AMNIC public services DNS Whois WWW Database - behind of scene Other services – e-mail, NTP, c. DNS, RIPE Atlas
DNS Zone file management DNSSEC Slaves – diversity, reliability, security IANA
DNSSEC pros Authentication of origin Record's non-existence verification No MITM and cache poisoning anymore DANE/TLSA !
DNSSEC cons Additional maintenance tasks Increased cost of errors Target for DDo. S - larger responses, more CPU load and RAM usage
Back to other services Whois - standard and web interfaces Web interfaces to database updates E-mail - other way to communicate NTP stratum 1 server ntp. amnic. net member pool. ntp. org c. DNS - an of instance of anycast cloud
Hardware, connectivity, etc Two datacentres Two upstream NSPs Two power sources
Datacentres Server per service - virtualization Database streaming replication Internal anycasting Total logging Backup to opposite DC
Upstreams Multihomed, with large capacity Connected to local exchanges Native IPv 6
Power Reliable switching between sources Good UPS systems
Disaster recovery Migration to alive datacentre Migration to alive database Recovery from backup
What to improve Global anycasting of DNS Paid escrow service out of country Power generator system in main DC
Questions? Suggestions ? Hrant Dadivanyan at ran@psg. com