get ready! New-gTLD Preparedness Project Thoughts August, 2013 © Mikey O’Connor (just attribution is fine) [email protected] version 0.3
Mar 26, 2015
get ready!New-gTLD Preparedness
Project Thoughts
August, 2013
© Mikey O’Connor (just attribution is fine)
version 0.3
Contents
•Why we need a world-wide new-gTLD preparedness project
• How we’ll define success
•What we’ll be doing
•Where do we go from here?
The need for a new-gTLD preparedness project
• Impacts of certain new-gTLDs could be very severe for some network operators and their customers
• There may not be a lot of time to react
• Progress on risk-assessment and mitigation-planning is poor
• Fixes may not be identified before delegation
• Thus, getting ready in advance is the prudent thing to do
• We benefit from these preparations, even if we don’t need them for the new-gTLD rollout
Namespace collision
Namespace collision
Dotless domainsDotless
domains
Internal Name
Certificates
Internal Name
Certificates
The need for a new-gTLD preparedness project
The maddening thing is, we may not know what’s really going to happen until it’s too late to prepare -- so we’re going to have to make guesses.
New gTLD impacts could be very broad and severe, especially for operators of private networks that were planned long before new-gTLDs were conceived of. ISPs may be similarly surprised.
Microsoft Active-Directory installations may need to be renamed/rebuilt Internal certificates may need to be replaced Long-stable software and network configurations may need to be revised New attack vectors may arise And so forth...
.com.com
.org.org
.us.us
bar.combar.com
SAP.orgSAP.org
NetworkArts.usNetworkArts.us
mail.prodmail.prod
server.testserver.test
accounting.corpaccounting.corp
router01.ciscorouter01.cisco
shared.pubshared.pub
product.groupproduct.group
Internal & trusted (known knowns)
External & untrusted (known unknowns)
TodayDNSDNS
Internal system or user asks DNS, “where is this
resource?”
Internal system or user asks DNS, “where is this
resource?”
Legacy gTLDs
• Requests from inside a network ask DNS where resources are located
• DNS distinguishes between resources that are inside and outside the local network
• If DNS is configured to look for an internal match first, all is well.
• But if DNS is configured to look for an external match first, then there’s possible trouble ahead…
Example: Namespace collision
.com.com
.org.org
.us.us
.prod.prod
.test.test
.corp.corp
.cisco.cisco
.pub.pub
.group.group
bar.combar.com
SAP.orgSAP.org
NetworkArts.usNetworkArts.us
mail.prodmail.prod
server.testserver.test
accounting.corpaccounting.corp
router01.ciscorouter01.cisco
shared.pubshared.pub
product.groupproduct.group
Internal & trusted (known knowns)
External & untrusted (known unknowns)
mail.prodmail.prod
server.testserver.test
accounting.corpaccounting.corp
router01.ciscorouter01.cisco
shared.pubshared.pub
product.groupproduct.group
External and a surprise (unknown unknowns)
TomorrowDNSDNS
Internal system or user asks DNS, “where is this
resource?”
Internal system or user asks DNS, “where is this
resource?”
Trusted names unexpectedly start routing to external
hosts as new gTLDs delegate
Trusted names unexpectedly start routing to external
hosts as new gTLDs delegate
Legacy gTLDs
New gTLDs
The Problem:
Example: Namespace collision
The need for a new-gTLD preparedness project
• Given that we don’t know what will happen, and we appear to be in a high-risk zone, getting ready is the prudent thing to do– If there are failures, preparedness will be the most effective way to respond– The issues associated with being under-prepared could be overwhelming– “Hope for the best, prepare for the worst” is a strategy that we often use to guide
family decisions -- this rule also applies here– Inaction, in the face of the evidence that is starting to pile up, could be
considered irresponsible
• We benefit from these preparations, even if they’re not needed– We improve security, stability and resiliency of the DNS for all by focusing on
building a more nimble, disaster-resistant community – If we are “over-prepared” we will be in a great position to help others who
experience problems– Exercise is good for us -- whether it’s on a personal level or aimed at
strengthening our network neighborhoods and communities
How we define success
Here are possible overall objectives for an investment in new-gTLD preparedness
efforts:
– Minimize the impact of new-gTLD induced failures on the DNS, private and public network infrastructure, and Internet users
– Make technical-community resources robust enough to respond effectively in the event of a new-gTLD induced disruption
– Maximize the speed, flexibility and effectiveness of response to a new-gTLD induced disruption
AT THE EDGEIdentifying needsOrganizing, practicingResponding to problemsReporting successes and lessons-learned
AT THE COREAssessing & analyzing risks
Developing mitigation toolsProviding resources
CommunicatingCoordinating
What we should be doing:Connecting, developing and sharing resources
ICANNICANN
Registries & Registrars
Registries & Registrars
Large network operators
Large network operators
BusinessesBusinesses
AssociationsAssociationsSmall network
operatorsSmall network
operators
GovernmentsGovernments
ISPsISPs
Internet usersInternet users
What we should be doingOverall approach
Assessing readinessAssessing readiness
Determining what we need to do to get ready
Determining what we need to do to get ready
Forming partnerships
Forming partnerships
Preparing network administrators, large & small
Preparing network administrators, large & small
Practicing responsesPracticing responses
RespondingResponding
Leading - managing - informingLeading - managing - informing
• Sharing knowledge• Identifying resources to share• Making and maintaining contact
• Readiness tracking systems • Ongoing conversations with key players• Identifying risks and resources
• Determining priorities• Assisting planning efforts• Developing coordinated plans
• Training and outreach activities• Acquiring and staging resources• Identifying networks with special needs
• “Community of interest” gatherings• Checking signals between organizations• Dry runs
• Identifying problems• Delivering resources/solutions• Coordinating efforts
• Project management• Communications• Leadership
What we should be doing:Getting started
GET STARTED:
• Share and test different ideas and opinions
• Discover missed connections
• Coordinate efforts• Identify resources and
leaders• Build momentum• Keep focused
GET STARTED:
• Share and test different ideas and opinions
• Discover missed connections
• Coordinate efforts• Identify resources and
leaders• Build momentum• Keep focused
Where do we go from here?
Right away:• Agree that this effort needs attention,
support and funding• Get started on the organizing
Soon:• Establish a focal point and resource pool • Broaden the partnership base• Start tracking what areas are ready and
where there are likely to be problems