Peter Janssen EURid eu Peter Janssen RIPE EURid

  • Slides: 15
Download presentation
Peter Janssen, EURid. eu Peter Janssen, RIPE EURid. eu 64, 2012 Ljubljana, 64, Ljubljana,

Peter Janssen, EURid. eu Peter Janssen, RIPE EURid. eu 64, 2012 Ljubljana, 64, Ljubljana, April 18 RIPE 2012

A new DNS implementation n Primary Design goals n “drop-in” replacement for BIND and

A new DNS implementation n Primary Design goals n “drop-in” replacement for BIND and NSD Standards (RFC) compliant Performance (queries ~ TLD level) Authoritative DNSSEC support AXFR/IXFR support (master and slave) (BIND) zone files as storage Secondary goals Dynamic update API (update content of zones on the fly) Dynamic provisioning (add/remove zones on the fly) “higher level storage” backend (sql db, . . . ) Recursive caching resolver? Peter Janssen, EURid. eu Ljubljana, RIPE 64, 2012

Current Status - Features n n Authoritative Load/parse zone files (BIND style files) Include,

Current Status - Features n n Authoritative Load/parse zone files (BIND style files) Include, *, @, / Resource record types SPF, SRV, NAPTR SOA, A, AAAA, NS, CNAME, PTR, HINFO, MX, TXT DNSKEY, DS, RRSIG, NSEC 3, NSECPARAM n Zone transfer Master & Slave, AXFR / IXFR Notify, TSIG n n Nsupdate (add, remove RR) DNSSEC RSASHA 1(5, 7) Online re-signing Peter Janssen, EURid. eu Ljubljana, RIPE 64, 2012

Current Status – 1. 0 RC 2 n YADIFA 1. 0 RC 2 packages

Current Status – 1. 0 RC 2 n YADIFA 1. 0 RC 2 packages available on yadifa. eu x 86 64 bit Cent. OS 5 Cent. OS 6 Debian 6 Ubuntu Free. BSD OSX Lion x 86 32 bit Cent. OS 5 Cent. OS 6 Debian 6 Peter Janssen, EURid. eu Ljubljana, RIPE 64, 2012

Coming up n “Near Future” (coming months) DSA/SHA 1, DSA-NSEC 3 -SHA 1, RSASHA

Coming up n “Near Future” (coming months) DSA/SHA 1, DSA-NSEC 3 -SHA 1, RSASHA 256, RSASHA 512 Full client to “control” the name server daemon (1. 0 does stop and reload) Dynamic zone management (add/remove zones on the fly) n “Not so Near Future” Caching resolver Validating Sql backend API n End June 2012 BSD open source Peter Janssen, EURid. eu Ljubljana, RIPE 64, 2012

Load times comparison n . com zone file (198 million lines) Prepare BIND 9.

Load times comparison n . com zone file (198 million lines) Prepare BIND 9. 8. 1 NSD 3. 2. 8 36 m 58 s YADIFA 0. 8 n Load Ready 38 m 40 s 12 m 03 s 40 m 01 s 8 m 26 s Load Ready 37 s 2 s 100. 000 zones (7 RR) Prepare BIND 9. 8. 1 NSD 3. 2. 8 8 s YADIFA 0. 8 4 s (Dual Xeon 2. 1 Ghz, 48 Gb, Linux Debian) EURid Feb. 2012 Peter Janssen, EURid. eu Ljubljana, RIPE 64, 2012

Dynamic Provisioning n Adding and removing zones Without interrupting “production” Centrally managed n Extension

Dynamic Provisioning n Adding and removing zones Without interrupting “production” Centrally managed n Extension of RFC 2136 “Dynamic Updates in the Domain Name System (DNS UPDATE)” Extend existing channel to “master” (Re)use existing channel between “master” and “slave” Peter Janssen, EURid. eu Ljubljana, RIPE 64, 2012

Dynamic Provisioning 1. Dyn. Upd. message : {abc. eu} - Master : NS 1

Dynamic Provisioning 1. Dyn. Upd. message : {abc. eu} - Master : NS 1 - Slave : NS 2 -. . 2. Notify : {abc. eu} Name server 1 3. AXFR/IXFR: {abc. eu} - Master(NS 1) -. . 4. Dyn. Upd. message : {abc. eu} - Master : NS 1 - Slave : NS 2 + NS 3 -. . Name server 2 Name server 3 All name servers are configured with a minimal set of access control rules Peter Janssen, EURid. eu Ljubljana, RIPE 64, 2012

Dynamic Provisioning n Dynamic Update Message +-----------+ | Header | +-----------+ | Zone |

Dynamic Provisioning n Dynamic Update Message +-----------+ | Header | +-----------+ | Zone | +-----------+ | Prerequisite | +-----------+ | Update | +-----------+ | Additional Data | +-----------+ Peter Janssen, EURid. eu Ljubljana, RIPE 64, 2012

Dynamic Provisioning n Zone Section 1 1 1 0 1 2 3 4 5

Dynamic Provisioning n Zone Section 1 1 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +--+--+--+--+--+--+--+--+ | | / ZNAME / / / +--+--+--+--+--+--+--+--+ | ZTYPE | +--+--+--+--+--+--+--+--+ | ZCLASS | +--+--+--+--+--+--+--+--+ abc. eu SOA 0 x 2 a Peter Janssen, EURid. eu Ljubljana, RIPE 64, 2012

Dynamic Provisioning n Prerequisite Section When adding -> should not exist When removing ->

Dynamic Provisioning n Prerequisite Section When adding -> should not exist When removing -> should exist . . . Peter Janssen, EURid. eu Ljubljana, RIPE 64, 2012

Dynamic Provisioning n Update Section 1 1 1 0 1 2 3 4 5

Dynamic Provisioning n Update Section 1 1 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +--+--+--+--+--+--+--+--+ | | / NAME / | | +--+--+--+--+--+--+--+--+ | TYPE | +--+--+--+--+--+--+--+--+ | CLASS | +--+--+--+--+--+--+--+--+ | TTL | | | +--+--+--+--+--+--+--+--+ | RDLENGTH | +--+--+--+--+--+--+--+--| / RDATA / +--+--+--+--+--+--+--+--+ abc. eu zonetype, zonefile, zonenotify, master, dnssec, . . . 0 x 2 a Peter Janssen, EURid. eu Ljubljana, RIPE 64, 2012

Dynamic Provisioning n Update Section TYPE RDATA zonetype Master | Slave zonefile Zone file

Dynamic Provisioning n Update Section TYPE RDATA zonetype Master | Slave zonefile Zone file full name zonenotify IP address, TSIG master IP address, TSIG Peter Janssen, EURid. eu Ljubljana, RIPE 64, 2012

Dynamic Provisioning n n “Activate” new configuration “Query like” message NAME : abc. eu

Dynamic Provisioning n n “Activate” new configuration “Query like” message NAME : abc. eu CLASS : 0 x 2 a TYPE : freeze | unfreeze | merge | save n Check status NAME : <STATUS> CLASS : 0 x 2 a TYPE : <whatever you need to follow up and check on> Peter Janssen, EURid. eu Ljubljana, RIPE 64, 2012

One slide to say it all. . . URL : http: //www. yadifa. eu

One slide to say it all. . . URL : http: //www. yadifa. eu EMAIL : info@yadifa. eu Mailinglists : yadifa-announce, yadifa-users yadifa. eu. NS NS ns. yadifa. eurid. eu. yadifa. eu DNS is served by YADIFA! LET US KNOW WHAT Y: : O: : U THINK, PLEASE GET IN T: : O: U: C: H YADIFA 1. 0 RC binaries available now Cent. OS (32&64 bit) free. BSD (64 bit) Debian (32&64 bit) os. X(Lion) (64 bit) YADIFA 1. 2 BSD open source license June 2012 Peter Janssen, EURid. eu Ljubljana, RIPE 64, 2012