enum dns provisioning n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
ENUM DNS Provisioning PowerPoint Presentation
Download Presentation
ENUM DNS Provisioning

Loading in 2 Seconds...

play fullscreen
1 / 16

ENUM DNS Provisioning - PowerPoint PPT Presentation


  • 169 Views
  • Uploaded on

ENUM DNS Provisioning. Anton Holleman Anton.Holleman@nominum.com. Topics. Nominum Definition provisioning Which ENUM? Various scenarios Conclusions. Who Is Nominum?. Founded in 1999 Focused 100% on IP asset infrastructure IP addresses, leases, names DNS, DHCP & IP address management

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

ENUM DNS Provisioning


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
  1. ENUM DNS Provisioning Anton Holleman Anton.Holleman@nominum.com

  2. Topics • Nominum • Definition provisioning • Which ENUM? • Various scenarios • Conclusions

  3. Who Is Nominum? • Founded in 1999 • Focused 100% on IP asset infrastructure • IP addresses, leases, names • DNS, DHCP & IP address management • Located in Silicon Valley and London • Pioneers of DNS, DHCP & IP address allocation • Paul Mockapetris, Chief Scientist & Chairman • Inventor of DNS, author of DNS RFCs • David Conrad, Chief Technical Officer & Founder • Director of BIND development effort • Member of ARIN board, founder of APNIC • Ted Lemon, Senior Architect • Developer of ISC-DHCP, co-author of DHCP Handbook

  4. Definition Provisioning • ‘The act of supplying services to and enabling features for a subscriber’ • Self service/automation • Authentication • Authorization • End-to-end provisioning • ‘Logistics’: Validation, Registry/Registrar interaction • Configure DNS servers in the back end • This presentation abstracts from validation, Registry/Registrar interaction • Focus is DNS provisioning only

  5. Various ENUM Incarnations • User ENUM • Carrier ENUM • Enterprise ENUM • Each ENUM flavour differs in administrative complexity • Carrier and Enterprise ENUM have less parties involved and should be ‘easier’ to realize • DNS provisioning is common ground

  6. Two Aspects of DNS Provisioning: Initial Setup and Service Configuration • Set up: Delegation zone • Executed after validation • Service configuration: Management NAPTR records • By subscriber through for instance self service portal • By automated configuration derived from for instance corporate directory • By ENUM client using shared secrets • By ENUM client using Kerberos • And others ……..

  7. Delegation Zone Primitives • Primitives • Create/Update/Delete zone to master server • Create/Update/Delete zone to slave servers • Create/Update/Delete zone delegation records • Automated execution after successful validation • API • No service down time when changing the server configuration

  8. Management NAPTR Records • Multiple scenarios possible using • Static DNS • Dynamic DNS • Kerberos: GSS-TSIG signed • Shared secret: TSIG signed • Some example scenarios will be given

  9. IXFR/AXFR Scenario 1: Subscriber Uses Self Service Portal Portal ENUM SUBSCRIBER Master nameserver Slave nameserver Slave nameserver Applicable to User and Enterprise ENUM Authentication/authorization in portal

  10. IXFR/AXFR Scenario 2: Automated Configuration Derived From A Directory Directory Automated process Master nameserver Slave nameserver Slave nameserver Most applicable to Carrier and Enterprise ENUM Authentication/authorization in directory/process logic

  11. Scenario 3: Shared Secret Dynamic DNS • Portal is only used to enrol a user and to manage TSIG key • Portal application takes care for setting the authorization/authentication in the DNS servers • ENUM enabled application writes the DNS RRs using TSIG signed dynamic DNS messages

  12. TSIG-key IXFR/AXFR DDNS TSIG Signed Scenario 3 Portal ENUM SUBSCRIBER Master nameserver Slave nameserver Slave nameserver ENUM enabled device Authentication/authorization in DNS server

  13. Scenario 4: GSS-TSIG Dynamic DNS • Portal is only used to enrol a user and to manage TSIG key • Portal application takes care for setting the authorization/authentication in the DNS servers • ENUM enabled application writes the DNS RRs using GSS-TSIG signed DNS messages

  14. IXFR/AXFR Scenario 4: Dynamic Update Is Validated Against Kerberos Kerberos Kerberos Portal ENUM SUBSCRIBER Master Nameserver Kerberos Principal DDNS GSS TSIG Signed Slave nameserver Slave nameserver ENUM enabled device Kerberos Principal Authentication/authorization in DNS server

  15. Scenario 5: Seamless Integration of Multiple Carrier and Enterprise ENUMs • Enterprises can grow private ENUM tree independently • Merger, acquisitions, business relationships force ENUM name interconnectivity • Standard DNS methods can be applied • Stubs and forwarders

  16. Summary • All the scenarios are based on open standards • More scenarios are possible!! • DNS enables signalling that is as robust and integrated as the legacy system • But more flexible • Not constrained to telecom networks only • All components are available today • Except the ENUM clients that do DDNS? • Solution scales very well • Proven technology: DNS is the largest distributed storage • Procedural: DNS delegation and Kerberos realms • Low DNS latency translates into short call set up time for end-users • User expectations set by POTS