C17.4. Zone file generation. Procedures for changes, editing by registrars, updates. Address frequency, security, process, interface, user authentication, logging, data back-up.

The current zone file generation process of the UIA Team is in every respect reliable, robust, secure and has an extremely high degree of integrity. This process had a measured integrity of 99.99999995% in 2001 (indicative of one failure in more than 450 million opportunities for failure) and 100% thus far in 2002. Figure C17.4-1 shows the integrity of the .org zone by month over 2001 and 2002.

Figure C17.4-1: .org Zone Integrity

The UIA Team proposes a continuation of the current process, with a migration to a real-time update process (described below) in 1Q2003. In order to achieve this high degree of integrity, zone file updates will be performed every 12 hours, which will enable an extremely robust zone validation process, employing numerous quality assurance steps, including:

  •  Zone generation performed only from the .org database; zone files will never be manually created, edited, or updated
  • Database updates will be performed only through valid RRP commands issued from registrars via secure connections to the .org database
  • Access to machines involved in the zone generation, distribution, and production resolution processes will be permitted only by specifically identified Operations personnel (see Section C17.9 for more detailed security information)
  • Checksum validation any time the zone is moved, transferred or distributed
  • Random checks of individual domain registrations
  • Validation of BIND named load
  • Several copies of old zone files will be kept at each of the global nameserver sites in case an emergency back-out is required

Although increased frequency of update is no substitute for the integrity of .org resolutions, the only element of the current .org zone file generation process that is less than desirable is the frequency of update. Currently, new .org zones are generated and globally distributed every 12 hours. UIA proposes to utilize VGRS's new ATLAS platform in 1Q2003, currently being deployed at all global sites. With ATLAS, real-time updates of the .org zone file will be possible without sacrificing the current integrity rates.

Currently, the .org zone file is modified periodically based on information provided by the registrars through a secure connection to the .org database. As discussed in Section C17.3, full audit trails of those transactions will be maintained. These procedures will not change. The security characteristics of these procedures are discussed in greater detail in Section C17.9.

The ATLAS approach to zone file generation represents a quantum leap in DNS technology. The entire concept of a "zone file" is radically altered under ATLAS. Although it is certainly possible to take a snapshot in time (e.g., in order to facilitate continued support of bulk zone access), the frequency of updates means that the zone is extremely dynamic. With ATLAS, the elapsed time from the point at which an RRP transaction is received to the point at which the DNS is reflecting that transaction is reduced to just a few minutes.

Figure C17.4-2: ATLAS Permits Real-Time Dynamic DNS Updates

While ATLAS continues to generate periodic snapshots in the form of a "zone file", it also monitors and extracts individual modifications to the data in a real-time fashion. As a modification occurs, the affected data is extracted from the authoritative database and submitted to the validation process in preparation for distribution.

The validation process of ATLAS provides a two-fold verification approach that ensures the accuracy of the information being distributed to the nameserver constellation with the authoritative database within the data center. Before a change is actually sent to the constellation, it is applied to a local "constellation site" and the resulting changes are compared with the authoritative database. If the results are identical, the changes are then distributed and applied to the resolution sites within the global constellation.

The second part of the verification is a continuous "scrub" of the data on the constellation with the data in the authoritative database. This audit provides an additional layer of protection against any invalid data or misinformation being returned to the end users.

The extraction and validation processes are illustrated in Figure C17-4.2. ATLAS provides the end users with instantaneous access to the changes they have submitted to their registrars, with the assurance that the information is accurate.

Even though ATLAS is being deployed in 4Q2002 and enabled in late 4Q2002 or early 1Q2003, the UIA Team proposes to continue the current highly reliable zone generation and distribution process in place, including the current globally deployed nameserver architecture. Once ATLAS is deployed, it will serve as a contingency in the unlikely event of major system problems or a significant attack against the Internet in general and the .org TLD specifically.


Back to Table of Contents