Wprowadzenie do DNS ISC Root i usług SIE.pdf

ISC Services at PLIX

Paul Vixie, President

Internet Systems Consortium

Warsaw, March 4, 2010

About ISC

● Founded in 1993 to maintain BIND (then V4)

● Produced many RFC's to clarify/extend DNS

● Created BIND8 in 1996, BIND9 in 2000

● Operates F-root and a regional network

● Currently:

– 39 employees in six countries

– 45 F-root instances in ~30 countries

– ~6M USD annual budget

ISC Services at PLIX

● Since 2009 there has been an ISC SIE relay node

● Since yesterday there has been an F-root node

F-Root Introduction

● Service context:

– F is one of 13 servers for the DNS root zone

– Was once NS.ISC.ORG before the A-M renumbering

– Root zone is parent of all TLD's (including .PL)

● Capacity growth:

– Was once a single Intel 486DX2 running BSD/OS

– Then a cluster of DEC Alphas using OSPF ECMP

– Now 45 clusters of Intel EM64T, independent BGP

F-Root Anycast

● Threat model:

– DDoS is unpreventable but is manageable

– Risk management means massive overprovisioning

● Delivery model:

– Every F-Root anycast node has a local peering ASN

– Offers IPv4 and IPv6 BGP announcements (AS3557)

● Benefits to PLIX members:

– Shorter round trip times (faster service) every day

– Service continuity during DDoS

– Something to use IPv6 for