Transcript presentation

AM TLD Governance
The role of ITC/AMNIC
AMNIC public services

DNS

Whois

WWW


Database - behind of scene
Other services –
e-mail, NTP, cDNS, RIPE Atlas
DNS
 Zone file management

DNSSEC

Slaves – diversity, reliability, security

IANA
DNSSEC pros

Authentication of origin

Record's non-existence verification
No MITM and cache poisoning
anymore
 DANE/TLSA !

DNSSEC cons

Additional maintenance tasks
Increased cost of errors
 Target for DDoS - larger responses,
more CPU load and RAM
usage

Back to other services

Whois - standard and web interfaces

Web interfaces to database updates
E-mail - other way to communicate
 NTP stratum 1 server ntp.amnic.net
member of pool.ntp.org
 cDNS - an instance of anycast cloud

Hardware, connectivity, etc

Two datacentres

Two upstream NSPs

Two power sources
Datacentres

Server per service - virtualization

Database streaming replication

Internal anycasting

Total logging

Backup to opposite DC
Upstreams

Multihomed, with large capacity

Connected to local exchanges

Native IPv6
Power

Reliable switching between sources

Good UPS systems
Disaster recovery

Migration to alive datacentre

Migration to alive database

Recovery from backup
What to improve

Global anycasting of DNS

Paid escrow service out of country

Power generator system in main DC
Questions? Suggestions ?
Hrant Dadivanyan at [email protected]