1 / 16

ENUM DNS Provisioning

ENUM DNS Provisioning. Anton Holleman Anton.Holleman@nominum.com. Topics. Nominum Definition provisioning Which ENUM? Various scenarios Conclusions. Who Is Nominum?. Founded in 1999 Focused 100% on IP asset infrastructure IP addresses, leases, names DNS, DHCP & IP address management

moorebarbara
Télécharger la présentation

ENUM DNS Provisioning

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ENUM DNS Provisioning Anton Holleman Anton.Holleman@nominum.com

  2. Topics • Nominum • Definition provisioning • Which ENUM? • Various scenarios • Conclusions

  3. Who Is Nominum? • Founded in 1999 • Focused 100% on IP asset infrastructure • IP addresses, leases, names • DNS, DHCP & IP address management • Located in Silicon Valley and London • Pioneers of DNS, DHCP & IP address allocation • Paul Mockapetris, Chief Scientist & Chairman • Inventor of DNS, author of DNS RFCs • David Conrad, Chief Technical Officer & Founder • Director of BIND development effort • Member of ARIN board, founder of APNIC • Ted Lemon, Senior Architect • Developer of ISC-DHCP, co-author of DHCP Handbook

  4. Definition Provisioning • ‘The act of supplying services to and enabling features for a subscriber’ • Self service/automation • Authentication • Authorization • End-to-end provisioning • ‘Logistics’: Validation, Registry/Registrar interaction • Configure DNS servers in the back end • This presentation abstracts from validation, Registry/Registrar interaction • Focus is DNS provisioning only

  5. Various ENUM Incarnations • User ENUM • Carrier ENUM • Enterprise ENUM • Each ENUM flavour differs in administrative complexity • Carrier and Enterprise ENUM have less parties involved and should be ‘easier’ to realize • DNS provisioning is common ground

  6. Two Aspects of DNS Provisioning: Initial Setup and Service Configuration • Set up: Delegation zone • Executed after validation • Service configuration: Management NAPTR records • By subscriber through for instance self service portal • By automated configuration derived from for instance corporate directory • By ENUM client using shared secrets • By ENUM client using Kerberos • And others ……..

  7. Delegation Zone Primitives • Primitives • Create/Update/Delete zone to master server • Create/Update/Delete zone to slave servers • Create/Update/Delete zone delegation records • Automated execution after successful validation • API • No service down time when changing the server configuration

  8. Management NAPTR Records • Multiple scenarios possible using • Static DNS • Dynamic DNS • Kerberos: GSS-TSIG signed • Shared secret: TSIG signed • Some example scenarios will be given

  9. IXFR/AXFR Scenario 1: Subscriber Uses Self Service Portal Portal ENUM SUBSCRIBER Master nameserver Slave nameserver Slave nameserver Applicable to User and Enterprise ENUM Authentication/authorization in portal

  10. IXFR/AXFR Scenario 2: Automated Configuration Derived From A Directory Directory Automated process Master nameserver Slave nameserver Slave nameserver Most applicable to Carrier and Enterprise ENUM Authentication/authorization in directory/process logic

  11. Scenario 3: Shared Secret Dynamic DNS • Portal is only used to enrol a user and to manage TSIG key • Portal application takes care for setting the authorization/authentication in the DNS servers • ENUM enabled application writes the DNS RRs using TSIG signed dynamic DNS messages

  12. TSIG-key IXFR/AXFR DDNS TSIG Signed Scenario 3 Portal ENUM SUBSCRIBER Master nameserver Slave nameserver Slave nameserver ENUM enabled device Authentication/authorization in DNS server

  13. Scenario 4: GSS-TSIG Dynamic DNS • Portal is only used to enrol a user and to manage TSIG key • Portal application takes care for setting the authorization/authentication in the DNS servers • ENUM enabled application writes the DNS RRs using GSS-TSIG signed DNS messages

  14. IXFR/AXFR Scenario 4: Dynamic Update Is Validated Against Kerberos Kerberos Kerberos Portal ENUM SUBSCRIBER Master Nameserver Kerberos Principal DDNS GSS TSIG Signed Slave nameserver Slave nameserver ENUM enabled device Kerberos Principal Authentication/authorization in DNS server

  15. Scenario 5: Seamless Integration of Multiple Carrier and Enterprise ENUMs • Enterprises can grow private ENUM tree independently • Merger, acquisitions, business relationships force ENUM name interconnectivity • Standard DNS methods can be applied • Stubs and forwarders

  16. Summary • All the scenarios are based on open standards • More scenarios are possible!! • DNS enables signalling that is as robust and integrated as the legacy system • But more flexible • Not constrained to telecom networks only • All components are available today • Except the ENUM clients that do DDNS? • Solution scales very well • Proven technology: DNS is the largest distributed storage • Procedural: DNS delegation and Kerberos realms • Low DNS latency translates into short call set up time for end-users • User expectations set by POTS

More Related