Afilias Managed DNS Frequently Asked Questions Frequently Asked

Home , DNS zone, Domain name, Name server, Root name server, Subdomain

Aﬁlias Managed DNS Frequently Asked Questions

Frequently Asked Questions

1 Specific Questions about Afilias Managed DNS 2 1.1 What is the Afilias DNS network? ...... 2 1.2 How long has Afilias been working within the DNS market? ...... 2 1.3 What are the names of the Afilias name servers? ...... 2 1.4 How does my configuration get propagated to DNS and how long does it take? . . . . . 2 1.5 How can I confirm that changes I make to my domains are being resolved on the Afilias network?...... 2 1.6 For secondary DNS service, what happens if there is a failure when transferring the zone file from my primary server? ...... 2 1.7 How easy is it to move domains over from another DNS provider and will there be any downtime? ...... 3 1.8 What support does Afilias provide? ...... 3 1.9 Does the Afilias network support IPv6? ...... 3 1.10 What resource records does Afilias support? ...... 3 1.11 Can I do bulk changes? ...... 3

2 General DNS Questions 3 2.1 What is DNS? ...... 3 2.2 Where can I get more information about DNS? ...... 4 2.3 What is DNSSEC? ...... 4 2.4 When will DNSSEC be available? ...... 4 2.5 What is BIND? ...... 4 2.6 What is the diﬀerence between a domain and a zone? ...... 4 2.7 What is a “glue record”? ...... 4 2.8 What is the diﬀerence between Primary, Secondary, Master and Slave DNS? ...... 4

3 Questions about Security 5 3.1 What is a distributed denial of service attack, or DDoS? ...... 5 3.2 What is a “botnet”? ...... 5 3.3 What is spam? ...... 5 3.4 What is “phishing”? ...... 5 3.5 What is “pharming”? ...... 5 3.6 What is malware? ...... 5 3.7 What does the term “Fast Flux” refer to? ...... 6

4 Questions about Internet and DNS Administration 6 4.1 What is ICANN? ...... 6 4.2 What is SSAC? ...... 6 4.3 What is RSSAC? ...... 6

5 Questions about Site Certain 6 5.1 What is SiteCertain? ...... 6 5.2 How do I add a URL for SiteCertain Monitoring? ...... 7 5.3 How do I add an IP address to SiteCertain Monitoring? ...... 7 5.4 How many IP addresses can I add? ...... 7 5.5 How do I set up script monitoring? ...... 7 5.6 How will I be notiﬁed of a failover? ...... 7

Issue 3 c Aﬁlias Limited 2009 1 Aﬁlias Managed DNS Frequently Asked Questions

6 Questions About Billing 7 6.1 What are the wiring instructions for Aﬁlias Managed DNS service? ...... 7 6.2 To whom should checks be made payable? ...... 7 6.3 Where should checks be sent? ...... 8

Issue 3 c Aﬁlias Limited 2009 2 Aﬁlias Managed DNS Frequently Asked Questions

1 Specific Questions about Afilias Managed DNS 1.1 What is the Afilias DNS network? Afilias manages a global network of dedicated high performance servers that provides supe- rior response times to all DNS lookups and queries. This network was developed to support all the top level domains (TLD, gTLD, ccTLD) managed by Afilias registry services. Afilias Managed DNS now provides premium DNS service for other customers on this network.

1.2 How long has Aﬁlias been working within the DNS market? Aﬁlias has been a leader in the DNS market since 2000 when it won the ICANN bid to provide new registry services for the .info top level domain (TLD). It developed its premium DNS network in 2005.

1.3 What are the names of the Afilias name servers? The name servers for Afilias Managed DNS are shown on the SOA screen of each primary domain configuration. They are: • a.service.afiliasdns.info • b.service.afiliasdns.org • c.service.afiliasdns.net • d.service.afiliasdns.com • e.service.afiliasdns.info • f.service.afiliasdns.net

1.4 How does my configuration get propagated to DNS and how long does it take? Your primary (master) DNS configuration is stored in a database. Whenever you make changes, the serial number is automatically incremented. This triggers a notify message that is sent to the Afilias network. An Afilias server then does a DNS zone transfer to copy your changes and distribute them across the Afilias DNS network. This process is completed within a few minutes.

1.5 How can I confirm that changes I make to my domains are being resolved on the Afilias network? There are detailed examples in the User Guide of how to use dig and nslookup to verify your changes on the Afilias network and on the Internet.

1.6 For secondary DNS service, what happens if there is a failure when transferring the zone file from my primary server? There is currently no mechanism to deliver error messages on zone transfers (AXFR/IXFR) to the Afilias secondary service. You should run dig/nslookup (as shown in the Verification section of the User Guide) to confirm that the serial number of the zone on the Afilias network matches the serial on your primary server. If there is a mismatch, and you suspect the transfer has failed, you can send in a ticket using the Support screen on the web portal or call the Afilias Customer Service Center for further analysis of the problem.

Issue 3 c Aﬁlias Limited 2009 3 Aﬁlias Managed DNS Frequently Asked Questions

1.7 How easy is it to move domains over from another DNS provider and will there be any downtime? If your domain is small, you can simply create it using the Afilias Managed DNS web portal. For a larger domain, if your current DNS provider has an export option, you can use this to create a file that can be imported. Once your primary domain is set up and you have verified it is resolving correctly on the Afilias network, you simply reconfigure the name servers on your other provider to point to the Afilias name servers. Providers generally take from 15 minutes to 1 day to complete this change. Some providers terminate DNS service as soon as name servers are configured to point off their network. You can increase the TTL on such providers in advance of making the change to mitigate downtime by increasing the time that caching DNS servers retain your domain information. Please see the Afilias Managed DNS User Manual for for more information.

1.8 What support does Afilias provide? Afilias maintains a Customer Service Center that is staffed 24 hours a day, 7 days a week. You can contact them by phone at the number shown on the top of every web portal screen. You can also send in a request via the Support page on the web portal. This request will create a “ticket” that will be handled by a support analyst who will reply by email.

1.9 Does the Aﬁlias network support IPv6? Yes. The Aﬁlias network is fully IPv6 compliant and can handle DNS queries from machines running IPv6 and allows you to add AAAA records to your zones.

1.10 What resource records does Aﬁlias support? For secondary service, Aﬁlias zone transfers from your primary DNS will support all records supported by BIND 9. For primary DNS service, the records you can enter are: A, AAAA, CNAME, MX, NS, TXT, PTR, SRV. Subsequent release will add support for other record types such as NAPTR, DNAME.

1.11 Can I do bulk changes? Via the API, you are able to deﬁne up to 10,000 secondary zones for creation, deletion, or update in a single operation. Via the API you may update as much of the content of a primary zone as you wish in a single operation. There is currently no API support for bulk management of more than one primary zone.

2 General DNS Questions 2.1 What is DNS? Computers on the Internet are identiﬁed by a unique numeric address, an IP address. The Domain Name System (DNS) makes using the Internet easier by allowing applications to use names instead of IP addresses. Instead of having to type 206.153.158.4 in a web browser, a person can simply type www.somewhere.info. The web browser will “resolve” the name and translate it to the necessary IP address by sending a query to a DNS server to do the lookup and translation. DNS also enables email addresses to be used with names instead of IP addresses.

Issue 3 c Aﬁlias Limited 2009 4 Aﬁlias Managed DNS Frequently Asked Questions

2.2 Where can I get more information about DNS? There are many good books that provide in depth descriptions of DNS. There are also many good tutorials and other articles about DNS on the Internet. The ultimate deﬁnition of the DNS protocol and best practices for managing DNS is provided by the RFC publications of the IETF, the Internet standards body.

2.3 What is DNSSEC? DNSSEC (DNS Security Extensions) is an enhancement to the DNS protocol. It allows zone administrators such as the IANA to sign their zone ﬁles using public key cryptography. DNS users can then use these signatures to verify that the information they receive from DNS servers, such as the root name servers, is authentic. This prevents manipulation of the data during storage on servers and during transmission.

2.4 When will DNSSEC be available? DNSSEC will be available for primary zones in the second half of 2011.

2.5 What is BIND? BIND stands for Berkeley Internet Name Daemon. This was one of the ﬁrst implementa- tions of a DNS server. It is a standard component of most Unix and Linux systems and runs as the process “named”. It is estimated that as much as 80% of all DNS queries on the global Internet are handled by BIND servers.

2.6 What is the difference between a domain and a zone? A domain is a unique name within the DNS system that belongs to an individual or an organization. A zone is the information used by a DNS server to resolve the names in the domain. Very often a zone contains one domain, so the terms are often used interchangeably. The owner of a domain also has ownership of all the subdomains of that domain. For example, a company that has registered the domain more.info can set up different websites using the subdomains canada.more.info, europe.more.info. When they set up their DNS, they can include all the subdomain information in one zone, or they can “delegate” some or all of the subdomains to different zones.

2.7 What is a “glue record”? If a subdomain is delegated from one zone to another, the name server for that subdomain must be provided (in a NS resource record). If that name server is in the domain or subdomain of the zone being conﬁgured, then an A record must be created to provide the IP address of the name server. This A record is called a glue record and is required to avoid creating a circular dependency in DNS.

2.8 What is the difference between Primary, Secondary, Master and Slave DNS? Primary and Master are the same. Secondary and Slave are the same. The difference in terminology comes from different versions of BIND. A Primary DNS server is one that has its own copy of the zone configuration information. A Secondary is a server that gets its zone data from a Primary. There are several different ways that a Secondary can be set up so that it updates its zone data when the configuration on the Primary changes. When it

Issue 3 c Aﬁlias Limited 2009 5 Aﬁlias Managed DNS Frequently Asked Questions

comes to DNS resolution, there is no diﬀerence between a Primary and a Secondary; they both provide authoritative answers to DNS queries. Domain resolution is provided by a pool of name servers, generally at least 2 and a maximum of 13. Usually one is a Primary and the rest are Secondary. There is no strict order in which the servers are queried; the Primary is not queried ﬁrst.

3 Questions about Security 3.1 What is a distributed denial of service attack, or DDoS? A DDoS attack on the Internet is one in which a multitude of compromised systems attack a single target and cause denial of service (DoS) for users of the targeted system. The large number of incoming messages forces the target system to slow down or even shut down, thereby denying service to legitimate users. Distribution increases the traﬃc and decreases the focus on the sources of the attack.

3.2 What is a “botnet”? A “botnet” is a collection of compromised computers or ”zombies” under the control of one party (a ”botherder”). The individual computers making up the botnet have been compromised via malware or hacking, without the informed consent of their owners. Botnets are used to perpetrate a variety of illegal acts, including spamming, hosting phishing sites and mounting distributed denial-of-service attacks (DDoS attacks).

3.3 What is spam? Electronic messaging systems are often used to send unsolicited bulk messages known as “spam”. The term may be applied to e-mail spam and similar abuses such as instant messaging spam, mobile messaging spam, and the spamming of Web sites and Internet forums.

3.4 What is “phishing”? Phishing refers to the use of counterfeit web pages designed to trick recipients into divulging sensitive data such as usernames, passwords or ﬁnancial data. Phishing site are usually advertised via fraudulent spam e-mails.

3.5 What is “pharming”? The redirecting of unknowing users to fraudulent sites or services, typically through DNS hijacking or poisoning.

3.6 What is malware? Software designed to inﬁltrate or damage a computer system without the owner’s informed consent is called “malware”. Examples include computer viruses, worms, key loggers and Trojan horses.

Issue 3 c Aﬁlias Limited 2009 6 Aﬁlias Managed DNS Frequently Asked Questions

3.7 What does the term “Fast Flux” refer to? Fast Flux is a technique that disguises the location of a web site or other Internet service by frequently changing the location (IP address) on the Internet to which the domain name of an Internet host or name server resolves. Fast ﬂux is usually associated with criminal uses of Internet resources, such as the hosting of phishing sites and is typically used by botnets.

4 Questions about Internet and DNS Administration 4.1 What is ICANN? The Internet Corporation for Assigned Names and Numbers (ICANN) is an internationally organized, non-proﬁt corporation that has responsibility for Internet Protocol (IP) address space allocation, protocol identiﬁer assignment, generic (gTLD) and country code (ccTLD) top-level domain name system management and root server system management functions. As a private-public partnership, ICANN is dedicated to preserving the operational stability of the Internet, promoting competition, achieving broad representation of global Internet communities, and developing policy appropriate to its mission through bottom-up, consen- susbased processes.

4.2 What is SSAC? The Security and Stability Advisory Committee (SSAC) advises the ICANN community and board on matters relating to the security and integrity of the Internet’s naming and address allocation systems. This includes operational matters (e.g., matters pertaining to the correct and reliable operation of the root name system), administrative matters (e.g., matters pertaining to address allocation and Internet number assignment), and registration matters (e.g., matters pertaining to registry and registrar services such as Whois). SSAC engages in ongoing threat assessment and risk analysis of the Internet naming and address allocation services to assess where the principal threats to stability and security lie, and advises the ICANN community accordingly.

4.3 What is RSSAC? The Root Server System Advisory Committee (RSSAC) advises the ICANN community and board about operation of the DNS root name servers. It also provides advice on the operational requirements of root name servers, including host hardware capacities, operating systems and name server software versions, network connectivity and physical environment. RSSAC examines and advises on security aspects of the root name server system, and reviews the number, location, and distribution of root name servers considering total system performance, robustness, and reliability.

5 Questions about Site Certain 5.1 What is SiteCertain? SiteCertain is an add-on service available to Aﬁlias Managed DNS Customers. It provides Web site monitoring and IP failover to select URLs. SiteCertain will also monitor speciﬁc page content accuracy to assure your Web site is loading correctly. There are a number of price plans available that vary based on number of URLs monitored and monitoring intervals.

Issue 3 c Aﬁlias Limited 2009 7 Aﬁlias Managed DNS Frequently Asked Questions

5.2 How do I add a URL for SiteCertain Monitoring? The Aﬁlias Managed DNS User Manual provides considerable detail on how to conﬁgure the SiteCertain service.

5.3 How do I add an IP address to SiteCertain Monitoring? The Aﬁlias Managed DNS User Manual provides considerable detail on how to conﬁgure the SiteCertain service.

5.4 How many IP addresses can I add? You may add up to 9 failover IP Addresses.

5.5 How do I set up script monitoring? You can enter your script monitoring while setting up or modifying your SiteCertain URL. On the SiteCertain conﬁguration page, you can enter data into the “Content to Check” box exactly as it should appear on your Web site. If this content is contained anywhere on the page returned when the site is monitored, then the URL will be considered ’Up.’ If it is not, then the URL will be considered ’Down.’

5.6 How will I be notified of a failover? In the case of a failover you may choose to be notified by email and/or an SMS message sent to your phone. You can configure email and SMS settings as well as opt-in to receiving SMS alerts on the Security and Alerts page under the My Account menu.

6 Questions About Billing 6.1 What are the wiring instructions for Aﬁlias Managed DNS service? Wire payments should be sent to: Bank of Ireland Global Markets P.O. Box 2386 Colvill House Talbot Street Dublin 1 The following account information should be included:

Sort Code: 901394 Account Number: 55898020 SWIFT: BOFI IE 2D IBAN: ID 48 BOFI 9013 9455 8980 20

6.2 To whom should checks be made payable? Checks should be made payable to Aﬁlias Resolution Service Limited.

Issue 3 c Aﬁlias Limited 2009 8 Aﬁlias Managed DNS Frequently Asked Questions

6.3 Where should checks be sent? Checks should be mailed to the following address: Aﬁlias Limited Corporate Headquarters 2 La Touch´eHouse IFSC Dublin 1 Ireland

Tel: + 353.1.4693700 Fax: + 353.1.4693399

Issue 3 c Aﬁlias Limited 2009 9