South Africa has an 'insurance policy` against an Internet catastrophe, with its own root name server now operational at the Johannesburg Internet Exchange (JINX), thanks to volunteers and sponsorships.
The root name server, or in this case f.root-servers.net, is the high-level domain name server that enables the domain name system to work. Top-level domain names, such as .za, were until recently dependent on the US, and use the root name server to function.
"The country was vulnerable to any disaster such as a dedicated hack attack, or a natural disaster, or some kind of terrorist action," says Radian governance consultant Alan Levin. "The results of such an attack would leave the country`s Internet connection unplugged, so to speak, and disrupt e-mail, commercial and other communications facilities."
However, with the switch-on of the JINX root domain name server last week, internal communications can be maintained independent of the international links.
Levin initiated the Internet Service Providers` Association (ISPA) committee that steered the installation of the root name server since the idea was first mooted in September 2002.
Addressing the need
The need for an in-country domain name server is not readily apparent as it operates on the backbone of the Internet and is not visible to users. Essentially the DNS routes Internet data to and from the correct address by first finding the authentative domain name server, then working its way down to the lowest level through a succession of servers.
Levin says there are only 13 domain name route servers in the world and only three are located outside the US, namely London, Stockholm and Japan. Only one is currently distributed, namely f.root, which is administrated by the non-profit organisation International Software Coalition (ISC).
In turn, ISC has global nodes in San Francisco and Palo Alto, and local nodes in Rome, Madrid, New York, Los Angeles, Ottawa, San Jose, Hong Kong, Seoul, Beijing, Auckland and now Johannesburg.
The Johannesburg root domain name server is physically co-located with JINX and is connected to it with dual 100Mbps connections. It has two redundant, lower-capacity transit paths via two independent Internet service providers (ISPs) for management, measurement and zone transfers. There will also be a cluster of two name servers sharing the query load.
Using the local f.root-server.net will cut the domain name trace from around four microseconds to around one microsecond, making the tracing of attacks using false addresses much faster to track. It will also help cut the cost of traffic as local e-mails destined for in-country addresses will not rely on the global Internet connections to the US.
How to check for the server
To check if one is already using the f.root server, try "traceroute f.root-servers.net", then "dig @ f.root-servers.net hostname.bind chaos txt".
To gain access, peer with the f.root node at JINX. See: http://isc.org /peering
"The main pay-off of having the f.root domain name server in Johannesburg is robustness and reliability," Levin says.
All the equipment needed was donated by Cisco in the US, Internet Solutions, UUNet, Uniform SA, ISPA and Cape-based ISP Bucknet.
The domain name server steering committee consisted of Levin; Calvin Browne, CFO of Uniform SA; Alan Barrett, CEO of Cequrux; Rob Hunter of UUNet; Jaco Engelbrecht of Internet Solutions; and Ant Brooks of the ISPA secretariat.
Share