1 / 19

ccTLD Best Practices

ccTLD Best Practices. Michuki Mwangi AfriNIC5 - INET/AfTLD Meeting, Balaclava, Mauritius 30th Nov 2006. Agenda. ccTLD Establishment Policy Development Registry Automation Stability and Redundancy Security Consideration. ccTLD Establishment. Considerations. Stakeholder participation

sally
Download Presentation

ccTLD Best Practices

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ccTLD Best Practices Michuki Mwangi AfriNIC5 - INET/AfTLD Meeting, Balaclava, Mauritius 30th Nov 2006

  2. Agenda • ccTLD Establishment • Policy Development • Registry Automation • Stability and Redundancy • Security Consideration

  3. ccTLD Establishment

  4. Considerations • Stakeholder participation • Involvement of Private sector • Academia • Civil Society • Legal fraternity • Government participation • Government support

  5. Considerations …(cont’d) • Domain Registry Model • Open or Closed • Registry/Registrar etc • Sustainability & Commercial Model • Cost of registration • CAPEX • OPEX

  6. Policy Development

  7. Bottom up process • Open Public forums • Mailing lists • Interactive media • Registry/Board proposals

  8. Registry Automation

  9. Registry Software • Identifying the appropriate Registry Software • Guided by Registry model and policies • Avoid re-inventing the wheel • Saves on time and development costs • Online System • Online Registrations, Transfers etc • Whois System

  10. Monitoring & Statistics • Its important to monitor Registry Services • Ensures more uptime on services • Open Source applications available for monitoring • E.g Nagios, MRTG, webalizer, cflowd, etc • Statistics enables projection and planning for growth

  11. Stability & Redundancy

  12. Selection of Slave DNS Servers • RFC 2182 (BCP16) provides guidelines on selection of Secondary (slave) Servers. • Consider geographic placement • At least 2 Slave Servers and a master • This helps spread name resolution load • Improves efficiency with servers close to resolvers • Avoid NAT

  13. Finding Suitable Slave Servers • Swap slave servers with other ccTLDs in the region (Common practice). • AfTLD, ISOC can help find suitable hosts and organizations to host Slave servers. • Consider Anycast hosting for slave servers www.pch.net

  14. Hardware and Software • Scalability is Key • Provide sufficient memory, processor and disk space. • DNS Software should be fast and capable of handling load (multiple queries per second)

  15. Internet Connection • Ensure upstream provider must be multi-homed • Interconnect at the local/national IXP • Registry should have redundant links to upstream provider • Provider Independent (PI) IP address Space and ASN to enable for effective multi-homing

  16. Security Considerations

  17. Best Practice • Implement routing security features • Operating system hardening • Disable Recursion • Have a Stealth Server • Run secure applications • Run TSIG for secondary zone transfers

  18. References • http://ws.edu.isoc.org/workshops/2006/PacNOG2/track1/day3/draft-wenzel-cctld-bcp-02.txt • http://www.pch.net/resources/papers/anycast-services/ • www.isc.org • ftp://ftp.rfc-editor.org/in-notes/rfc2182.txt • www.aftld.org

  19. Thank you www.aftld.org

More Related