HTTP/1.1 200 OK Date: Tue, 09 Apr 2002 09:59:36 GMT Server: Apache/1.3.20 (Unix) Last-Modified: Wed, 10 Apr 1996 22:00:00 GMT ETag: "361a01-1697-316c2f60" Accept-Ranges: bytes Content-Length: 5783 Connection: close Content-Type: text/plain Internet Draft Bill Manning April 1996 ISI Expires in six months Technical Criteria for Root and TLD Servers draft-manning-dnssvr-criteria-00.txt Abstract This draft proposes criteria for servers and their environments that will support zones for top level and root domains. It is expected that the machines running root service will be different than the machines running TLD service. Although there are differences, the same basic criteria should hold. It is expected that TLD servers may field more queries and the root servers may be more concerened with cache pollution. Although this draft has been discussed in various bodies, it is not final, it should not be regarded as a consensus document, and it is presented for open debate in the Internet community. Status of this Memo This document wants to be an Internet-Draft. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as ``work in progress.'' To learn the current status of any Internet-Draft, please check the ``1id-abstracts.txt'' listing contained in the Internet- Drafts Shadow Directories on ds.internic.net (US East Coast), nic.nordu.net (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific Rim). Design Goals: Define the basic set of requirements for TLD/Root server hardware. Make them all objectively verifiable. Disclaimer: This document doesn't discuss actual placement of servers. Procedures for dealing with non-compliance are not covered in this memo. Selected Operational Qualifications: 1. Modern BIND or equivalents (if any exist). The upgrade process will be coordinated with the zone-master staff and will occur within 96 hours of inital notification. Zone-master senior staff will specify the software and version(s) that will be run in a particular zone. 2. UDP checksums enabled. 3. Dedicated host no user accounts, just the operations & admin or root account. no other services except NTP. (remove telnet, SMTP, FTP etc). This requires support to be from the console or other specified secure channel. It is expected that one-time tokens will be used for authentication. 4. Singly homed (only one interface). 5. Protected: In general, each server must be adequately protected against security threats. The system administrator must stay up-to-date on the latest security methods and threats and must implement reasonable security countermeasures. Audits by the zone administrator or authorized agents will be permitted and corrective measures will be taken. A good way to keep current is to follow the CERT recommendations. A reasonable approach is to only run DNS sw, NTP and ICMP support with extensive logging. Recommended packages to assist are tcp_wrappers and ipfilter. Any other package which is an acceptable technology is fine. 6. Servers time is synchronized via NTP. This is useful for supporting functions; e.g. logging. It is expected that future enhancements such as dynamic update and security support will take advantage of accurate clocks. 7. Sufficient resources to support a transaction rate of 1200/sec and mean time to respond of 0.5 seconds per transaction. There should be enough extra resources available to support a 15% growth in the number of transactions per second without affecting the response time. 8. Representative on TLD/Root administrator list is responsive: 8a. e-mail about required changes will be answered within 24 hours; 8b. vacations will cause responsibilities to be delegated, not ignored; 8c. contact numbers on file with zone-master senior staff members; 8d. an escalation/delegation list that has at least three levels of hierarchy. 9. Named.boot file will specify... 9a. "xfrlist" of local nets and maybe other roots; 9b. server will use "secondary" from the zone master, not FTP; 9c. "options no-recursion" and "limit transfers-per-ns 1". (Equivalences for non-bind servers will apply!) 10. Network and name server outages will be reported. 10a. To the root admin and TLD admin lists whether scheduled or unscheduled. 10b. via phone to the zone-master senior staff if the outage unscheduled or if the outage is to occur in less than 24 hours. 10c. Extended outages may result in exceptional handling situations. 11. Name server and its immediate infrastructure are on uninterruptable power supply. 12. Address PTR points (only) to ?.root-servers.net, not a "local" name. (for root servers only! :) Selection Criteria: 1. serves max possible number of low-hopcount endpoints not otherwise served. 2. credibly likely to continuously perform on qualification criteria for the duration of the operations contract. 3. stable organization which is considered likely to survive and prosper. Security considerations of this memo None. Acknowledgments Constructive comments have been received from: Jon Postel, Paul Vixie, Michael Patton, Andrew Partan, Michael Dillon, Don Mitchell Steven Doyle, Owen DeLong and other members of the internet community. Authors' Addresses Bill Manning USC/ISI 4676 Admiralty Way Marina del Rey, CA. 90292 01.310.822.1511 bmanning@isi.edu --