global registry services com/net/org registry update for nanog24 matt larson verisign global...

Global Registry Services

com/net/org Registry Updatecom/net/org Registry Updatefor NANOG24for NANOG24

Matt Larson<[email protected]>

VeriSign Global Registry Services

2


Multiple Name Servers with the Multiple Name Servers with the Same IP AddressSame IP Address

• Multiple name servers (glue A records) with the same IP address have not been allowed.

• For example: foo.com. NS ns1.foo.com.

bar.com. NS ns1.bar.com.

ns1.foo.com. A 192.0.0.1 ; Only one

ns1.bar.com. A 192.0.0.1 ; allowed

3


Multiple Name Servers with the Multiple Name Servers with the Same IP AddressSame IP Address

• This restriction was relaxed as of January 19, 2002.

• Multiple name servers across com, net and org can all share the same IP address.

4


Changes Coming SoonChanges Coming Soon

• The following changes are scheduled for mid-May, 2002:– “Orphan” A record removal

– IPv6 support

– Zone file format changes

5


““Orphan” A Record RemovalOrphan” A Record Removal

• For historical reasons, “orphan” A records appear in the com, net and org zones.– Orphan A record: an A record whose owner name

does not appear in the RDATA of an NS record.– For example:

foo.com. NS ns1.foo.com. foo.com. NS ns2.foo.com. ns1.foo.com. A 192.0.0.1 ns2.foo.com. A 192.0.0.2 ns3.foo.com. A 192.0.0.3 ; Orphan

6


““Orphan” A Record ScenariosOrphan” A Record Scenarios

1. Domain is delegated; orphan in that domain exists.

– Orphan occludes any A records of the same domain name in the delegated zone.

– “Why can’t I change the IP address of www.mydomain.com?”

– Deleting the orphan might or might not cause a problem.

7


““Orphan” A Record ScenariosOrphan” A Record Scenarios

2. Orphan exists for an undelegated domain.

– E.g., A record for www.mydomain.com, but mydomain.com isn’t a registered domain.

– Getting a “free ride” and might or might not realize it.

– Potentially surprising when deleted.

8


““Orphan” A Record RemovalOrphan” A Record Removal

• About 200,000 orphan A records today.• Current plan is to delete them in mid-May,

2002.• What we’re doing:

– Sending registrars lists of their specific problem children.

– Publishing a list of all orphans on www.verisign-grs.com.

– Notifying interested parties, such as network operators, RIRs, etc.

9


IPv6 SupportIPv6 Support

• Currently, you can only register A records as name servers for com, net and org zones.

• Starting in mid-May, 2002, you can also register AAAA records.– No A6 support is planned.

• AAAA records, if present, will be returned along with A records in the Additional section of replies.

10



• Kinds of IPv6 addresses allowed:– Only global unicast

• No multicast, site-local unicast or link-local unicast

– No IPv4-compatible

– No IPv4-mapped

– Must be from a block allocated to an RIR

• Looking for feedback on these choices.

11



• Actual address ranges to be allowed:

• Looking for feedback on this list.

2001:0200::/29 APNIC

2001:0400::/29 ARIN

2001:0600::/29 RIPE NCC

2002::/16 6to4

3FFE::/16 6bone

12


• All com, net and org resolution continues over IPv4 transport only, just as today.

• Not planning on com, net and org name servers accessible via IPv6 transport until 2003.


13


Zone File Format ChangesZone File Format Changes

• VeriSign GRS generates the com, net, org and edu zone files twice daily.

• The current format is verbose and makes for large files.

• Optimizations coming in mid-May, 2002:– Relative (i.e., non-fully qualified) domain names

– Use $TTL to avoid explicit TTLs on every record

– Eliminate redundant IN class on every record

14


New Zone Format ExampleNew Zone Format Example

$ORIGIN COM.$TTL 518400@ IN SOA A.GTLD-SERVERS.NET. nstld.verisign-grs.com. ( 2002012100 ; serial 1800 ; refresh every 30 min 900 ; retry every 15 min 604800 ; expire after a week 3600 ) ; negative caching TTL

NS A.GTLD-SERVERS.NET. NS B.GTLD-SERVERS.NET. NS C.GTLD-SERVERS.NET. NS D.GTLD-SERVERS.NET.; ...A.GTLD-SERVERS.NET. A 192.5.6.30B.GTLD-SERVERS.NET. A 192.33.14.30C.GTLD-SERVERS.NET. A 192.26.92.30D.GTLD-SERVERS.NET. A 192.31.80.30; ...$TTL 172800BOGUS-EXAMPLE NS NS1.BOGUS-EXAMPLEBOGUS-EXAMPLE NS NS2.BOGUS-EXAMPLEBOGUS-EXAMPLE NS NS1.BIG-ISP.NET.; ...NS1.BOGUS-EXAMPLE A 192.1.1.1NS1.BOGUS-EXAMPLE A 192.1.1.2

15


RRP ChangesRRP Changes

• For any com/net/org registrars out there…

• VeriSign’s Registry Registrar Protocol (RRP) is being updated.

• RRP 2.0 provides support for, among other things, IPv6 addresses.

• The Internet-Draft is available at http://ftp.ietf.org/internet-drafts/draft-hollenbeck-rfc2832bis-00.txt

16


EPPEPP

• On a related topic…• The succesor to RRP is the Extensible

Provisioning Protocol (EPP), the work of the IETF provreg Working Group.

• The EPP documents recently passed WG last call and will be sent to the IESG soon.

• More information at http://www.ietf.org/html.charters/provreg-charter.html

17


Metrics: RegistrarsMetrics: Registrars

• 96 active ICANN-accredited registrars– As of December, 2001

• The registrars register com, net and org domains using the Shared Registration System (SRS).

18


Metrics: SRSMetrics: SRS

Total T ransactions

400

1400

2400

3400

4400

Millions

Failed W rite 4.4 7.2 3.8 3.2 2.3 39.0 30.9 61.4 63.4 52.1 203.7 420.4

Successful W rite 4.6 4.3 6.1 5.6 5.8 7.9 6.5 6.7 6.3 6.5 7.2 8.6

Read 53.0 61.5 86.6 75.8 85.4 89.6 81.2 67.7 58.6 71.4 68.9 95.3

Check 482.5 568.1 1059.1 856.8 833.4 1126.2 1509.9 1316.5 2516.9 2447.9 3408.3 3613.3

J an-01 Feb-01 Mar-01 Apr-01 May-01 J un-01 J ul-01 Aug-01 Sep-01 Oct-01 Nov-01 Dec-01

19


Metrics: SRSMetrics: SRS

Daily Average & Peak Transactions

020406080

100120140160

Millions

Daily Avg 17.6 22.9 37.3 31.4 29.9 42.1 52.5 46.8 88.2 83.2 122.9 133.5

Peak Day 24.1 35.2 57.7 65.1 44.2 59.6 68.9 94.0 123.6 125.2 143.6 148.5

J an- 01 Feb- 01 Mar- 01 Apr- 01 May- 01 J un- 01 J ul- 01 Aug- 01 Sep- 01 Oct- 01 Nov- 01 Dec- 01

20


Metrics: DNS, ZonesMetrics: DNS, Zones

TotalNS RRsets 29,058,698Resource records 63,506,915Zone file size (bytes) 3,200,021,449Average NS RRset size

NS RRset size distribution RRs RRsets % RRs RRsets % RRs RRsets %1 148,363 0.66% 1 29,830 0.75% 1 16,246 0.66%2 19,728,290 87.16% 2 3,488,754 88.21% 2 2,187,294 88.56%3 1,719,027 7.59% 3 303,201 7.67% 3 180,157 7.29%4 848,482 3.75% 4 102,651 2.60% 4 66,826 2.71%5 179,647 0.79% 5 28,641 0.72% 5 17,900 0.72%6 8,914 0.04% 6 1,444 0.04% 6 903 0.04%7 368 0.00% 7 91 0.00% 7 240 0.01%8 384 0.00% 8 164 0.00% 8 142 0.01%9 25 0.00% 9 25 0.00% 9 15 0.00%10 130 0.00% 10 39 0.00% 10 41 0.00%11 18 0.00% 11 3 0.00% 11 3 0.00%12 250 0.00% 12 90 0.00% 12 63 0.00%13 22 0.00% 13 11 0.00% 13 4 0.00%

2.17 2.14 2.14

2,469,834org

5,338,458263,358,725

net3,954,9448,627,527

426,658,095

22,633,920com

49,540,9302,510,004,629

21


Metrics: DNS, ResolutionMetrics: DNS, Resolution

global registry services com/net/org registry update for nanog24 matt larson verisign global...

Documents