You are here: Home / Service & Support / Technical Information / DNS / Nameserver security for .at

Nameserver security for .at

At an ITU ( International Telecom Union External Link) workshop in march 2003, a survey External Link on the nameservers of all 243 country code Top Level Domains (as .at) was presented by the company Nominum External Link.
This survey listed eleven critical points which influence or prevent the function of all domains under the respective Top Level Domain: delegations errors such as unresolvable names, parent/child mismatches, lame delegations, recursive servers, open zone transfers, lack of diversity in software and location, unsufficient monitoring and service level agreements as well as inadequate defences against Denial of service attacks.

According to these criteria, nic.at nameservers are flawless!
In the following, we list the problems and comment them regarding the situation for .at.

1) Can the name of all nameservers be resolved properly?
Yes.

2) Are there CNAME records used instead of host names?
No.

3) Is the set of name servers identical in the parent and child?
Yes. The set of name servers is identical to those in the root zone. This is constantly monitored by nic.at. For all name servers there exist glue records in the root zone.

4) Do there exist any lame delgations?
No. All present name servers answer authoritatively. This is constantly monitored by nic.at.

5) Do nic.at name servers allow recursive queries?
No. This function is disabled for all name servers.

6) Do nic.at name servers allow zone transfers?
No. This function is disabled for all name servers.

7) Does nic.at use diverse name server software?
Yes. At present we use three different sotware products.

8) Are nic.at name servers located in diverse address prefixes?
Yes. nic.at name servers are based on different locations. Each name server is connected to the Internet by another path.

9) Does nic.at run any monitoring?
Yes. All name servers are constantly monitored.

10) Are there service level Agreements with partners providing secondary service?
Yes. nic.at does have specific service level agreements with all partners.

11) Are there steps to prevent distributed denial of service attacks?
This is a very complex problem which can not be resolved by nic.at single-handedly, as those attacks concern different network areas. Of course nic.at is in permenent contact with network providers or other organisations to prevent DOS-attacks. We also take internal measures to minimise the dangers of such an attack.

Please also read the statement of CENTR, PDF Link the Council of European National Top Level Domain Registries.

© nic.at Internet Verwaltungs- und Betriebsgesellschaft m.b.H.