The current zone file generation process of the UIA Team is in every
respect reliable, robust, secure and has an extremely high degree of
integrity. This process had a measured integrity of 99.99999995% in 2001
(indicative of one failure in more than 450 million opportunities for
failure) and 100% thus far in 2002. Figure C17.4-1 shows the integrity of
the .org zone by month over 2001 and 2002.
Figure
C17.4-1: .org Zone Integrity
The UIA Team proposes a continuation of the current process, with a
migration to a real-time update process (described below) in 1Q2003. In
order to achieve this high degree of integrity, zone file updates will be performed every 12 hours, which
will enable an extremely robust zone
validation process, employing numerous quality assurance steps, including:
- Zone generation performed only from the .org database; zone
files will never be manually created, edited, or updated
- Database updates will be performed only through valid RRP commands
issued from registrars via secure connections to the .org database
- Access to machines involved in the zone generation, distribution,
and production resolution processes will be permitted only by specifically
identified Operations personnel (see Section C17.9 for more detailed
security information)
- Checksum validation any time the zone is moved, transferred or
distributed
- Random checks of individual domain registrations
- Validation of BIND named load
- Several copies of old zone files will be kept at each of the global
nameserver sites in case an emergency back-out is required
Although increased frequency of update is no substitute for the
integrity of .org resolutions, the only element of the current .org zone
file generation process that is less than desirable is the frequency of
update. Currently, new .org zones are generated and globally distributed
every 12 hours. UIA proposes to utilize VGRS's new ATLAS platform in
1Q2003, currently being deployed at all global sites. With ATLAS,
real-time updates of the .org zone file will be possible without
sacrificing the current integrity rates.
Currently, the .org zone file is modified periodically based on
information provided by the registrars through a secure connection to the
.org database. As discussed in Section C17.3, full audit trails of those
transactions will be maintained. These procedures will not change. The
security characteristics of these procedures are discussed in greater
detail in Section C17.9.
The ATLAS approach to zone file generation represents a quantum leap in
DNS technology. The entire concept of a "zone file" is radically
altered under ATLAS. Although it is certainly possible to take a snapshot
in time (e.g., in order to facilitate continued support of bulk zone
access), the frequency of updates means that the zone is extremely
dynamic. With ATLAS, the elapsed time from the point at which an RRP
transaction is received to the point at which the DNS is reflecting that
transaction is reduced to just a few minutes.
Figure C17.4-2: ATLAS Permits Real-Time Dynamic DNS
Updates
While ATLAS continues to generate periodic snapshots in the form of a
"zone file", it also monitors and extracts individual
modifications to the data in a real-time fashion. As a modification
occurs, the affected data is extracted from the authoritative database and
submitted to the validation process in preparation for distribution.
The validation process of ATLAS provides a two-fold verification
approach that ensures the accuracy of the information being distributed to
the nameserver constellation with the authoritative database within the
data center. Before a change is actually sent to the constellation, it is
applied to a local "constellation site" and the resulting
changes are compared with the authoritative database. If the results are
identical, the changes are then distributed and applied to the resolution
sites within the global constellation.
The second part of the verification is a continuous "scrub"
of the data on the constellation with the data in the authoritative
database. This audit provides an additional layer of protection against
any invalid data or misinformation being returned to the end users.
The extraction and validation processes are illustrated in Figure
C17-4.2. ATLAS provides the end users with instantaneous access to the
changes they have submitted to their registrars, with the assurance that
the information is accurate.
Even though ATLAS is being deployed in 4Q2002 and enabled in late
4Q2002 or early 1Q2003, the UIA Team proposes to continue the current
highly reliable zone generation and distribution process in place,
including the current globally deployed nameserver architecture. Once
ATLAS is deployed, it will serve as a contingency in the unlikely event of
major system problems or a significant attack against the Internet in
general and the .org TLD specifically.