Core Registry and Related Services
0 likes73 views
George Michaelson presented on updates to APNIC registry and related services. The key points are: 1) APNIC maintains core registry services including the database of internet number resources, public query services, and reverse DNS delegation. 2) Current improvements include making registry data more accurate, improving reverse DNS support when resources are transferred, and mirroring all NIR WHOIS data through APNIC. 3) Goals for 2019 include implementing consistent RDAP access to all APNIC/NIR records, relocating IRR data to a new stand-alone WHOIS service, and providing a consistent RPKI service for all eligible resource holders.
Core Registry and Related Services
- 1. #apricot2019 2019 47 Core Registry & Related Services Product Family Update George Michaelson ggm@apnic.net APNIC
- 2. #apricot2019 2019 47 APNIC registry services β’ The services which support our primary role: responsible management of Internet Number Resources (INR) β Maintenance of the database of resources (βcoreβ registry database) β Public query services (WHOIS, RDAP, WHOWAS) β Reverse-DNS delegation (ip6.arpa & in-addr.arpa) β Resource Public-Key Infrastructure (RPKI) β’ Public interfaces to manage all these registry elements β βMyAPNICβ and API endpoints for scripted management & integration β’ Registry is a set of Authority statements β What we did, applying address policy to resources β Our records of βwe distributed resources toβ events β Delegations into internet-wide information & registration services
- 3. #apricot2019 2019 47 Current registry services β’ IP address & ASN delegations and transfers β Our fundamental record keeping β Includes βpool managementβ for the ranges we have assigned authority over (from IANA, and transfers in from other RIR) β’ Whois Database (including Internet Routing Registry) β A Public view of Registry records β Includes data submitted by delegated authorities β’ Mixture of authority and non-authority statements in one service
- 4. #apricot2019 2019 47 Current registry services (continued) β’ Reverse DNS β Anchor and sub-delegation in the in-addr.arpa and ip6.arpa DNS tree β’ Registration Data Access Protocol (RDAP) (NEW since 2015) β JSON structured data over HTTP (replacing WHOIS) β’ Resource Public Key Infrastructure (RPKI) (since 2010) β Cryptographically verifiable statements about INR 4
- 5. #apricot2019 2019 47 Registry Accuracy β’ Apply current public records standards to all data including block allocations to NIR β Complements Organization and PoC update activity in APNIC β’ Review of KRNIC block transactions underway β’ Delegated, transfer and related stats files will change β’ Other NIR will follow in 2019 β’ Continuous Improvement goal from strategic plan β We are auditing software paths which update registry β We are adopting an event log model of transactions and changes 5
- 6. #apricot2019 2019 47 rDNS improvements β’ Problem: NIR historical blocks, some entire /8 are not available for rDNS delegation unless resource is maintained inside the NIR β but we now have transfers which can go out of economy or to management in APNIC β’ Discussing improvements to support reverse-DNS zone sharing with NIR β Leverage existing inter-RIR API β’ Goal: equivalent rDNS functionality for any INR in any NIR or APNIC, irrespective of who holds the address ranges β’ Operations Improvements in rDNS logging, service delivery and reporting 6
- 7. #apricot2019 2019 47 WHOIS improvements β’ Goal: consistent WHOIS data at APNIC for all resources irrespective of which NIR or APNIC maintains the INR β’ Mirrors of all NIR data offered from APNIC whois β Continuing activity from 2018 β’ Problem: IRR (radb) flag support not working well for some tools used by BGP operators β Discussing deployment of NTT βirrdβ as a discrete service β’ Offers integration with RPKI activities, data consistency checks β We propose to relocate all IRR data into a new stand-alone WHOIS which will be mirrored by APNIC whois services, but run as a discrete SOURCE β’ To be discussed with the community 7
- 8. #apricot2019 2019 47 RDAP/WHOWAS β’ JSON based public record system, closely aligned between number and name based services β WHOWAS tracks historical states, RDAP shows current head state β’ Globally connected β HTTP(s) protocol with 302 redirection and steerage map β Consistent data format for all servers worldwide β’ Goal: implement RDAP for all APNIC/NIR WHOIS records β Continuing activity from 2018 β’ Standardization work in IETF β Bulk data, Search 8
- 9. #apricot2019 2019 47 RPKI β’ Goal: consistent RPKI service for all eligible INR holders in APNIC region β Three NIR operate a local service under APNIC RPKI β Four NIR operate in APNIC RPKI services through MyAPNIC for their subaccount holders β’ Anysigner: a CMS model of signing arbitrary data with RPKI β In github, test client and web services will deploy in 2019 β’ Standardization work β Progress βvalidation reconsideredβ deployment draft inIETF β βanysignerβ model related draft in IETF β NRO ECG coordination on counting/measuring RPKI 9
- 11. 201947 #apricot2019 18 β 28 February 2019 DAEJEON SOUTHKOREA