[AfrICANN-discuss] FW: ICANN News Alert -- Report on the Assessment
of Security and
Stability Implications of the Use of DNAME Resource Records in the Root Zone
of the DNS
Anne-Rachel Inne
anne-rachel.inne at icann.org
Wed May 25 17:48:37 SAST 2011
[http://www.icann.org/images/gradlogo_bow.jpg]<http://www.icann.org/>
News Alert
http://www.icann.org/en/announcements/announcement-24may11-en.htm
________________________________
Report on the Assessment of Security and Stability Implications of the Use of DNAME Resource Records in the Root Zone of the DNS
24 May 2011
ICANN commissioned a technical study into the security and stability implications of using the Domain Name System (DNS) DNAME Resource Record [RFC2672] in the root zone of the DNS. Testing was specified to be carried out in a captive lab environment which provided a functional replica of certain components of the public DNS. The results of that testing are presented in this report for the information of the wider DNS technical community.
This report found no failure in resolution nor in the ability to perform DNSSEC validation when DNAME was used in the root zone to provide isomorphism between two top-level domains (TLD), i.e. when one TLD was provisioned as a DNAME, compared to being provisioned as a distinct delegation. A variety of DNS software was tested as part of this study.
The use of DNAME in provisioning isomorphic domains is a candidate mechanism for the deployment of variant TLDs. However, the purpose of this report was not to investigate or make recommendations about whether DNAME provides a useful partial or complete solution to any problem related to variant TLDs, but rather to consider the narrower technical implications of using DNAME in the root zone. The more general requirements for variant TLD provisioning are being studied independently of this work within ICANN.
Since this study was performed using a captive replica of the public DNS, it should not be interpreted as an exhaustive answer to the question of whether DNAME can be usefully deployed in the public root zone. However, the conclusions of this report support future work which might (for example) propose the limited deployment of DNAME in the root zone for the purposes of real-world testing.
Report on the Assessment of Security and Stability Implications of the Use of DNAME Resource Records in the Root Zone of the DNS<http://www.icann.org/en/topics/ssr/report-bond-internet-systems-24mary11-en.pdf> [PDF, 268 KB]
This message was sent to inne at icann.org<mailto:inne at icann.org> from:
ICANN | 4676 Admiralty Way Suite 330 | Marina del Rey, CA 90292-6601
Email Marketing by [http://app.icontact.com/images/icontact_tryFree.gif] <http://www.icontact.com/a.pl/144186>
Manage Your Subscription <http://app.icontact.com/icp/mmail-mprofile.pl?r=9826907&l=6333&s=VMK0&m=359069&c=165637>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.afrinic.net/pipermail/africann/attachments/20110525/eed2e271/attachment.htm
More information about the AfrICANN
mailing list