Embed Size (px)
Citation preview
NetworkInformationCenterMéxico
Shared Unicast forSecondary DNS
A more robust DNS serviceunder .MX
2
Oscar Robles
The problem
3
Oscar Robles
The DNS is not redundant by itself!
usuario.red.net.mx
dns.red.net.mx
REDDEL
USUARIO
NS.NIC.MX and secondaries
1/N % the level of impact on the TLD for every DNS that stops answering queries.
25% in the case of .MX before Summer 2003.
More vulnerability to DDoS attacks
4
Oscar Robles
The solution
5
Oscar Robles
To implement shared unicast
•Phase 1:Mirror in primaryShared unicast in
secondaries
•Phase 2:Shared unicast in
primary
NS.NIC.MXYACATEUCTLI.NIC.MX
Redundancy in 2 servers.
6
Oscar Robles
Domain Name resolution under .MX (current)
NS.NIC.MXNS.NIC.MXTriara(MTY)
Next step: 06/2004
YACATEUCTLI.NIC.MXYACATEUCTLI.NIC.MXVerio(USA)Alestra(GDL)Avantel(MTY)
7
Oscar Robles
NIC-Mexico’s Implementation
After comply with RFC 3258 we included the following features to our implementation:DNS Zones are kept only in Memory File System (to reduce risk of stolen information when disk are uninstalled) Routing service running in the same server allowing automatic server disconnection from the Internet should a problem prevents it to respond queries. Statistics processing that allow us identify requesting networks that require more resources from our DNS system.
8
Oscar Robles
NIC-Mexico’s Implementation
Two different DNS implementations (BIND 8 and 9).7x24 contract for all the servers.Firewall and security measures on all the servers.Full zone transfer and reloading lower than 15 secs.Time synchronization in all servers.Full control of our DNS system (hardware and software). Easy to include one more server to the pool of secondaries (there is no need to request IANA update). Topological load balancing. Dynamic Updates/Update Notification/Incremental Zone Transfer.
9
Oscar Robles
NIC-Mexico’s Implementation
We are able to provide a better availability ofthe critical DNS service.We became one of the first to develop andimplement our own DNS secondaries SharedUnicast.
10
Oscar Robles
Growth of queries to secondaries
-
5,000,000
10,000,000
15,000,000
20,000,000
25,000,000
30,000,000
35,000,000
40,000,000
45,000,00001
/12/
2003
08/1
2/20
03
15/1
2/20
03
22/1
2/20
03
29/1
2/20
03
05/0
1/20
04
12/0
1/20
04
19/0
1/20
04
26/0
1/20
04
02/0
2/20
04
09/0
2/20
04
16/0
2/20
04
23/0
2/20
04
01/0
3/20
04
GDLMTYSJC
11
Oscar Robles
Growth of queries to secondaries
Queries received by secondaries in .MX
-
10,000,000
20,000,000
30,000,000
40,000,000
50,000,000
60,000,000
70,000,000
80,000,00008
/09/
03
22/0
9/03
06/1
0/03
20/1
0/03
03/1
1/03
17/1
1/03
01/1
2/03
15/1
2/03
29/1
2/03
12/0
1/04
26/0
1/04
09/0
2/04
23/0
2/04
Total queries
12
Oscar Robles
Type of answers
Answers of .MX secondary (GDL)
Total Sum of ANSWER 83.14%
Total Sum of NXDOMAIN
16.86%
Total Sum of ERROR 0.000%
Answers of .MX secondary (MTY)
Total Sum of ANSWER 84.23%
Total Sum of ERROR 0.290%
Total Sum of NXDOMAIN
15.48%
Answers of .MX secondary (SJC)
Total Sum of ANSWER 95.85%
Total Sum of ERROR 0.004%
Total Sum of NXDOMAIN
4.14%
Global answers of .MX secondaries
Total Sum of ANSWER 90.21%
Total Sum of ERROR 0.05%
Total Sum of NXDOMAIN
9.74%
NetworkInformationCenterMéxico
Shared Unicast forSecondary DNS
A more robust DNS serviceunder .MX
![]©mwKw kt≠kvIqƒ ]mTy]≤Xnsundayschool.csiskd.com/Almanac_2019.pdf · 1 thZm≤ymb\ ]©mwKw & kt≠kvIqƒ ]mTy]≤Xn 2019 Z£nW tIcf almbnShI {InkvXob hnZym`ymk kanXn](https://img.pdfslide.us/doc/110x75/5f70c34b3971e12b3e5290fe/mwkw-ktakviq-mtya-1-thzmaymb-mwkw-ktakviq-mtyaxn.jpg)
![[Training] Claves Marketing Digital de ITStrap MTY](https://img.pdfslide.us/doc/110x75/557c2be7d8b42aa77f8b4f36/training-claves-marketing-digital-de-itstrap-mty.jpg)
