190 likes | 368 Vues
ccTLD Best Practices. Michuki Mwangi INET/AfTLD Meeting, Balaclava, Mauritius 30th Nov 2006. Agenda. ccTLD Establishment Policy Development Registry Automation Stability and Redundancy Security Consideration. ccTLD Establishment. Considerations. Stakeholder participation
E N D
ccTLD Best Practices Michuki Mwangi INET/AfTLD Meeting, Balaclava, Mauritius 30th Nov 2006
Agenda • ccTLD Establishment • Policy Development • Registry Automation • Stability and Redundancy • Security Consideration
Considerations • Stakeholder participation • Involvement of Private sector • Academia • Civil Society • Legal fraternity • Government participation • Government support
Considerations …(cont’d) • Domain Registry Model • Open or Closed • Registry/Registrar etc • Sustainability & Commercial Model • Cost of registration • CAPEX • OPEX
Bottom up process • Open Public forums • Mailing lists • Interactive media • Registry/Board proposals
Registry Software • Identifying the appropriate Registry Software • Guided by Registry model and policies • Avoid re-inventing the wheel • Saves on time and development costs • Online System • Online Registrations, Transfers etc • Whois System
Monitoring & Statistics • Its important to monitor Registry Services • Ensures more uptime on services • Open Source applications available for monitoring • E.g Nagios, MRTG, webalizer, cflowd, etc • Statistics enables projection and planning for growth
Selection of Slave DNS Servers • RFC 2182 (BCP16) provides guidelines on selection of Secondary (slave) Servers. • Consider geographic placement • At least 2 Slave Servers and a master • This helps spread name resolution load • Improves efficiency with servers close to resolvers • Avoid NAT
Finding Suitable Slave Servers • Swap slave servers with other ccTLDs in the region (Common practice). • AfTLD, ISOC can help find suitable hosts and organizations to host Slave servers. • Consider Anycast hosting for slave servers www.pch.net
Hardware and Software • Scalability is Key • Provide sufficient memory, processor and disk space. • DNS Software should be fast and capable of handling load (multiple queries per second)
Internet Connection • Ensure upstream provider must be multi-homed • Interconnect at the local/national IXP • Registry should have redundant links to upstream provider • Provider Independent (PI) IP address Space and ASN to enable for effective multi-homing
Best Practice • Implement routing security features • Operating system hardening • Disable Recursion • Have a Stealth Server • Run secure applications • Run TSIG for secondary zone transfers
References • http://ws.edu.isoc.org/workshops/2006/PacNOG2/track1/day3/draft-wenzel-cctld-bcp-02.txt • http://www.pch.net/resources/papers/anycast-services/ • www.isc.org • ftp://ftp.rfc-editor.org/in-notes/rfc2182.txt • www.aftld.org
Thank you www.aftld.org