Security and Stability of Root Name Server System
-
Upload
len-higgins -
Category
Documents
-
view
22 -
download
0
description
Transcript of Security and Stability of Root Name Server System
![Page 1: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/1.jpg)
Security and Stability of Root Name Server System
Jun Murai(From the panel on Nov. 13th by Paul Vixie, Mark
Kosters, Lars-Johan Liman and Jun Murai)RSSAC
![Page 2: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/2.jpg)
Root name servers: distributed system
• Diversed variants of the Unix operating system: – 7 different hardware platforms– 8 different operating systems (UNIX variants)– from 5 different vendors.
• geographically distributed
• operate on local time (including GMT),
![Page 3: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/3.jpg)
name org city type urla InterNIC Herndon,VA, US comhttp:/ / www.internic.orgb ISI Marina del Rey,CA, USedu http:/ / www.isi.edu/c PSInet Herndon,VA, US comhttp:/ / www.psi.net/d UMD College Park,MD, US edu http:/ / www.umd.edu/e NASA Mt View, CA, US usg http:/ / www.nasa.gov/f ISC Palo Alto, CA, US comhttp:/ / www.isc.org/g DISA Vienna, VA, US usg http:/ / nic.mil/h ARL Aberdeen, MD, US usg http:/ / www.arl.mil/i NORDUnet Stockholm, SE int http:/ / www.nordu.net/j (TBD) (colo w/ A) () http:/ / www.iana.org/k RIPE London, UK int http:/ / www.ripe.net/l ICANN Marina del Rey,CA, USorg http:/ / www.icann.org/m WIDE Tokyo, J P int http:/ / www.wide.ad.jp/
List of the Root Servers
![Page 4: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/4.jpg)
![Page 5: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/5.jpg)
![Page 6: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/6.jpg)
![Page 7: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/7.jpg)
![Page 8: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/8.jpg)
![Page 9: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/9.jpg)
![Page 10: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/10.jpg)
![Page 11: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/11.jpg)
![Page 12: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/12.jpg)
![Page 13: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/13.jpg)
![Page 14: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/14.jpg)
![Page 15: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/15.jpg)
![Page 16: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/16.jpg)
![Page 17: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/17.jpg)
![Page 18: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/18.jpg)
![Page 19: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/19.jpg)
![Page 20: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/20.jpg)
![Page 21: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/21.jpg)
![Page 22: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/22.jpg)
![Page 23: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/23.jpg)
![Page 24: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/24.jpg)
![Page 25: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/25.jpg)
![Page 26: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/26.jpg)
![Page 27: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/27.jpg)
![Page 28: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/28.jpg)
![Page 29: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/29.jpg)
![Page 30: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/30.jpg)
Root name servers: hardware
• Access to the machine– controlled physical access
• Environment– protection against power grid and cooling
failures with UPS protected power
• Connections– diverse Internet connectivity in layers 1
through 3.
![Page 31: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/31.jpg)
Administrative Services (1)
• Backup– Each root name server site keeps backup copies of
zone files
• redundant hardware – All root name servers have redundant hardware
• Hot spare (manual) – In some cases, the hardware is in the form of a hot
spare
• Live spare (automatic)– In other cases, the hardware is operated as a live
spare
![Page 32: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/32.jpg)
Administrative Services (2)
• BIND version– All root name servers run the recent-patched versions
of BIND
• Contact information of operators– each root name server operator has contact information
(digitally secured and hardcopy) for all other operators– Secure communication technologies
• Multi-level personnel– multi-level system administration personnel and support – internally defined escalation procedures.
![Page 33: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/33.jpg)
Zone file: high-level process• Additions/modifications/deletions to the root
zone high-level process:– Fill out template found at
http://www.iana.org/cctld/icp1.htm– Send completed template to [email protected]– IANA (and others) will check technical/political
aspects– PGP-signed messages come from IANA with
approval from DOC to VeriSign to make changes– Notification of to the root servers– Changes ready to be placed into zone file (and whois)
![Page 34: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/34.jpg)
Zone File Distribution
• Definitions– Master – initial distribution point
• Information fed by a file• File generated from a database
– Slave – replicates the copy from master server
• How are changes detected– If fetched by protocol (called zone transfer)
• SOA Record– Serial Number– Refresh Interval– Notify
• Process may be protected by symmetric keys (TSIG)
– If fetched by file• Notified by pgp-signed email to small list
![Page 35: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/35.jpg)
Zone File Distribution - Master• Master File Generation
– Generated by Provisioning Database– Replicated to disaster recovery site
• Database• Distribution mechanism• Backups stored at off-site locations
– Humans look at differences– Look for key changes
• Serial number of SOA record • Feedback from provisioning if changes made to Delegation
– Security Elements• Hash of zone file• Gpg (pgp) signatures per file• File that contains md5sum signed
– Installed on staging machine• Logs checked• DNS queries
![Page 36: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/36.jpg)
Zone File Distribution – Master (cont)
• Zone Files pushed to ftp servers– ftp://rs.internic.net/domains
– ftp://ftp.crsnic.net/domains for those who have accounts for com/net/org
• Files pushed to distribution master and a.root-servers.net– Pushed to Trusted interface
– Before loading -Security checks performed• Authenticity• Validity
• Multiple machines used while changing zones– Minimize downtime on a.root-servers.net or j.root-servers.net
• Message sent out to internal notification list
![Page 37: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/37.jpg)
Zone File Distribution - Slave
• How changes are detected
• Using the DNS protocol– Notify message– Refresh interval check
• Out of band– Pgp-signed email– Cronjob
• Responsibility of each root operator to check validity
![Page 38: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/38.jpg)
Operators
• Different personalities, different organizations, different types of organizations, different ...
• Strong social network.
• Established encrypted communication channels.
![Page 39: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/39.jpg)
Technical Guidelines
• The Internet Engineering Task Force (IETF) has well established procedures for developing technical recommendations.– Domain Name System Operations working group.– Domain Name System Extensions working group.
• Root operators use RFC 2870 as guidelines.– "Root Name Server Operational Requirements"– New ideas should go into the next version of that
document.
![Page 40: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/40.jpg)
Current Situation
• Physical access limitations in place.
• Placed reasonably well protected.
• Contingency plans.
![Page 41: Security and Stability of Root Name Server System](https://reader035.fdocuments.net/reader035/viewer/2022062407/56812b13550346895d8f0661/html5/thumbnails/41.jpg)
ICANN’s role
• Complete the transition plan– Security and Stability on the new IANA roles
• MoU process – Btwn root server operators
• Backup of the IANA function
• TRUST Engineers and Operators!