issues and criticisms
  • Future of DNS privacy

DNSSEC

Thumbnail for post.

概觀

課程概觀

DNS(或網域名稱系統)是一個用於將網域名稱映射到 IP 位址的分散式分層系統。鑒於 DNS 在網際網路基礎設施運行中起著至關重要的作用,因此其經常成為惡意活動的目標。

本課程將概述防止資料詐騙的 DNS 安全性延伸模組(DNSSEC)通訊協定。

課程大綱

本課程將涵蓋以下主題:

  • DNS 漏洞
  • 何為 DNSSEC?
  • DNSSEC 如何工作
  • RRs 和 RRs 集
  • DNSKEY
  • RRSIG
  • NSEC 記錄
  • NSEC·RDATA
  • 信任鏈結
  • 金鑰類型和生成金鑰組
  • 設定安全區域

教材

DNS 概念

Thumbnail for post.

概觀

課程概觀

網域名稱系統(DNS)是網際網路基礎設施的重要組成部分,也是最大的分散式網際網路目錄服務。DNS 將網域名稱轉換成網路瀏覽、電子郵件遞送和其他網際網路功能所需的 IP 位址。為保證網際網路服務隨時可用,網路專業人員務必理解 DNS 的概念、設定、作業和基本安全等方面。

本課程將討論 DNS 這個概念,包括基礎安全機制。

課程大綱

本課程將涵蓋以下主題:

  • 何為 DNS?
  • DNS 功能
  • 網域和命名空間
  • 區域和委派
  • 查詢 DNS 樹
  • 名稱伺服器
  • 資源記錄
  • DNS 性能

教材