ccnso tech day
play

ccNSO Tech Day .au Registry Transform ation Project Barcelona, - PowerPoint PPT Presentation

Sep 13, 2022 •303 likes •562 views

ccNSO Tech Day .au Registry Transform ation Project Barcelona, Spain 22 October 2018 9/11/2018 1 Contents Background Transition Outcomes Lessons Learnt 9/11/2018 2 Background 9/11/2018 3 Background - Timeline Afilias

  1. ccNSO Tech Day .au Registry Transform ation Project Barcelona, Spain 22 October 2018 9/11/2018 1

  2. Contents • Background • Transition • Outcomes • Lessons Learnt 9/11/2018 2

  3. Background 9/11/2018 3

  4. Background - Timeline Afilias Ausregistry Ausregistry Ausregistry Ausregistry agreement agreement agreement agreement agreement 2018-2022 2002 -2006 2006-2010 2010-2014 2014-2018 (signed Dec 17) (signed Dec 01) (signed Nov 05) (signed Feb 09) (signed Oct 13) Tender Tender Negotiation Negotiation EOI 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 Registry Competition Registry I ndustry I ndustry Transition Model Competition Competition Advisory 1 July 2018 Advisory Review Advisory Panel Panel Panel Panel Dec 2012 June 2001 Nov 2004 Oct 2008 4 9/11/2018

  5. Registry Transformation Project Goals a) Clear and effective separation between policy and operations b) Maintain and further enhance trust with the Australian Government and the Australian community c) Maintain operational stability and utility of the .au ccTLD d) Becoming a world leader in managing security, confidentiality, integrity and availability of .au registry data e) Supporting longer term goal to be an Emergency Back-end Registry Operator (EBERO) for other gTLDs or ccTLDs f) Supporting a data science and data analytics capability in relation to the registry data 9/11/2018 5

  6. Second level domains • .com.au - 2.8m names - main commercial name space in Australia • .net.au - 260,000 names – originally for network providers • .org.au – 70,000 names – for non-commercial organizations • .id.au – 12,000 names – for individuals • .asn.au – 3,400 – incorporated and un-incorporated associations • .edu.au (.vic.edu.au etc) – 17,000 – educational institutions • .gov.au (.nsw.gov.au, .vic.gov.au etc) – 5,000 – Government entities • .qld.au, .vic.au etc – 220 - neighbourhood community orgs • Linux.conf - 1 – technical conference • Total - 3.1m names 6

  7. Expression of Interest process • The Request for Expressions of Interest ( REOI ) was the initial scoping exercise to: • define parameters of the subsequent restricted tender process • assess potential suppliers and options • Call for Expression of Interest – 29 May 2017 • Expression of Interest closed – 26 June 2017 • Received 15 responses –mixture of ccTLD, gTLD operators, and software development proposals 9/11/2018 7

  8. Request for Tender process • Draft Technical Specification published for comment – 26 August 2017 • Summary of changes to Technical Specification published 21 September 2017 • Request for Tender (RFT) issued – 1 September 2017 • RFT closed – 3 October 2017 • 9 complete responses • Short list of 3 – asked for best and final offers, and negotiated contracts with all 3 • Afilias selected in Dec 2017 9/11/2018 8

  9. Relevant international standards • ISO 31000 – Risk management • ISO 27000 – Information Security Management Systems • ISO 22301 – Business Continuity Management Systems • ISO 20000 – Service Management • ITIL Service Operation – 2011 edition 9/11/2018 9

  10. Relevant Australian Security standards • Australian Signals Directorate – Essential Eight • Application Whitelisting • Patch applications • Configure Microsoft Office macro stings • User application hardening • Restrict Administrative privileges • Patch Operating Systems • Multi-factor authentication • Daily backups • Australian Gov’t Information Security Manual (ISM) – Protected level 9/11/2018 10

  11. Transition betw een Registry Operators 9/11/2018 11

  12. Transition Approach • 6 month process – a lot to do: • Software Development – customized data fields and EPP extensions • Data Migration – 3.1 million domains, and numerous host and contact records • Infrastructure build – registry platform, disaster recovery site, DNS nodes in each Australian capital city (8) • Close coordination with registrars – monthly briefings 12

  13. Transition Approach • Focussed on International and Australian best practice standards with respect to the transition of a major IT service provider • Particular focus on risk management (ISO 31000) and security (ISO 27001) • Ernst & Young engaged as independent risk assurance auditor and provided reports to the auDA Board on the state of risk management 13

  14. Software development • Test environments for registrars delivered in March (Phase 1) and April (Phase 2) 2018 • First test environment included all the core operations to create, update, renew and cancel domain names • Second test environment included more specialized commands – support for resellers, policy deletes, registrant-to-registrant transfers • Extensive testing from Feb 2018 to June 2018 • Afilias testing team • auDA testing team • Registrar testing 14

  15. Data Migration • Gained access to the data from the previous registry operator in March 2018 • Monthly drops of registry data – Mar, Apr, May • Weekly drops of registry data – June • Had read access to the .au second level zones • Migrated each drop of data into a test platform and generated zonefiles to compare with the existing operator’s generated zonefile , and also created a publicly accessible WHOIS service in May 2028 using the data that registrars could check for errors • Identified data gaps from the existing provider and also constantly adjusted the migration scripts to address migration errors 15

  16. Infrastructure Rollout • Registry Data had to stay in Australia • Test environments were built in Australia as well as production environment • Before any registry data was allowed to be used in any environment it needed to go through a security audit and penetration testing • Full DR testing was also completed prior to transition • Began operating Afilias DNS nameservers at top level in Jan 2018, and copies of the zone also operated at the second level (unlisted in .au). Progressively added nameservers in each capital city over Jan to Jun 2018 period. 9/11/2018 16

  17. DNS transition • Ran new nameservers with copies of the zone file months before transition • In the week before transition – new nameservers were added to the .au zone file, and the previous registry operator nameservers were removed • DNSSEC signatures for the new registry were published in the zone weeks before transition • On transition day Afilias took over publishing and signing the zonefile – all the new DNS nameservers were already operating before the transition weekend 9/11/2018 17

  18. Independent audits • Multiple independent reviews of security prior to transition • Ernst & Young - risk assurance – weekly review • Pivot Point Security – appointed by Afilias for penetration testing • Foresight IT Consulting – appointed by the Aust. Government to do an independent review of security processes for transition • Australian Government security agencies (ASD, ASIO, ACSC) did their own separate review of security • Regular meetings with the auDA Board’s Security and Risk Committee 9/11/2018 18

  19. Crisis Management • Crisis management plan developed with input from Afilias, auDA, and Australian Government security agencies • Multiple crisis scenario exercises run with the participation of Afilias, auDA, and Australian Government security agencies, with auDA Board observers 9/11/2018 19

  20. Registry cut-over on 30 June / 1 July • Announced a 48 hour planned outage • Target was completion in 24 hours with a 24 hour buffer • Final copy of the registry data from the previous operator was delivered ahead of schedule on 30 June • Data migration completed smoothly • Completed transition within 24 hours • Most Registrars immediately commenced operations on 1 July with little disruption • auDA uses a network of 20 probes covering Australian cities as well as key locations globally - measuring uptime and performance 9/11/2018 20

  21. Outcom es 9/11/2018 21

  22. Key outcomes • Lower registry fee – 10% drop in wholesale prices for registrars • Registry Data to remain in Australia • DNS services in all Australian capital cities • Perth, Adelaide, Melbourne, Hobart, Canberra, Sydney, Brisbane, Darwin • Pro-active security monitoring – daily inspection of names • Extensive data collection for advanced data analytics to move to proactive compliance management and development of business information for registrars • Focus on improved security and performance 9/11/2018 22

  23. Lessons Learnt 9/11/2018 23

  24. Lessons for next time • EPP testing was very thorough but would have benefited from being able to test EPP commands through to a test WHOIS display • Earlier you get access to the registry data the better - would have preferred access 6 months before transition • Differences in how the registry operators publish host data in the DNS – Neustar took a narrow publishing approach and Afilias a wide publishing approach - resulted in some old host records being published that were used by some resolvers when the authoritative servers failed – focus of testing was on the domain name data rather than some of the host address data 9/11/2018 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CAs and the New Paradigm ICANN 47 ccNSO Tech Day Dan Timpson sales@digicert.com

CAs and the New Paradigm ICANN 47 ccNSO Tech Day Dan Timpson sales@digicert.com

CAs and the New Paradigm ICANN 47 ccNSO Tech Day Dan Timpson sales@digicert.com www.digicert.com +1 (801) 877-2100 Looking Back (2011) Hacking/complete compromise of CA Problem: system over many months; cert

340 views • 19 slides
.br technical overview Frederico Neves <fneves@registro.br> CTO NIC.br ICANN ccNSO tech

.br technical overview Frederico Neves <fneves@registro.br> CTO NIC.br ICANN ccNSO tech

.br technical overview Frederico Neves <fneves@registro.br> CTO NIC.br ICANN ccNSO tech workshop - So Paulo - 20061207 .br brief history and numbers Started public registration in 1996 with the commercial Internet in Brazil In

319 views • 14 slides
A new DNS Delegation Testing Tool Patrik Wallstrm, IIS Vincent Levigneron, AFNIC ccNSO Tech

A new DNS Delegation Testing Tool Patrik Wallstrm, IIS Vincent Levigneron, AFNIC ccNSO Tech

A new DNS Delegation Testing Tool Patrik Wallstrm, IIS Vincent Levigneron, AFNIC ccNSO Tech Day ICANN-54 Dublin Background DNSCheck (IIS) Does not provide deterministic results Zonecheck (AFNIC) Legacy code written in Ruby

872 views • 32 slides
ccNSO Council Priorities Update 25 26 June 2019, Marrakech What Does the ccNSO Council do?!

ccNSO Council Priorities Update 25 26 June 2019, Marrakech What Does the ccNSO Council do?!

ccNSO Council Priorities Update 25 26 June 2019, Marrakech What Does the ccNSO Council do?! 2 3 What is the Role of the ccNSO Council? ICANN Bylaws: The role of the ccNSO Council is to administer and coordinate the affairs of the ccNSO

824 views • 37 slides
Whois in a post-GDPR world - The Norwegian model Hilde Thunem ccNSO Tech Day 22. October 2018

Whois in a post-GDPR world - The Norwegian model Hilde Thunem ccNSO Tech Day 22. October 2018

Whois in a post-GDPR world - The Norwegian model Hilde Thunem ccNSO Tech Day 22. October 2018 Norid collects and processes customer data To ensure that private individuals and organisations can register Norwegian domain names and maintain

432 views • 17 slides
S/MIME Dane Demo ICANN 57 Hyderabad, ccNSO Tech Day 5 Nov 2016 slamb@xtcn.com Background

S/MIME Dane Demo ICANN 57 Hyderabad, ccNSO Tech Day 5 Nov 2016 slamb@xtcn.com Background

S/MIME Dane Demo ICANN 57 Hyderabad, ccNSO Tech Day 5 Nov 2016 slamb@xtcn.com Background Slow Uptake of DNSSEC Need killer-app DANE!! SMIMEA!! But still slow uptake Windows still king Outlook still king Kaminsky 2009

547 views • 5 slides
ccNSO Structure, Background Information What is the ccNSO C ountry C ode N ames S upporting O

ccNSO Structure, Background Information What is the ccNSO C ountry C ode N ames S upporting O

ccNSO Structure, Background Information What is the ccNSO C ountry C ode N ames S upporting O rganisation Develop and recommend global policies relating to ccTLDs to the ICANN Board; Develop voluntary best practices for ccTLD

471 views • 11 slides
IDN ccPDP update ccNSO members webinar 15 May 2013

IDN ccPDP update ccNSO members webinar 15 May 2013

IDN ccPDP update ccNSO members webinar 15 May 2013 Current status and next steps Final Report adopted by ccNSO Council (Beijing meeGng)

226 views • 20 slides
Outcome of the ccNSO Council Workshop 13 - 14 March 2018, San Juan Sunday, 11 March Council

Outcome of the ccNSO Council Workshop 13 - 14 March 2018, San Juan Sunday, 11 March Council

Outcome of the ccNSO Council Workshop 13 - 14 March 2018, San Juan Sunday, 11 March Council Workshop: Balancing Workload & Resources We have a lot to do! ccNSO Activities Who does the work? Participants in ccNSO Working Groups 22 18

571 views • 19 slides
ICANN FY19 OPERATING PLAN AND BUDGET CCNSO-SOPC COMMENTS ccNSO meeting, 13 Mar 2018, ICANN61,

ICANN FY19 OPERATING PLAN AND BUDGET CCNSO-SOPC COMMENTS ccNSO meeting, 13 Mar 2018, ICANN61,

ICANN FY19 OPERATING PLAN AND BUDGET CCNSO-SOPC COMMENTS ccNSO meeting, 13 Mar 2018, ICANN61, San Juan From WG to Committee The Strategic and Operational Working Group (SOPWG) was created at the Cairo ICANN meeting in Nov 2008.

852 views • 8 slides
ccNSO Meeting Strategy Review ccNSO Members Meeting Tuesday, 13 March 2018 | 1 Why? Council

ccNSO Meeting Strategy Review ccNSO Members Meeting Tuesday, 13 March 2018 | 1 Why? Council

ccNSO Meeting Strategy Review ccNSO Members Meeting Tuesday, 13 March 2018 | 1 Why? Council decision January 2016: Approval of Programme WG recommendation The Council resolved to: Welcome the advice of the Programme WG Continue with 3

507 views • 24 slides
The Rules of the ccNSO Initial Discussion 13 14 March 2018, San Juan Some Basic Facts

The Rules of the ccNSO Initial Discussion 13 14 March 2018, San Juan Some Basic Facts

The Rules of the ccNSO Initial Discussion 13 14 March 2018, San Juan Some Basic Facts Adopted: December 2004 ccNSO members (2004) 45 ccNSO members (2018) 165 Call for Membership vote 10% of members (5 in 2004, 17 in 2018) Changes to

519 views • 12 slides
ccNSO PDP(s) on retirement of ccTLDs and Review mechanism Staging a Policy Development Process

ccNSO PDP(s) on retirement of ccTLDs and Review mechanism Staging a Policy Development Process

ccNSO PDP(s) on retirement of ccTLDs and Review mechanism Staging a Policy Development Process Stage 1 (Launch) Starts with ccNSO Council decision Description of issues, assessment of timeline, assessment whether in scope of

445 views • 8 slides
Incident Response WG current status Joerg Schweiger WG Chair <ccnso-erpwg@icann.org>

Incident Response WG current status Joerg Schweiger WG Chair <ccnso-erpwg@icann.org>

Incident Response WG current status Joerg Schweiger WG Chair <ccnso-erpwg@icann.org> <schweiger@denic.de> Nairobi 2010, ICANN ccNSO Meeting Charter Purpose assist in implementing sustainable mechanisms for the engagement of

88 views • 8 slides
Anycast Anycast Peering and Peering and Sinkholes Sinkholes Greg Wallace Greg Wallace ICANN

Anycast Anycast Peering and Peering and Sinkholes Sinkholes Greg Wallace Greg Wallace ICANN

Anycast Anycast Peering and Peering and Sinkholes Sinkholes Greg Wallace Greg Wallace ICANN ICANN - 63, Barcelona 63, Barcelona ccNSO Tech Day ccNSO Tech Day Monday 21 October, 2018 Monday 21 October, 2018 netactuate.com @netactuate

496 views • 22 slides
| 1 New gTLD Auction Proceeds Cross Community Working Group Ching Chiao (ccNSO appointed

| 1 New gTLD Auction Proceeds Cross Community Working Group Ching Chiao (ccNSO appointed

| 1 New gTLD Auction Proceeds Cross Community Working Group Ching Chiao (ccNSO appointed co-chair) ICANN63 | ccNSO Members Meeting 23 October 2018 STATUS UPDATE What is the New gTLD Program? The goal of the New gTLD Program is to foster

286 views • 28 slides
A U I 2017 ANNUAL GENERAL MEETING $M 45.0 $43.7M $42.0M $41.9M 40.0 $39.1M 35.0 $34.3M

A U I 2017 ANNUAL GENERAL MEETING $M 45.0 $43.7M $42.0M $41.9M 40.0 $39.1M 35.0 $34.3M

A U I 2017 ANNUAL GENERAL MEETING $M 45.0 $43.7M $42.0M $41.9M 40.0 $39.1M 35.0 $34.3M 30.0 25.0 2013 2014 2015 2016 2017 * Adjusted for Bonus element in Rights Issue 40.0 37.7 * 35.0 35.5 35.3 35.0 * 31.7 30.0 * 25.0

455 views • 11 slides
A U I DISCLAIMER This document is confidential and strictly for use by the recipient only.

A U I DISCLAIMER This document is confidential and strictly for use by the recipient only.

AUSTRALIAN UNITED INVESTMENT COMPANY LIMITED ABN 37 004 268 679 A U I DISCLAIMER This document is confidential and strictly for use by the recipient only. This document must not be disseminated to any person other than the recipient.

449 views • 15 slides
Stack-Pointer Networks for Dependency Parsing Xuezhe Ma 1 , Zecong Hu 2 , Jingzhou Liu 1 ,

Stack-Pointer Networks for Dependency Parsing Xuezhe Ma 1 , Zecong Hu 2 , Jingzhou Liu 1 ,

Stack-Pointer Networks for Dependency Parsing Xuezhe Ma 1 , Zecong Hu 2 , Jingzhou Liu 1 , Nanyun Peng 3 , Graham Neubig 1 and Eduard Hovy 1 1 Carnegie Mellon University 2 Tsinghua University 3 University of Southern California

562 views • 34 slides
A Spatio-temporal Database Model for Transportation Surveillance Videos Sept. 11, 2006 Xin Chen,

A Spatio-temporal Database Model for Transportation Surveillance Videos Sept. 11, 2006 Xin Chen,

A Spatio-temporal Database Model for Transportation Surveillance Videos Sept. 11, 2006 Xin Chen, Chengcui Zhang University of Alabama at Birmingham U.S.A 1 Introduction and Motivation There is a proliferation of transportation

237 views • 23 slides
PRODUCTION February 2019 Disclaimer The purpose of this presentation is to provide general

PRODUCTION February 2019 Disclaimer The purpose of this presentation is to provide general

RRS Summer For personal use only Series PATH TO PRODUCTION February 2019 Disclaimer The purpose of this presentation is to provide general information about Egan Street Resources Limited (EganStreet or the Company) and it is presented for

453 views • 14 slides
November 2019 Disclaimer All statements in this presentation, other than historical facts, that

November 2019 Disclaimer All statements in this presentation, other than historical facts, that

November 2019 Disclaimer All statements in this presentation, other than historical facts, that address exploration activities and mining potential are forward-looking statements. Although Desert Gold Ventures Inc. believes that the expectations

230 views • 11 slides
Stacking Fault Energy (SFE) and Hardness Calculation in Au and Its Alloys Anuj Goyal, Yangzhong

Stacking Fault Energy (SFE) and Hardness Calculation in Au and Its Alloys Anuj Goyal, Yangzhong

Stacking Fault Energy (SFE) and Hardness Calculation in Au and Its Alloys Anuj Goyal, Yangzhong Li, Aleksandr Chernatynskiy, Simon Phillpot Department of Material Science and Engineering University of Florida 2 Outline and Previous Task

481 views • 12 slides
ALMA Observation overview Kazuya Saigo (Chile Observatory, NAOJ) ALMA ( Atacama Large

ALMA Observation overview Kazuya Saigo (Chile Observatory, NAOJ) ALMA ( Atacama Large

ALMA Observation overview Kazuya Saigo (Chile Observatory, NAOJ) ALMA ( Atacama Large Millimeter/submillimeter Array) Chajnantor plain of the Chilean Andes at an elevation of about 5000m International collaboration project of EA, NA,

410 views • 7 slides

More recommend