ICANNs Monitoring System API Focus on ccTLDs Francisco Arias Tech - - PowerPoint PPT Presentation

icann s monitoring system api
SMART_READER_LITE
LIVE PREVIEW

ICANNs Monitoring System API Focus on ccTLDs Francisco Arias Tech - - PowerPoint PPT Presentation

Apr 03, 2023 481 likes •652 views

ICANNs Monitoring System API Focus on ccTLDs Francisco Arias Tech Day 26 June 2017 | 1 Agenda ICANNs SLAM system Statistics MoSAPI Zone File Access | 2 ICANNs SLA Monitoring (SLAM) system | 3 | 3 What is the SLAM?

slide-1
SLIDE 1

| 1

ICANN’s Monitoring System API

Francisco Arias Tech Day 26 June 2017 Focus on ccTLDs

slide-2
SLIDE 2

| 2

Agenda

¤ ICANN’s SLAM system ¤ Statistics ¤ MoSAPI ¤ Zone File Access

slide-3
SLIDE 3

| 3 | 3

ICANN’s SLA Monitoring (SLAM) system

slide-4
SLIDE 4

| 4

What is the SLAM?

  • Zabbix monitoring platform with additional

custom plugins and code available at: svn://svn.zabbix.com/branches/2.0.rsm/opt/ zabbix

  • Probe node network of ~40 probe nodes
  • Designed to avoid false positives
  • Consolidates data points in a rolling week

basis

slide-5
SLIDE 5

| 5

How it works?

slide-6
SLIDE 6

| 6

DNS test

  • One non-recursive DNS query sent every

minute from each active probe node:

  • for A record for QNAME

www.zz--icann-monitoring.<TLD>

  • to every IP-address/NS pair of <TLD>
  • If DNSSEC is offered:
  • NSEC/NSEC3 and the signatures are

verified

  • The chain of trust is validated against

the root zone KSK

slide-7
SLIDE 7

| 7

DNS test

  • Examples of failure criteria
  • No reply
  • Invalid reply (e.g., RCODE/SERVFAIL)
  • Malformed or invalid responses
  • Broken chain of trust
  • NSEC and NSEC3 errors
slide-8
SLIDE 8

| 8 | 8

Statistics

slide-9
SLIDE 9

| 9

Some data points

  • 273 ccTLD’s DNS failures have reached 4 hours
  • r more in a rolling week period
  • 60 of 295 ccTLDs have reached 4 hours of

downtime at least one time in a rolling week

  • 178 of 295 (60%) ccTLDs have had at least one

DNS service down event

  • 34 of 48 (70%) IDNs ccTLDs
  • 144 of 247 (58%) ASCII ccTLDs
  • 5 ccTLDs are down most of the time

Note: Data from 1 October 2014 to 31 May 2017

slide-10
SLIDE 10

| 10

ccTLD’s DNS downtime incidents of 4+ hours

slide-11
SLIDE 11

| 11 | 11

MoSAPI

ICANN’s Monitoring System API

slide-12
SLIDE 12

| 12

MoSAPI

  • REST API methods to retrieve data

collected by the SLAM in ~real-time

  • In pilot mode at the moment
  • A registry can only see their own

performance data

slide-13
SLIDE 13

| 13

MoSAPI - Credentials

  • Username, Password, List of IP address

blocks (IPv4 and/or IPv6)

  • Current pilot only supports IPv4 transport
  • Interested ccTLDs can request access

through ICANN’s Global Support Center at globalSupport@icann.org

  • Plan to authenticate requestor relying on

the ccTLD contacts in IANA

slide-14
SLIDE 14

| 14 | 14

Zone File Access

slide-15
SLIDE 15

| 15

Zone File Access

  • ICANN is interested in periodic access to

ccTLD’s zone files

  • Interest on statistics like:
  • DNSSEC penetration,
  • IDNs penetration,
  • Active names; and
  • Input to the DAARS
  • Interested ccTLDs please contact us at

globalSupport@icann.og

slide-16
SLIDE 16

| 16

Engage with ICANN

Visit us at icann.org

Thank You and Questions

flickr.com/icann linkedin/company/icann @icann facebook.com/icannorg youtube.com/icannnews soundcloud/icann slideshare/icannpresentations

Email: globalSupport@icann.org