Root Zone/zh: Difference between revisions
Created page with "根服务器运营商的主要职责是确保根区域的运作一直精确、可用、可靠和安全。根区域的数据库中共有十三个根..." |
Created page with "* A - 威瑞信 全球注册局服务 * B - Information Sciences Institute * C - Cogent Communications * D - 马里兰大学 *..." |
||
Line 15: | Line 15: | ||
[[Root Server Operators|根服务器运营商]]的主要职责是确保根区域的运作一直精确、可用、可靠和安全。根区域的数据库中共有十三个根服务器运营商,包括: <ref>[http://www.isoc.org/briefings/019/ Root Server Operators]</ref> | [[Root Server Operators|根服务器运营商]]的主要职责是确保根区域的运作一直精确、可用、可靠和安全。根区域的数据库中共有十三个根服务器运营商,包括: <ref>[http://www.isoc.org/briefings/019/ Root Server Operators]</ref> | ||
* A - [[Verisign]] | * A - [[Verisign|威瑞信]] 全球注册局服务 | ||
* B - [[Information Sciences Institute]] | * B - [[Information Sciences Institute]] | ||
* C - [[Cogent Communications]] | * C - [[Cogent Communications]] | ||
* D - [[University of Maryland]] | * D - [[University of Maryland|马里兰大学]] | ||
* E - [[NASA Ames Research Center]] | * E - [[NASA Ames Research Center]] | ||
* F - [[ISC|Internet Systems Consortium, Inc.]] | * F - [[ISC|Internet Systems Consortium, Inc.]] | ||
Line 24: | Line 24: | ||
* H -[[ U.S. Army Research Lab]] | * H -[[ U.S. Army Research Lab]] | ||
* I - [[Autonomica]]/[[NORDUnet]] | * I - [[Autonomica]]/[[NORDUnet]] | ||
* K - [[RIPE NCC]] | * K - [[RIPE NCC|欧洲网络协调中心]] | ||
* L - [[ICANN]] | * L - [[ICANN|互联网名称与数字地址分配机构]] | ||
* M - [[WIDE Project]] | * M - [[WIDE Project]] | ||
Revision as of 21:18, 28 August 2015
根区域指的是域名系统(DNS)结构的最高级别。它包含所有顶级域名,比如通用顶级域(gTLD)(.com, .net, .org,.jobs),以及所有国家代码顶级域(ccTLDs),比如(.us,.uk .ph)的名称和数字IP地址,包括所有根服务器的完整列表。[1]
域名系统根区域只包含280个授权的通用类、国家代码类和国际化顶级域 (TLD),其大小在80,000字节左右。它也在缓慢地发生变化,并且每年只采纳每个顶级域的一个微小变更。[2]
根区域管理流程[edit | edit source]
国家电信和信息管理局(NTIA)、互联网名称与数字地址分配机构(ICANN)、威瑞信和根服务器运营商在根区域的管理和处理中发挥重要作用。
国家电信和信息管理局(NTIA)是隶属于美国商务部 的一家机构,在与ICANN及威瑞信达成的一份合约中代表联邦政府,赋予ICANN和威瑞信各自管理根区域绩效的职能。NTIA负责审核和批准需要在根区域内部执行的任何变更。[3]
ICANN互联网号码分配机构(IANA)的运营商,IANA负责DNS根区域的日常管理工作。IANA指派顶级域的运营商并确保顶级域的维护和具体管理工作。[4][5]它还负责互联网协议(IP)及自制系统编号 (ASN)至区域性互联网注册局(RIR)的协调。
根区域原来由Network Solutions负责管理,威瑞信在1998年与美国政府缔结了一份合作协议,自此负责管理根区域。
根服务器运营商的主要职责是确保根区域的运作一直精确、可用、可靠和安全。根区域的数据库中共有十三个根服务器运营商,包括: [6]
- A - 威瑞信 全球注册局服务
- B - Information Sciences Institute
- C - Cogent Communications
- D - 马里兰大学
- E - NASA Ames Research Center
- F - Internet Systems Consortium, Inc.
- G - U.S. DOD Network Information Center
- H -U.S. Army Research Lab
- I - Autonomica/NORDUnet
- K - 欧洲网络协调中心
- L - 互联网名称与数字地址分配机构
- M - WIDE Project
Root Zone Operational Changes[edit | edit source]
On February 3, 2009, the ICANN Board enumerated the upcoming operational changes to be implemented in the DNS root zone, such as the addition of IPv6 records to the root, new generic top level domains (gTLDs), new Internationalized Domain Names, and the implementation of DNSSEC. In connection to the anticipated root zone operational changes, the Board requested the Security and Stability Advisory Committee (SSAC) and Root Server System Advisory Committee (RSSAC) to conduct a joint study to analyze its impact to the stability and security to the DNS root server system. Furthermore, the Board requested both the committees to identify the capacity and scaling of the root server system to be able to solve any technical and operational challenges that might take place when the proposed changes are implemented. Some ICANN senior technical staff were also to take part in the study.[7]
Root Scaling Study Report[edit | edit source]
The SSAC, RSSAC and ICANN Staff responded to the request of the ICANN Board by creating a Scaling Steering Group to conduct the study. On September 7, 2009, a report entitled: Report on the Impact on the DNS Root System of Increasing the Size and Volatility of the Root Zone was submitted by the Root Scaling Study Team for the Scaling Steering Group with the following findings and recommendations:[8]
- Any of the proposed changes has an effect to the growth of the root zone. The study team suggested that it is best to add or make changes to the root zone with a large or sudden impact. Gradual changes can be added at later stages.
- Additional new TLDs will increase both the number of entries and the size of the root zone, however an increase in the number of TLDs will not increase the number of request per year per TLD.
- Adding DNSSEC changes the nature of the root zone wherein it will no longer be an atomic unit or an individual resource record, instead it will be a group resource record. Implementation of DNSSEC will result in a much bigger amount of data carried in the zone as well as larger zone transfers. Signature and other security related data will be added to queries to the DNS, and thus it needs more bandwidth network resources and the signature data needs to be regularly updated because they have expiration dates to avoid serving bad data and to avoid replay attacks.
- Additional IDN results to changes in the root zone similar to adding a TLD.
- Adding IPv6 records to the root zone will add glue records for the name server of every TLD. This means that the amount of data increases per TLD in the root zone and the number of changes per TLD will also increase each year.
The Root Scaling Study Team also found that the proposed changes to the root also affect the end-system applications of the Internet such as the web browsers, intermediary “middleboxes” that perform traffic shaping, firewall, and caching functions; and ISPs that manage the DNS services provided to internet users.
In addition, the team also recommended further study of how to detect the important signs of stress or problems in root zone management, and how to arrange communication between the individuals primary involved in the root zone management system to ensure that timely intelligence support and effective cooperative action are available and resolve the effects of discontinuities before causing further problems.