DNS Administration 21/05/97
DISCUSSION DOCUMENT: DNS ADMINISTRATION IN NEW ZEALAND
ISOCNZ Council 21 May 1997
INTRODUCTION
This paper is designed to stimulate discussion on the structures for Domain Names System (DNS) administration in New Zealand. It is designed to be read by Internet users, service providers and others with an interest in the development of the Internet in New Zealand.
The paper discusses a proposed course of action by the Internet Society of New Zealand (ISOCNZ) and invites submissions.
SCOPE
The scope of this document is restricted to the structures and procedures for DNS operations. This document does not address name granting policies, disputes procedures, or the possible expansion of the New Zealand domain name space.
TO COMMENT ON THIS DOCUMENT
Submissions on this document are welcomed. They should be sent by email to submit-dns@isocnz.org.nz by 28 July 1997. Those writing submissions are invited to comment on the questions set within the document, and on the document in general.
Submissions will be published on the ISOCNZ web pages at http://www.isocnz.org.nz and on the ISOCNZ newsgroup.
ABOUT THE DNS
Broadly, the DNS is a global directory which enables users to access Internet services such as electronic mail, ftp and Web sites. ISOCNZ provides DNS service for all names which end in .nz.
A detailed discussion of the functions and technical operations of the DNS is beyond the scope of this document. The technically-knowledgeable reader is referred to RFC1591 for a discussion on DNS delegations.
RELATIONSHIP WITH IAHC DOCUMENT
The IAHC document concerns itself with three major areas: registries, the expansion of the DNS and disputes procedures for name granting. It has yet to gather universal support, and does not in any case directly affect New Zealand. (Section 10 of the memorandum of understanding specifically states that its provisions do not apply to country based registries.)
This document discusses only one of the above areas - that of registries.
ISOCNZ and NZIRL
ISOCNZ currently contracts DNS management to NZIRL. ISOCNZ sets overall policy, in the light of directives from IANA and consultation with New Zealand users. NZIRL administers the operations of the DNS in New Zealand in accordance with ISOCNZ policy, mainly through contracts with infrastructure providers.
BACKGROUND
The Internet Society of New Zealand (ISOCNZ) contracts the operation of the New Zealand DNS under a delegation from IANA, the Internet Assigned Names Authority, under the provisions of RFC 1591 . ISOCNZ delegates the registration and operation of all second level domains (2lds) to the New Zealand Internet Registry Ltd (NZIRL), which contracts out much of registration process and the operation of the DNS servers to the University of Waikato.
When ISOCNZ started charging for domains in July 1996 it committed itself to using market processes to ensure that DNS services are provided at the lowest cost that is consistent with a reliable Internet. NZIRL is considering calling for tenders to operate certain parts of the DNS, this document is intended to seek public views on the process and the model for future DNS operations.
VALUES
Do these values cover what is important to Internet users in New Zealand?
ISOCNZ views the following items as important when discussing the future provision of DNS services:
Of paramount importance is the continued reliability of the Internet
We wish to ensure that the New Zealand Internet remains "open and uncapturable".
Consequently we wish to allow and promote competition in service provision as far as possible.
Areas where competition is not possible should be strictly delineated and put up for tender.
DNS SERVICES
Are other services needed?
The following services need to be provided by the New Zealand DNS system:
A robust network of (primary and secondary) DNS servers each serving .nz and all New Zealand second level domains. One of the secondary servers should be offshore.
An efficient and secure interface for entering adds/changes/deletes against the DNS servers.
A whois service providing basic information about holders of DNS entries in standard format, and a basic web interface to same.
Support for alternative processes to add/change/delete names that meet differing service requirements and offer levels of support appropriate to holders¹ skill levels and technical knowledge.
A way of collecting fees from name holders
Enforcement of DNS name policy.
Not all these services need to be provided by ISOCNZ or under contract to it. ISOCNZ¹s role should be limited to providing or contracting for services which would not otherwise be provided to an adequate standard.
Proposed Structure
Refer to the figure below while reading the following discussion.
There are two principle interfaces to the DNS system in New Zealand. The DNS lookup functions that are part of the core infrastructure of the New Zealand Internet are provided by one primary and several secondary servers. There is also a name registration interface that is used to add, change and delete names. In addition, it is desirable that a whois service be available for the .nz domain.
This provides a natural division into DNS infrastructure and name holder support services. There is also an analogy with the insurance industry and with motor vehicle registration.
NAME HOLDER SERVICES
A domain name is delegated by ISOCNZ to an individual or organisation. The name is held by this individual or organisation. The name holder should be offered the choice of dealing directly with NZIRL or through a value added service provider. This includes initial registration plus subsequent support services. It should be noted the nameholder, and not their value added service provider (ISP or any other intermediary) holds authority over the domain name.
Analogies can be found in the Insurance industry where a customer has the choice of working through an agent or directly with one of the major insurance providers. Similarly, car owners frequently obtain their initial registration when they purchase a car, but also have the choice of dealing directly with motor vehicle registration.
NZIRL will offer a basic level of service through e-mail and web interfaces. It will also support value added services by ISPs and such through interfaces that support batch submissions. Processes that allow the name holder to pay an annual subscription directly to NZIRL or to pay through their ISP will both be supported.
Note that this is largely the status quo with respect to name holder services.
DNS INFRASTRUCTURE
The infrastructure includes the operation of primary and secondary servers, and provision of a whois service. The infrastruture is critical to the reliable operation of the New Zealand Internet. It must not be capturable by a single organisation and it must also be designed to provide robust and resilent service.
This will be addressed by calling for seperate tenders for:
operation of the primary server for .nz and each second level domain within .nz.
operation of each of the secondary servers for .nz and each second level domain within .nz. (This means multiple tenders, each covering one secondary for .nz and all second level domains.)
development and operation of a whois service.
THE NZIRL NAME REGISTRTION DATABASE
A major role of NZIRL will be to hold the authoratative database covering all domain name holders. Appropriate subsets of this database will be available for downloading to the operators of the primary DNS servers and the whois servers.
DELEGATION OF SECOND LEVEL DOMAINS
The DNS infrastructure described in this document has a number of DNS servers each of which will serve all second level domains. It is not proposed at this stage to delegate (in the sense of RFC 1519) complete second level domains to other operators. All infrastructure operators will resolve all second level domains.
The reason for this is to preserve the reliability of the Internet. It is important that DNS infrastructure is provided with a high degree of reliability so that users can resolve New Zealand names in all circumstances.
This scheme also preserves flexibility to add new second level domains in the future without needing changes to the administration structures for the DNS.
ISOCNZ policy and domain names already allows for the delegation of policy for second level domains to other organisations under tightly defined circumstances. It is proposed to continue with this policy and to refer to such domains as moderated domains in the future.
Names in all second level domains must conform to overall ISOCNZ policy, which incorporates global DNS policy, and is published from time to time. Most second level domains have no further policy beyond overall .nz policy. Moderated domains will only permit members from a clearly-defined group.
POLICY ENFORCEMENT
Is this a good way to control entry to a closed domain?
Policy will be enforced automatically as far as possible. For the .co domain for instance, it is expected that checking could be fully automated.
The web-based add, change and delete interface will advise those attempting to register in a moderated second level domain that the domain concerned is moderated and that the request will be sent to a moderator for approval. The identity of the moderator will be made clear so that the applicant may make direct contact if they wish.
Moderators will be appointed by ISOCNZ on the advice of the groups which use these second level domains. It is not proposed to pay moderators.
NEXT STEPS
Council will consider submissions on this document. Depending on the outcome of this consultation exercise, the following process is proposed:
August: Council agrees to DNS administration framework
August: RFI for DNS infrastructure (primary, secondary and whois servers) published with two to three week reply period
September: RFP released to specific vendors, three week response period.
Oct/Nov: Evaluation and negotiation
December: Infrastructure provider(s) announced
1998: Provider(s) start operations to an agreed timeframe.
© 1997 The Internet Society of New Zealand