In message <200206061624.40230.dani@intelideas.com>, Daniel Concepcion writes:
Yes Neil,
It should be interesting to know the 'official' requirements/recommendations for ccTLD's hosting For example: diversity geographical, network needs, security needs, building environment., etc
I don't know of any official requirements. But RFCs 2182 and 2870 offer good guidance. (Some of 2870 is root zone-specific, but most of it would apply to a ccTLD server.) --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com ("Firewalls" book)
On Thu, Jun 06, 2002 at 02:12:36PM -0400, Steven M. Bellovin wrote:
In message <200206061624.40230.dani@intelideas.com>, Daniel Concepcion writes:
Yes Neil,
It should be interesting to know the 'official' requirements/recommendations for ccTLD's hosting For example: diversity geographical, network needs, security needs, building environment., etc
I don't know of any official requirements. But RFCs 2182 and 2870 offer good guidance. (Some of 2870 is root zone-specific, but most of it would apply to a ccTLD server.)
Unfortunately most of the ccTLD nameserver operators ignore 2870 (including one of the authors...)
In message <200206061624.40230.dani@intelideas.com>, Daniel Concepcion writes:
Yes Neil,
It should be interesting to know the 'official' requirements/recommendations for ccTLD's hosting For example: diversity geographical, network needs, security needs, building environment., etc
I don't know of any official requirements. But RFCs 2182 and 2870 offer good guidance. (Some of 2870 is root zone-specific, but most of it would apply to a ccTLD server.)
--Steve Bellovin, http://www.research.att.com/~smb (me)
It is perhaps instructive to note that when RFC 2870 was written, (most of) the roots also hosted COM,NET,ORG. Considered properly, RFC 2870 is more targeted toward gTLD servers. ccTLDs have a moderately different focus, while root servers are distinct from either in their requirements. --bill
On Thu, Jun 06, 2002 at 07:53:49PM +0000, bmanning@karoshi.com wrote: ...
I don't know of any official requirements. But RFCs 2182 and 2870 offer good guidance. (Some of 2870 is root zone-specific, but most of it would apply to a ccTLD server.)
--Steve Bellovin, http://www.research.att.com/~smb (me)
It is perhaps instructive to note that when RFC 2870 was written, (most of) the roots also hosted COM,NET,ORG. Considered properly, RFC 2870 is more targeted toward gTLD servers. ccTLDs have a moderately different focus, while root servers are distinct from either in their requirements.
So how does the operation of gTLD servers differ from ccTLD servers, other than perhaps more focus on geographical diversity?
On Thu, Jun 06, 2002 at 07:53:49PM +0000, bmanning@karoshi.com wrote: ...
I don't know of any official requirements. But RFCs 2182 and 2870 offer good guidance. (Some of 2870 is root zone-specific, but most of it would apply to a ccTLD server.)
--Steve Bellovin, http://www.research.att.com/~smb (me)
It is perhaps instructive to note that when RFC 2870 was written, (most of) the roots also hosted COM,NET,ORG. Considered properly, RFC 2870 is more targeted toward gTLD servers. ccTLDs have a moderately different focus, while root servers are distinct from either in their requirements.
So how does the operation of gTLD servers differ from ccTLD servers, other than perhaps more focus on geographical diversity?
number and distributions of registrations, legacy considerations that may reflect on legal issues, local policy issues that off the top of my head. .com vs .um -- for example. --bill
On Fri, Jun 07, 2002 at 03:17:51AM +0000, bmanning@karoshi.com wrote: ...
So how does the operation of gTLD servers differ from ccTLD servers, other than perhaps more focus on geographical diversity?
number and distributions of registrations, legacy considerations that may reflect on legal issues, local policy issues that off the top of my head.
.com vs .um -- for example.
number and distribution of registrations maybe - that comes down to number and sizing of servers and geography/network diversity, the others are at best operational concerns for the backend, not for the "frontend" DNS servers. Taking RFC 2870, why wouldn't all of section 2 and most of section 3 and section 4 be applicable to both gTLD and ccTLD servers (changing root zone and IANA as appropriate)?
number and distribution of registrations maybe - that comes down to number and sizing of servers and geography/network diversity, the others are at best operational concerns for the backend, not for the "frontend" DNS servers.
backend/frontend?
Taking RFC 2870, why wouldn't all of section 2 and most of section 3 and section 4 be applicable to both gTLD and ccTLD servers (changing root zone and IANA as appropriate)?
sure, you could take those sections as a starting point. But why stop at TLDs? Why not make this applicable to -ALL- dns servers? The problem we tried to tackle with RFC 2010, and apparently not well considered by the authors of RFC 2870 is the difficulty of segmenting system availabilty from operations. So to clarify, are you talking about the server operations or are you talking about availability of the zone? RFC 2870 muddies the waters here. You seem to be leaning toward ensuring availablity. RFC 2010 attempted to make the distinction. gTLD servers, today, have an operational requirement to run on 64bit hardware. Few if any ccTLDs have that as a requirement. The root servers may not see that requirement until 2038 or so... In any case, RFC 2870 is getting long in the tooth and
On Fri, 07 Jun 2002 12:18:19 -0000, bmanning@karoshi.com said:
sure, you could take those sections as a starting point. But why stop at TLDs? Why not make this applicable to -ALL- dns servers?
Mighty fine pharmaceuticals you got there. ;) I'd settle for a requirement that dns servers have *basic* configuration correct - I mean, is it *that* hard to avoid lame delegations and typos in the SOA or NS records? -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
Valdis.Kletnieks@vt.edu wrote:
I mean, is it *that* hard to avoid lame delegations and typos in the SOA or NS records?
apparently -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
participants (5)
-
bmanning@karoshi.com -
Eric A. Hall -
John Payne -
Steven M. Bellovin -
Valdis.Kletnieks@vt.edu