Latin American DNS Observatory Hugo Salgado, NIC Chile, hugo@nic.cl - - PowerPoint PPT Presentation

latin american dns observatory
SMART_READER_LITE
LIVE PREVIEW

Latin American DNS Observatory Hugo Salgado, NIC Chile, hugo@nic.cl - - PowerPoint PPT Presentation

Oct 29, 2022 426 likes •536 views

Latin American DNS Observatory Hugo Salgado, NIC Chile, hugo@nic.cl ICANN 53, Buenos Aires, june 2015 History LAC Strategic Plan 2013-2016 Experience on Observatorio de Resiliencia de .CL LObservatoire sur la rsilience

slide-1
SLIDE 1

Latin American DNS Observatory

Hugo Salgado, NIC Chile, hugo@nic.cl ICANN 53, Buenos Aires, june 2015

slide-2
SLIDE 2

History

  • LAC Strategic Plan 2013-2016
  • Experience on “Observatorio de Resiliencia de

.CL”

– L’Observatoire sur la résilience de l’Internet français

  • Working group:

– Alejandro Acosta, LACNIC – Victor Fernandes & Antonio Alberti (Brasil) – Juan Manuel Rojas (Colombia) – Hugo Salgado, NIC Chile

2

slide-3
SLIDE 3

Resilience in DNS

  • What do we mean by 'resilience' ?

Capacity of keeping an adecuate level of service in front of failures or unexpected events

  • Scenarios

– Natural disasters – Excessive overload – Malicious events (attacks)

3

slide-4
SLIDE 4

Resilience in Internet

  • DNS does not exist in a void
  • There are others layers above and below DNS

that can and do affect its behavior

– Physical interconection

  • Wires, fibers, datacenters, antennas.

– Routing

  • BGP, routing stability (critical for anycast operation)

– DNS software – Mission-critical applications that depend on the DNS

  • All things web
  • Instant messaging
  • e-mail

4

slide-5
SLIDE 5

“Observatorio Latam del DNS”

  • Reference point for technical measurements
  • Goals

– Improve know-how among all involved – Measure the speed of change

  • How fast are new things implemented ?

– Standards compliance – Application of best practices – Promote cooperation between stakeholders

  • Twice-yearly reports

5

slide-6
SLIDE 6

Measurements

  • Both active and passive measurements
  • Performed in a periodic and systematic way
  • Performed by monitors or probes installed in

strategic places

  • Deliver reports, trends and and provide

recommendations to the community

6

slide-7
SLIDE 7

Initial Metrics (1/2)

  • Topology of authoritative servers

– Number of NS per zone – Diversity of IP blocks / ASN

  • Standards compliance

– EDNS – Malformed queries – TCP support

7

slide-8
SLIDE 8

First Metrics (2/2)

  • Common vulnerability check

– Random ports – Adequately deny recursion

  • Development of new technologies

– DNSSEC – IPv6 adoption

8

slide-9
SLIDE 9

Next steps

  • Installation of first monitor and begin first active

measurements

  • Cooperation with CcTLDs

– Use of domain rankings (Alexa, etc.)

  • First report in 2016
  • Future:

– Active measurements – Reports “a la carte”

9

slide-10
SLIDE 10

Gracias

10