Peter Janssen EURid eu Peter Janssen RIPE EURid
- Slides: 15
Peter Janssen, EURid. eu Peter Janssen, RIPE EURid. eu 64, 2012 Ljubljana, 64, Ljubljana, April 18 RIPE 2012
A new DNS implementation n Primary Design goals n “drop-in” replacement for BIND and NSD Standards (RFC) compliant Performance (queries ~ TLD level) Authoritative DNSSEC support AXFR/IXFR support (master and slave) (BIND) zone files as storage Secondary goals Dynamic update API (update content of zones on the fly) Dynamic provisioning (add/remove zones on the fly) “higher level storage” backend (sql db, . . . ) Recursive caching resolver? Peter Janssen, EURid. eu Ljubljana, RIPE 64, 2012
Current Status - Features n n Authoritative Load/parse zone files (BIND style files) Include, *, @, / Resource record types SPF, SRV, NAPTR SOA, A, AAAA, NS, CNAME, PTR, HINFO, MX, TXT DNSKEY, DS, RRSIG, NSEC 3, NSECPARAM n Zone transfer Master & Slave, AXFR / IXFR Notify, TSIG n n Nsupdate (add, remove RR) DNSSEC RSASHA 1(5, 7) Online re-signing Peter Janssen, EURid. eu Ljubljana, RIPE 64, 2012
Current Status – 1. 0 RC 2 n YADIFA 1. 0 RC 2 packages available on yadifa. eu x 86 64 bit Cent. OS 5 Cent. OS 6 Debian 6 Ubuntu Free. BSD OSX Lion x 86 32 bit Cent. OS 5 Cent. OS 6 Debian 6 Peter Janssen, EURid. eu Ljubljana, RIPE 64, 2012
Coming up n “Near Future” (coming months) DSA/SHA 1, DSA-NSEC 3 -SHA 1, RSASHA 256, RSASHA 512 Full client to “control” the name server daemon (1. 0 does stop and reload) Dynamic zone management (add/remove zones on the fly) n “Not so Near Future” Caching resolver Validating Sql backend API n End June 2012 BSD open source Peter Janssen, EURid. eu Ljubljana, RIPE 64, 2012
Load times comparison n . com zone file (198 million lines) Prepare BIND 9. 8. 1 NSD 3. 2. 8 36 m 58 s YADIFA 0. 8 n Load Ready 38 m 40 s 12 m 03 s 40 m 01 s 8 m 26 s Load Ready 37 s 2 s 100. 000 zones (7 RR) Prepare BIND 9. 8. 1 NSD 3. 2. 8 8 s YADIFA 0. 8 4 s (Dual Xeon 2. 1 Ghz, 48 Gb, Linux Debian) EURid Feb. 2012 Peter Janssen, EURid. eu Ljubljana, RIPE 64, 2012
Dynamic Provisioning n Adding and removing zones Without interrupting “production” Centrally managed n Extension of RFC 2136 “Dynamic Updates in the Domain Name System (DNS UPDATE)” Extend existing channel to “master” (Re)use existing channel between “master” and “slave” Peter Janssen, EURid. eu Ljubljana, RIPE 64, 2012
Dynamic Provisioning 1. Dyn. Upd. message : {abc. eu} - Master : NS 1 - Slave : NS 2 -. . 2. Notify : {abc. eu} Name server 1 3. AXFR/IXFR: {abc. eu} - Master(NS 1) -. . 4. Dyn. Upd. message : {abc. eu} - Master : NS 1 - Slave : NS 2 + NS 3 -. . Name server 2 Name server 3 All name servers are configured with a minimal set of access control rules Peter Janssen, EURid. eu Ljubljana, RIPE 64, 2012
Dynamic Provisioning n Dynamic Update Message +-----------+ | Header | +-----------+ | Zone | +-----------+ | Prerequisite | +-----------+ | Update | +-----------+ | Additional Data | +-----------+ Peter Janssen, EURid. eu Ljubljana, RIPE 64, 2012
Dynamic Provisioning n Zone Section 1 1 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +--+--+--+--+--+--+--+--+ | | / ZNAME / / / +--+--+--+--+--+--+--+--+ | ZTYPE | +--+--+--+--+--+--+--+--+ | ZCLASS | +--+--+--+--+--+--+--+--+ abc. eu SOA 0 x 2 a Peter Janssen, EURid. eu Ljubljana, RIPE 64, 2012
Dynamic Provisioning n Prerequisite Section When adding -> should not exist When removing -> should exist . . . Peter Janssen, EURid. eu Ljubljana, RIPE 64, 2012
Dynamic Provisioning n Update Section 1 1 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +--+--+--+--+--+--+--+--+ | | / NAME / | | +--+--+--+--+--+--+--+--+ | TYPE | +--+--+--+--+--+--+--+--+ | CLASS | +--+--+--+--+--+--+--+--+ | TTL | | | +--+--+--+--+--+--+--+--+ | RDLENGTH | +--+--+--+--+--+--+--+--| / RDATA / +--+--+--+--+--+--+--+--+ abc. eu zonetype, zonefile, zonenotify, master, dnssec, . . . 0 x 2 a Peter Janssen, EURid. eu Ljubljana, RIPE 64, 2012
Dynamic Provisioning n Update Section TYPE RDATA zonetype Master | Slave zonefile Zone file full name zonenotify IP address, TSIG master IP address, TSIG Peter Janssen, EURid. eu Ljubljana, RIPE 64, 2012
Dynamic Provisioning n n “Activate” new configuration “Query like” message NAME : abc. eu CLASS : 0 x 2 a TYPE : freeze | unfreeze | merge | save n Check status NAME : <STATUS> CLASS : 0 x 2 a TYPE : <whatever you need to follow up and check on> Peter Janssen, EURid. eu Ljubljana, RIPE 64, 2012
One slide to say it all. . . URL : http: //www. yadifa. eu EMAIL : info@yadifa. eu Mailinglists : yadifa-announce, yadifa-users yadifa. eu. NS NS ns. yadifa. eurid. eu. yadifa. eu DNS is served by YADIFA! LET US KNOW WHAT Y: : O: : U THINK, PLEASE GET IN T: : O: U: C: H YADIFA 1. 0 RC binaries available now Cent. OS (32&64 bit) free. BSD (64 bit) Debian (32&64 bit) os. X(Lion) (64 bit) YADIFA 1. 2 BSD open source license June 2012 Peter Janssen, EURid. eu Ljubljana, RIPE 64, 2012
- Ripe network coordination centre
- Ripe db search
- Love is a ripe plum poem
- Ripe database download
- Request tracking system
- Ripe db
- Ripe meeting
- Ripe meaning
- Alexander semenyaka ripe
- Classes of yeast bread
- Why was russia ripe for revolution ww1
- Ripe past
- Ripe reverse dns
- Could this be the invisible man's hair tonic
- Ripe ncc staff
- Hans and zacharias janssen cell theory timeline