The new APNIC DNS generation system Previous System
- Slides: 15
The new APNIC DNS generation system
Previous System • Direct access to backend whois. db files – Constructed radix tree in memory from domain objects – Walked tree in order to derive • Zone files for changed zones • • • Change was defined by changed: field in domain object being current date Zone files pushed to DNS via RSYNC Secondary zones controlled by PEERS files, p 2 n. pl script.
Problems • Monolithic solution – Hard to add new options • New database changed data format – backend SQL in v 3 would require recoding anyway • NS reload slow, buggy – Too many periods with only one functional NS
Problems contd • Secondary management intertwined with primary function – Needed better functional separation – Bind problems • master / secondary / master • Uneccessary DNS changes – SOA incremented for descr, nic-hdl changes
Goals for a new production system • Make zone update more efficient • Allow addition of new features • Separate secondaries from main process • Simplify zonefile production
Goals (continued) • Make zone update more efficient – • Can support dynamic processes when viable Allow addition of new features – – DNSSEC zone signing LAME delegation processing NOTIFY based push to DNS from master SOA serial increment on real change, not from changed: flag
Goals (continued) • Separate secondaries from main process – • Improves DNS stability Simplify zonefile production – – staged pipeline of simple phases Use UNIX tools
Simple Pipelined process Easy to add parallel passes (eg to merge external data sources)
Separated secondary processes • Not based on whois domain records • Separate servers • Better records management on prime source contacts • Improved management processes • Can offer scaleable secondary services – To cc. TLD, AP-community, members
Integrating the ERX process • ARIN ERX transfer process: – fetch of (partial) zone contents – Production of matching file for ARIN, RIPE to fetch from APNIC • Staged pipeline highly amenable to both local and ERX processes • Permits normal whois activity for enduser management of domain object.
Implementation timeline • April identify need for new process – Discuss DNS generation with other RIR, IETF dnsops people • June ERX discussions Toronto – Implementation of treewalk->flatfile • July – Full DNS zone generation • August – Deployment
Issues • Time between ns 1, ns 3 restart – Needed to be kept to a minimum • soa serial/contents mismatch – Ensure at least one NS was functional at all times • Check in-addr. arpa resolution offsite • Check non-reverse-tree DNS status – cc. TLD secondaries, RIPE/ARIN secondaries
Interesting side-effects • DNS lookup times in reverse are faster for clients when no cached data – Less recursion to find authoritative answer • NXDOMAIN is faster – Less noise on the wire • Top level /8 serial increments more often – We can adjust cache/ttl settings to tune
Traffic Measurements DNS cutover, Aug 19
Post-Upgrade behaviour • • • DNS update is faster, simpler Less delay from whois -> DNS Overall DNS traffic dropped More consistent load share JP/AU US/Europe now fully serviced APNIC can deploy new services – Pre-creation of domain objects – LAME checks
- Apnic dns
- Debogon project
- My.apnic
- Animal anthony apnic
- Apnic whois
- Geoff huston apnic
- Apnic ec
- First generation antipsychotics vs second
- From generation to generation we worship you
- New product development process of cadbury
- Define new entry in entrepreneurship
- Teachers the new generation will be your devotion
- New joshua generation
- New generation wwf
- New generation devices
- Generation new millenium