• No results found

FAQ (Frequently Asked Questions)

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "FAQ (Frequently Asked Questions)"

Copied!
8
0
0

Loading.... (view fulltext now)

Download now ( 8 Page )

Full text

(1)

FAQ (Frequently Asked Questions)

Specific Questions about Afilias Managed DNS What is the Afilias DNS network?

How long has Afilias been working within the DNS market? What are the names of the Afilias name servers?

How does my configuration get propagated to DNS and how long does it take?

How can I confirm that changes I make to my domains are being resolved on the Afilias network?

For secondary DNS service, what happens if there is a failure when transferring the zone file from my primary server?

How easy is it to move domains over from another DNS provider and will there be any downtime? What support does Afilias provide?

Does the Afilias network support IPv6? What resource records does Afilias support? Can I do bulk changes?

General DNS Questions What is DNS?

Where can I get more information about DNS? What is DNSSEC?

When will DNSSEC be available? What is BIND?

What is the difference between a domain and a zone?

What is a “glue record”?

What is the difference between Primary, Secondary, Master and Slave DNS?

Questions about Security

What is a distributed denial of service attack, or DDoS? What is a “botnet”?

What is spam? What is “phishing”? What is “pharming”? What is malware?

(2)
(3)

Answers

Specific Questions about Afilias Managed DNS

Q. What is the Afilias DNS network?

A. Afilias manages a global network of dedicated high performance servers that provides superior response times to all DNS lookups and queries. This network was developed to support all the top level domains (TLD, gTLD, ccTLD) managed by Afilias registry services. Afilias Managed DNS now provides premium DNS service for other customers on this network.

Q. How long has Afilias been working within the DNS market?

A. Afilias has been a leader in the DNS market since 2000 when it won the ICANN bid to provide new registry services for the .info top level domain (TLD). It developed its premium DNS network in 2005.

Q. What are the names of the Afilias name servers?

A. The name servers for Afilias Managed DNS are shown on the SOA screen of each primary domain configuration. They are:

a.service.afiliasdns.info b.service.afiliasdns.org c.service.afiliasdns.net d.service.afiliasdns.com e.service.afiliasdns.info f.service.afiliasdns.net

Q. How does my configuration get propagated to DNS and how long does it take? A. Your primary (master) DNS configuration is stored in a database. Whenever you make

changes, the serial number is automatically incremented. This triggers a notify message that is sent to the Afilias network. An Afilias server then does a DNS zone transfer to copy your changes and distribute them across the Afilias DNS network. This process is completed within a few minutes.

(4)

Q. For secondary DNS service, what happens if there is a failure when transferring the zone file from my primary server?

A. On release 1, there is no mechanism to deliver error messages on zone transfers

(AXFR/IXFR) to the Afilias secondary service. You should run dig/nslookup (as shown in the Verification section of the User Guide) to confirm that the serial number of the zone on the Afilias network matches the serial on your primary server. If there is a mismatch, and you suspect the transfer has failed, you can send in a ticket using the Support screen on the web portal or call the Afilias Customer Service Center for further analysis of the problem.

Q. How easy is it to move domains over from another DNS provider and will there be any downtime?

A. If your domain is small, you can simply create it using the Afilias Managed DNS web portal. For a larger domain, if your current DNS provider has an export option, you can use this to create a file that can be imported (release 1.1). Once your primary domain is set up and you have verified it is resolving correctly on the Afilias network, you simply reconfigure the name servers on your other provider to point to the Afilias name servers. Providers generally take from 15 minutes to 1 day to complete this change. Some providers terminate DNS service as soon as name servers are configured to point off their network. You can increase the TTL on such providers in advance of making the change to mitigate downtime by increasing the time that caching DNS servers retain your domain information. Please see the Web Portal User Guide for Afilias Managed DNS Service for more information.

Q. What support does Afilias provide?

A. Afilias maintains a Customer Service Center that is staffed 24 hours a day, 7 days a week. You can contact them by phone at the number shown on the top of every web portal screen. You can also send in a request via the Support page on the web portal. This request will create a “ticket” that will be handled by a support analyst who will reply by email.

Q. Does the Afilias network support IPv6?

A. The Afilias network is fully IPv6 compliant and can handle DNS queries from machines running IPv6. However, on release 1 of the Managed DNS Services, there is no support for defining AAAA records for resolution of IPv6 addresses. This feature will be added in release 2.

Q. What resource records does Afilias support?

(5)

CNAME, MX, NS, TXT. Subsequent release will add support for other record types such as PTR, SRV, AAAA.

Q. Can I do bulk changes?

A. Release 1.0 does not have this feature. Subsequent releases will add two capabilities for bulk changes. First will be the ability to upload a BIND style text file for a whole domain. Second will be a command that allows entering a resource record once and having it apply to a group of domains.

General DNS Questions

Q. What is DNS?

A. Computers on the Internet are identified by a unique numeric address, an “IP address”. The Domain Name System (DNS) makes using the Internet easier by allowing applications to use names instead of IP addresses. Instead of having to type 206.153.158.4 in a web browser, a

person can simply type www.somewhere.info. The web browser will “resolve” the name and

translate it to the necessary IP address by sending a query to a DNS server to do the lookup and translation. DNS also enables email addresses to be used with names instead of IP addresses.

Q. Where can I get more information about DNS?

A. There are many good books that provide in depth descriptions of DNS. There are also many good tutorials and other articles about DNS on the Internet. The ultimate definition of the DNS protocol and best practices for managing DNS is provided by the RFC publications of the IETF, the Internet standards body.

Q. What is DNSSEC?

A. DNSSEC (DNS Security Extensions) is an enhancement to the DNS protocol. It allows zone administrators such as the IANA to sign their zone files using public key cryptography. DNS users can then use these signatures to verify that the information they receive from DNS servers, such as the root name servers, is authentic. This prevents manipulation of the data during storage on servers and during transmission.

Q. When will DNSSEC be available?

(6)

to become truly effective on a global scale. ICANN’s Security and Stability Advisory Committee is encouraging continued deployment of DNSSEC and recommending actions to be taken on “issues not considered in protocol design and development and in controlled (test) environments”.

Q. What is BIND?

A. BIND stands for “Berkeley Internet Name Daemon”. This was one of the first

implementations of a DNS server. It is a standard component of most Unix and Linux systems and runs as the process “named”. It is estimated that as much as 80% of all DNS queries on the global Internet are handled by BIND servers.

Q. What is the difference between a domain and a zone?

A. A domain is a unique name within the DNS system that belongs to an individual or an organization. A zone is the information used by a DNS server to resolve the names in the domain. Very often a zone contains one domain, so the terms are often used interchangeably. The owner of a domain also has ownership of all the subdomains of that domain. For

example, a company that has registered the domain more.info can set up different websites using the subdomains canada.more.info, europe.more.info. When they set up their DNS, they can include all the subdomain information in one zone, or they can “delegate” some or all of the subdomains to different zones.

Q. What is a “glue record”?

A. If a subdomain is delegated from one zone to another, the name server for that subdomain must be provided (in a NS resource record). If that name server is in the domain or subdomain of the zone being configured, then an A record must be created to provide the IP address of the name server. This A record is called a glue record and is required to avoid creating a circular dependency in DNS.

Q. What is the difference between Primary, Secondary, Master and Slave DNS?

(7)

Secondary. There is no strict order in which the servers are queried; the Primary is not queried first.

Questions About Security

Q. What is a distributed denial of service attack, or DDoS?

A. A DDoS attack on the Internet is one in which a multitude of compromised systems attack a single target and cause denial of service (DoS) for users of the targeted system. The large number of incoming messages forces the target system to slow down or even shut down, thereby denying service to legitimate users. Distribution increases the traffic and decreases the focus on the sources of the attack.

Q. What is a “botnet”?

A “botnet” is a collection of compromised computers or "zombies" under the control of one party (a "botherder"). The individual computers making up the botnet have been compromised via malware or hacking, without the informed consent of their owners. Botnets are used to perpetrate a variety of illegal acts, including spamming, hosting phishing sites and mounting distributed denial-of-service attacks (DDoS attacks).

Q. What is spam?

A. Electronic messaging systems are often used to send unsolicited bulk messages known as “spam”. The term may be applied to e-mail spam and similar abuses such as instant messaging spam, mobile messaging spam, and the spamming of Web sites and Internet forums.

Q. What is “phishing”?

A. Phishing refers to the use of counterfeit web pages designed to trick recipients into divulging sensitive data such as usernames, passwords or financial data. Phishing site are usually advertised via fraudulent spam e-mails.

Q. What is “pharming”?

A. The redirecting of unknowing users to fraudulent sites or services, typically through DNS hijacking or poisoning.

(8)

Q. What does the term “Fast Flux” refer to?

A. Fast Flux is a technique that disguises the location of a web site or other Internet service by frequently changing the location (IP address) on the Internet to which the domain name of an Internet host or name server resolves. Fast flux is usually associated with criminal uses of Internet resources, such as the hosting of phishing sites and is typically used by botnets.

Questions About Internet and DNS Administration

Q. What is ICANN?

A. The Internet Corporation for Assigned Names and Numbers (ICANN) is an internationally organized, non-profit corporation that has responsibility for Internet Protocol (IP) address space allocation, protocol identifier assignment, generic (gTLD) and country code (ccTLD) top-level domain name system management and root server system management functions. As a private-public partnership, ICANN is dedicated to preserving the operational stability of the Internet, promoting competition, achieving broad representation of global Internet

communities, and developing policy appropriate to its mission through bottom-up, consensus-based processes.

Q. What is SSAC?

A. The Security and Stability Advisory Committee (SSAC) advises the ICANN community and board on matters relating to the security and integrity of the Internet’s naming and address allocation systems. This includes operational matters (e.g., matters pertaining to the correct and reliable operation of the root name system), administrative matters (e.g., matters

pertaining to address allocation and Internet number assignment), and registration matters (e.g., matters pertaining to registry and registrar services such as Whois). SSAC engages in ongoing threat assessment and risk analysis of the Internet naming and address allocation services to assess where the principal threats to stability and security lie, and advises the ICANN community accordingly.

Q. What is RSSAC?

A. The Root Server System Advisory Committee (RSSAC) advises the ICANN community and board about operation of the DNS root name servers. It also provides advice on the

operational requirements of root name servers, including host hardware capacities, operating systems and name server software versions, network connectivity and physical environment. RSSAC examines and advises on security aspects of the root name server system, and reviews the number, location, and distribution of root name servers considering total system

References

Download now ( PDF - 8 Page - 60.89 KB )

Related documents

Proposed new interior design for Naza Bikers Dream Club and services, at Jalan Ampang of Jalan Jelatek, 55100 Kuala Lumpur. / Maznul Khusni Kamal Jamil

The objective was to design and prepare a “Naza Bikers Dream” club and service with the concept and style best suited to the Naza Bikers Dream Sdn, Bhd image. It is

The Internet Ecosystem

The Internet Corporation for Assigned Names and Numbers (ICANN) has responsibility for Internet Protocol (IP) address space allocation (through IANA), and the operation and

CRS Report for Congress

On November 25, 1998, the Department of Commerce (DOC) formally approved a new corporation, called the Internet Corporation for Assigned Names and Numbers (ICANN).. A Memorandum

A Proposal to Introduce Market-Based Principles into Domain Name Governance

The current system, administered by the Internet Corporation for Assigned Names and Numbers (ICANN), is one that hampers the release of top level domains (TLDs) and is the product

ICANN- INTERNET CORPORATION OF ASSIGNED NAMES & NUMBERS

• Advises on operation of the domain • Advises on security and integrity of • Advises on ICANN activities as they relate Root Server System Advisory Committee (RSSAC)

Domain Name Industry. Comparing ZA with the rest

ICANN: Internet Corporation for Assigned Names & Numbers. SLD: Second

The Internet. On October 24, 1995, the FNC unanimously passed a resolution defining the term Internet.

• The Internet Corporation for Assigned Names and Numbers (ICANN) is an internationally organized, non-profit corporation that has responsibility for Internet Protocol (IP)

COMMONWEALTH OF THE BAHAMAS IN THE SUPREME COURT. Common Law and Equity Division. 2004/CLE/gen/00492 BETWEEN ELVA LINDSAY AND

[2.] In response to a request by the defendant for further and better particulars of the lai iff claim, she responded that the incident occurred between 11:00 am and 12:00 noon