Practices on DNS Management and Domain Name Emerging Topics. Jirasak Jullawat July 14, 2016

Transcription

1 Practices on DNS Management and Domain Name Emerging Topics Jirasak Jullawat July 14, 2016

2 TABLE OF CONTENTS 1. Definition of Domain Name 2. Domain Name Structure 3. Why Domain Name? 4..th Management 5. How DNS works? 6. Things You Should Know for Managing DNS. 7. DNSSEC 8. IDN 9. EAI 10. New gtlds

3 DOMAIN NAME?

4

5 Where are domain names? URL / URI / Address bar ป น.ไทย jirasak@thains.co.th abc@gmail.com ยอด@ยอด.ไทย

6 Then, what does DNS stand for?

7 Domain Name System

8 DNS Structure

9 Root com net org info biz uk cc kr jp th TLD ac co go in Country mi Code net or Generic Top-Level Domain Top-Level Domain (gtld) (cctld) moe gov1 gov2 gov3... SLD Third Level

10 Generic top-level domains (gtlds)

11

12 WHY DOMAIN?

13 Why DNS s so important?

14 Why DNS s so important? address web name BRAND

15 Why DNS s so important?

16 Why DNS s so important?

17 Why DNS s so important?

18 .th History

19 .th History

20 .th History July 1988,.th was registered. December 1991, the first academic meeting on Internet was conducted in AIT which results to the first 4 subdomain:.ac.th,.co.th,.or.th,.go.th In 1992, the DNS server was placed at Thailand first international gateway: Chulalongkorn University. In 1993, the volunteer team was called THNIC. Until 1997,.th service was run by the co-operation of CU & AIT. In 1998, the primary DNS server was relocated to AIT.

21 .th History In 1999, T.H.NIC Co., Ltd. was registered to replace the volunteer model. In 2001, Thai Name Server Co., Ltd. was registered and in charge of DNS database and services (Registry). While domain name registration service (Registrar) remained at T.H.NIC company. In 2007, Thai Network Information Center Foundation was established to be.th policy and management body.

22 .th Management (&.ไทย)

23 .th &.ไทย Management

24 .th Management.th + IDN.th.ไทย.co.in.ac.or.go.mi.net * IPv6 Supported * DNSSEC enabled

25 .th Management 7 subdomains:.co.th Commercial.go.th Government.or.th NGO.mi.th Military.ac.th Academic.net.th Internet or Network Service Providers.in.th Dot In Thai

26 .th Stability CU INET CAT Telecom ISC (Anycast) CommunityDNS (Anycast)

27 .th Policies For Thai Anti-Cyber Squatting Domain for real uses. Name restriction. Number restriction.

28 Why.th &.ไทย Verify the exist of domain owner Build trust of Thai online commerce.

29 How DNS works?

30 Query Local DNS Query Query Refer to Name Server Refer to.go.th Query Name Server Query Refer to moj.go.th Name Server Return Not in Cache Return ROOT Name Server.TH Name Server.GO.TH Name Server moj.go.th Name Server TH MOJ.GO.TH ROOT Hierachy GO.TH Resolver Connect to

31 Things You Need to Know about Managing DNS.

32 Domain Name Server Locations

33 $ORIGIN example.in.th. $TTL IN SOA ns1.example.in.th. dnsadmin.example.in.th. ( ; serial 7200 ; refresh after 2 hours 3600 ; retry after 1 hour ; expire after 1 week 7200 ) ; Negative Caching for 1 day IN NS ns1.example.in.th. IN NS ns2.example.in.th.

34 TTL When a caching (recursive) nameserver queries the authoritative nameserver for a resource record, it will cache that record for the time (in seconds) specified by the TTL $ORIGIN example.in.th. $TTL IN SOA ns1.example.in.th. dnsadmin.example.in.th. ( ; serial 7200 ; refresh after 2 hours 3600 ; retry after 1 hour ; expire after 1 week 7200 ) ; Negative Caching for 1 day IN NS ns1.example.in.th. IN NS ns2.example.in.th.

35 Serial The version number of the original copy of the zone. Zone transfers preserve this value. $ORIGIN example.in.th. $TTL IN SOA ns1.example.in.th. dnsadmin.example.in.th. ( ; serial 7200 ; refresh after 2 hours 3600 ; retry after 1 hour ; expire after 1 week 7200 ) ; Negative Caching for 1 day IN NS ns1.example.in.th. IN NS ns2.example.in.th.

36 Refresh A time interval before the zone should be refreshed. $ORIGIN example.in.th. $TTL IN SOA ns1.example.in.th. dnsadmin.example.in.th. ( ; serial 7200 ; refresh after 2 hours 3600 ; retry after 1 hour ; expire after 1 week 7200 ) ; Negative Caching for 1 day IN NS ns1.example.in.th. IN NS ns2.example.in.th.

37 Retry A time interval that should elapse before a failed refresh should be retried. $ORIGIN example.in.th. $TTL IN SOA ns1.example.in.th. dnsadmin.example.in.th. ( ; serial 7200 ; refresh after 2 hours 3600 ; retry after 1 hour ; expire after 1 week 7200 ) ; Negative Caching for 1 day IN NS ns1.example.in.th. IN NS ns2.example.in.th.

38 Expire A time value that specifies the upper limit on the time interval that can elapse before the zone is no longer authoritative. $ORIGIN example.in.th. $TTL IN SOA ns1.example.in.th. dnsadmin.example.in.th. ( ; serial 7200 ; refresh after 2 hours 3600 ; retry after 1 hour ; expire after 1 week 7200 ) ; Negative Caching for 1 day IN NS ns1.example.in.th. IN NS ns2.example.in.th.

39 Negative Caching The TTL for negative caching should be. $ORIGIN example.in.th. $TTL IN SOA ns1.example.in.th. dnsadmin.example.in.th. ( ; serial 7200 ; refresh after 2 hours 3600 ; retry after 1 hour ; expire after 1 week 7200 ) ; Negative Caching for 2 hours IN NS ns1.example.in.th. IN NS ns2.example.in.th.

40 DNSSEC

41 DNS Vulnerability Google.com Server #1 Google.com Server #2 Impersonating master Altered zone Cache poisoning Local server (Caching) A? Cache Impersonation End user (resolver)

42 DNSSEC Local Cache server A? A Plus signature by ns1.google.com End User Zone server Attacker A

43 Digital Signature

44 Walking the Chain of Trust MyDomain Information signed with Private Key. Private Key Use Public key is only way to read. Public Key IF Trusted Public Key can Trusted Information.

45 Walking the Chain of Trust Trusted. (root) Trusted th. Trusted co.th. Trusted thnic.co.th.

46 Key Zone Signing Key(ZSK) Used to sign the data within the zone Key Signing Key(KSK) Used to sign the Zone signing key and to create the Secure Entry Point for the zone

47 Delegation Signer (DS)

48 DNSViz.net

49

50 .IDN Internationalized Domain Name

51 IDN? IDN cctld IDN = Internationalized Domain Name cctld = Country-code Top Level Domain

52 Emerged IDN cctlds Singapore (sg) 新加坡 (traditional Chinese); ச ங கப ப ர (Tamil) Sri Lanka (lk): ල ක (Sinhalese); இலங கக (Tamil) Syria (sy): سورية Taiwan (tw): 台湾 (simplified); 台灣 (traditional); 臺灣 (variant string) Thailand (th): ไทย Tunisia (tn): تونس

53 .ไทย Register together with.th.ไทย 1 on 1 Translation or Transliteration

54

55 Most internet users are able to use English? Thai typing is somehow hard and words are longer?

56 IDN in Thai? % of Thai have English literacy. (about 7 millions from 70 millions) Some of them (63 millions) know latin characters but unable to remember words. Computer / Internet always meddle with English, so leave it!

57 IDN Reduce the digital divide which caused by language. Increase Internet penetration in non-native English countries. Local brands in local language which focus on local market, communicate them using IDN. local SEO benefit.

58 How IDN Works? DNS knows only ASCII A - Z IDN will be converted to ASCII between the process. 58

59 How IDN Works? xn--82cyau3b3mma.xn--o3cw4h.ไทย Name Server URL: จดโดเมน.ไทย จดโดเมน.ไทย Web Server 59

60 EAI ( Address Internationalization)

61

62 EAI

63 Who are EAI supported? Gmail & Google Apps Postfix version 3.0 Outlook 2016 for Windows THNIC

64 .ไทย EAI service

65

66 Thai EAI Set-up Basic Guideline Development

67 New gtlds

68 New gtlds ICANN opened for anyone could apply for any Top Level Domain. $185,000 registration fee. Application period opened in round. Round 1 was closed on May 30, Total 1,930 Applications submitted.

69 New gtlds Delegated Strings

70 Jirasak Jullawat