RFC 2010 (rfc2010) - Page 3 of 7

Operational Criteria for Root Name Servers

Alternative Format: Original Text Document
< Previous
Next >
RFC 2010                    DNSSVR Criteria                 October 1996


   2.2. UDP checksums.  UDP checksums must be generated when sending
   datagrams, and verified when receiving them.

     Rationale:  Some vendors turn off UDP checksums for performance
                 reasons, citing the presence of MAC-level frame checks
                 (CRC, for example) as "strong enough."  This has been
                 a disaster in actual practice.

   2.3. Dedicated host.  A name server host should have no other
   function, and no login accounts other than for system or network
   administrators.  No other network protocols should be served by a
   name server host (e.g., SMTP, NNTP, FTP, et al).  If login is
   permitted from other than the system console, then the login service
   must be by encrypted channel (e.g., Kerberized and encrypted
   rlogin/telnet, the secure shell (SSH), or an equivilent).

     Rationale:  Each additional service performed by a host makes it
                 less reliable and potentially less secure, as well as
                 complicating fault isolation procedures.  While name
                 service does not consume very much in the way of system
                 resources, it is thought best that a host do a few
                 things well rather than many things poorly.

   2.4. Clock synchronization.  A name server host should synchronize
   its clock using the NTP protocol (currnet version) with
   authentication.  At least two NTP servers should be used.  As an
   exception to section 2.3 above, a name server host can be an NTP
   server as well.

     Rationale:  For distributed fault isolation reasons, synchronized
                 time stamps in system event logs are quite helpful.
                 NTP is easily spoofed by UDP blast attacks, thus the
                 requirement for authentication between the name server
                 host and its NTP servers.  A name server host is
                 allowed to be an NTP server because it has been
                 observed that a single host running both name service
                 and stratum 1 NTP is still quite reliable and secure.

   2.5. Network interfaces.  Name servers must send UDP responses with
   an IP source address (and UDP source port number) equal to the IP
   destination address (and UDP destination port number) of the request.
   Also, a name server might have multiple real interfaces, but only one
   will be advertised in the zone's NS RRset and associated glue A RRs.
   The advertised address should be that of the "best" interface on the
   host, in terms of network performance and reliability to the largest
   number of destinations.





Manning & Vixie              Informational
< Previous
Next >