AM TLD GovernanceAM TLD Governance

The role of ITC/AMNICThe role of ITC/AMNIC

AMNIC public servicesAMNIC public services DNS

Whois

WWW

Other services – e-mail, NTP, cDNS, RIPE Atlas

Database - behind of scene

DNS Zone file management

Slaves – diversity, reliability, security

DNSSEC

IANA

DNSSEC pros

Authentication of origin

Record's non-existence verification

DANE/TLSA !

No MITM and cache poisoning anymore

DNSSEC cons

Additional maintenance tasks

Target for DDoS - larger responses, more CPU load and RAM

usage

Increased cost of errors

Back to other services

Whois - standard and web interfaces

Web interfaces to database updates

NTP stratum 1 server - ntp.amnic.net

member of pool.ntp.org cDNS - an instance of anycast cloud

E-mail - other way to communicate

Hardware, connectivity, etcHardware, connectivity, etc

Two datacentres

Two power sources

Two upstream NSPs

Datacentres

Server per service - virtualization

Database streaming replication

Total logging

Backup to opposite DC

Internal anycasting

Upstreams

Connected to local exchanges

Native IPv6

Multihomed, with large capacity

Power

Good UPS systems

Reliable switching between sources

Disaster recovery

Recovery from backup

Migration to alive database

Migration to alive datacentre

What to improve

Power generator system in main DC

Paid escrow service out of country

Global anycasting of DNS

Questions? Suggestions ?

Hrant Dadivanyan at ran@psg.com