LOCALROOT SERVE YOURSELF THE ROOT Wes Hardaker hardakerisi

  • Slides: 20
Download presentation
LOCALROOT SERVE YOURSELF THE ROOT+ Wes Hardaker hardaker@isi. edu USC/ISI Information Sciences Institute

LOCALROOT SERVE YOURSELF THE ROOT+ Wes Hardaker hardaker@isi. edu USC/ISI Information Sciences Institute

Classic DNS Resolution Information Sciences Institute https: //localroot. isi. edu/ 2

Classic DNS Resolution Information Sciences Institute https: //localroot. isi. edu/ 2

First request hitting the resolver starts from the top Information Sciences Institute https: //localroot.

First request hitting the resolver starts from the top Information Sciences Institute https: //localroot. isi. edu/ 3

Second request may also start from the top (. org) Information Sciences Institute https:

Second request may also start from the top (. org) Information Sciences Institute https: //localroot. isi. edu/ 4

Cache Hit == Success Information Sciences Institute https: //localroot. isi. edu/ 5

Cache Hit == Success Information Sciences Institute https: //localroot. isi. edu/ 5

Cache Hit == Success What if we could pre-cache everything? ? (or at least

Cache Hit == Success What if we could pre-cache everything? ? (or at least a few zones) Information Sciences Institute https: //localroot. isi. edu/ 6

Local. Root is a pseduo cache Information Sciences Institute https: //localroot. isi. edu/ 7

Local. Root is a pseduo cache Information Sciences Institute https: //localroot. isi. edu/ 7

Local. Root Extends RFC 8806 -- add Security and Notifications TSIG Protected Information Sciences

Local. Root Extends RFC 8806 -- add Security and Notifications TSIG Protected Information Sciences Institute https: //localroot. isi. edu/ 8

Why Use Local. Root • Benefits – “Psuedo-caching” of the root and other zones

Why Use Local. Root • Benefits – “Psuedo-caching” of the root and other zones • Removes the need to query them frequently • Protects ISPs from outages – Faster DNS lookups for first TLD and other lookups – Faster NXDOMAIN results • Negative answers make up most root traffic • 2020/05/06 DITL data: of 6. 7 B requests to b. root-servers. net, only 1. 34 B were valid • 80% were NXDOMAIN answers == TLD didn’t exist! • Research project of your own? – Trigger events after root-change notification? Information Sciences Institute https: //localroot. isi. edu/ 9

Real World Effects of Running Local. Root enabled Information Sciences Institute https: //localroot. isi.

Real World Effects of Running Local. Root enabled Information Sciences Institute https: //localroot. isi. edu/ 10

Recent Improvements to Local. Root • IPv 6 support • Three upstream production servers

Recent Improvements to Local. Root • IPv 6 support • Three upstream production servers Local. Root Servers 2 new! Authoritative zones zone transfers for Local. Root zones Your Clients Local. Root pre-cache other DNS requests Your Resolver The Internet Information Sciences Institute https: //localroot. isi. edu/ 11

Recent Improvements to Local. Root • Configuration support for bind, unbound and NSD •

Recent Improvements to Local. Root • Configuration support for bind, unbound and NSD • 3 upstream servers (2 US west coast, one east) • Multiple zones supported: – the root zone –. arpa – root-servers. net – dnssec-tools. org • User preferences – E-mail notifications • Moved inside our production provisioning and service monitoring • UI and documentation Improvements Information Sciences Institute https: //localroot. isi. edu/ 12

Local. Root Home Page Information Sciences Institute https: //localroot. isi. edu/ 13

Local. Root Home Page Information Sciences Institute https: //localroot. isi. edu/ 13

Server List Information Sciences Institute https: //localroot. isi. edu/ 14

Server List Information Sciences Institute https: //localroot. isi. edu/ 14

Configuration Generator Options Information Sciences Institute https: //localroot. isi. edu/ 15

Configuration Generator Options Information Sciences Institute https: //localroot. isi. edu/ 15

Configuration Example Information Sciences Institute https: //localroot. isi. edu/ 16

Configuration Example Information Sciences Institute https: //localroot. isi. edu/ 16

Account Preferences Information Sciences Institute https: //localroot. isi. edu/ 17

Account Preferences Information Sciences Institute https: //localroot. isi. edu/ 17

Lessons Learned: things that got in the way • COVID-19 – IP renumbering requirement

Lessons Learned: things that got in the way • COVID-19 – IP renumbering requirement was slowed significantly • Our IT department’s deployment of new 10 G cabling slowed • Slowed our own ability to physically update our side • Re. Captcha – Presented Local. Root at the ICANN DNSSEC Workshop • A bug in Re. Captcha processing meant errors got swallowed • Result was some users couldn’t create accounts – Conclusion: Captchas are a pain – Related: DNS Cookies probably are too Information Sciences Institute https: //localroot. isi. edu/ 18

Outstanding Questions • What other zones would be useful to serve? – Currently only

Outstanding Questions • What other zones would be useful to serve? – Currently only planning on serving zones with owner permission – In theory, anything with AXFR support would be served • What types of zones are best served by Local. Root? – CC tlds? – Critical infrastructure zones? • Zone size limits – Clearly, huge zones are out of scope – What is the size boundary line? Information Sciences Institute https: //localroot. isi. edu/ 19

Future Improvements • E-Mail notifications on out-of-date detection • Support for other small-medium zones:

Future Improvements • E-Mail notifications on out-of-date detection • Support for other small-medium zones: – Your zone here! – Contact me if interested • A REST API • Group accounts • Please send feature requests / feedback my way! – hardaker@isi. edu Information Sciences Institute https: //localroot. isi. edu/ 20

SNMPv 3 Wes Hardaker Network Associates Laboratories 6SNMPv 3 Wes Hardaker Network Associates Laboratories 6
ROOT PAT ROOT TES ROOT WGT ROOT FWTROOT PAT ROOT TES ROOT WGT ROOT FWT
lsmod root test root lsmod root test rootlsmod root test root lsmod root test root
ROOT PAT ROOT TES ROOT WGT ROOT FWTROOT PAT ROOT TES ROOT WGT ROOT FWT
lsmod root test root lsmod root test rootlsmod root test root lsmod root test root
ROOT PAT ROOT TES ROOT WGT ROOT FWTROOT PAT ROOT TES ROOT WGT ROOT FWT
Wes Hurd Hi my name is Wes andWes Hurd Hi my name is Wes and
Forecasting extreme rainfall Wes Junker Wes Can beForecasting extreme rainfall Wes Junker Wes Can be
Wes Gilmore wes gilmoreMicrosoft com 416 347 5075Wes Gilmore wes gilmoreMicrosoft com 416 347 5075
Wes Hurd Hi my name is Wes andWes Hurd Hi my name is Wes and
Wes Hurd Hi my name is Wes andWes Hurd Hi my name is Wes and
Ali Root Root 6 P Hristov 06112013 RootAli Root Root 6 P Hristov 06112013 Root
Why ROOT ROOT ROOT is an objectoriented frameWhy ROOT ROOT ROOT is an objectoriented frame
DeutcshSchorrWaite root DeutcshSchorrWaite root void dswnode root nodeDeutcshSchorrWaite root DeutcshSchorrWaite root void dswnode root node
Root Locus Method Root Locus Method Root locusRoot Locus Method Root Locus Method Root locus
400 Muon100000020181116 root Muon1000000201811191 root Muon100000020181120 root 400flux400 Muon100000020181116 root Muon1000000201811191 root Muon100000020181120 root 400flux
Libnet Root configure Root make test Root makeLibnet Root configure Root make test Root make
Leadership Know Yourself to Lead Yourself Lead YourselfLeadership Know Yourself to Lead Yourself Lead Yourself
KILLING YOURSELF BY YOURSELF HOW YOU KILL YOURSELFKILLING YOURSELF BY YOURSELF HOW YOU KILL YOURSELF