This article is more than 1 year old

How do you create an SLA and status page for the whole internet? Meet IANA: Keepers of DNS

Running the web without the US at the helm – and in Java

Internet kept glued together with a Java-powered user interface

These new service levels are a direct result of the US government deciding to pull itself out of the process and hand over control of the IANA contract. Currently that shift is planned for 30 September 2016.

In return for being allowed to authorize the changes it is asked to make, i.e., pull out the US government role, ICANN/IANA is expected to provide greater transparency into its processes. Which it is perfectly prepared to do, but not all the adjustments are as easy as they look.

Changes to the internet's root zone are done through a big Java app, according to the man who knows more about the system than anyone else in the world, ICANN CTO David Conrad.

Conrad is one of the most respected internet engineers alive today. In addition to having been the first director-general of Asia Pacific's Network Information Center back in 1993, he became executive director of the Internet Software Consortium in 1998, and CTO of DNS specialist Nominum in 2001.

He was also the person that ICANN reached out to in 2005 when the organization was under fire over how it handled the IANA contract. The United Nations had taken an interest in how the internet was run and was less than excited about the fact that the US government was ultimately "in charge" of the top level of the network.

The spotlight turned on ICANN and how it handled the IANA functions. What it uncovered was not pretty: a clunky outdated system, poor processes, terrible communication, and an effort by ICANN's executive team to use IANA management as a way of forcing the world's countries to sign a binding contract with it.

Conrad knows how the IANA contract works on a technical level because he largely rebuilt it, adding in process steps, metrics, and security to the software and keeping it separate from the broader – and far more political – ICANN. To this day, IANA runs an entirely separate system to ICANN, which is just as well given ICANN's dire security record.

"It's a big Java app," Conrad tells us. "In two parts. There is an extra UI [user interface] at the NTIA [the US government arm that oversees IANA] so they can authorize changes, and then there are the systems run by ICANN and Verisign."

IANA built the NTIA's user interface, but the ICANN-IANA system and the Verisign system are different and independently developed. Verisign hasn't seen ICANN's code and vice versa but that is not of much concern to Conrad. "We know how their code operates so I don't see much point in seeing the actual code. The APIs are the important part."

New code

The new metrics in the "Service Level Expectation" (SLE) will require some additional code to be added to the IANA system, however.

Conrad left ICANN in 2010 but when it became clear that IANA needed to be updated for a second time in order to allow ICANN to become autonomous, it reached out to him again and he rejoined the organization in August 2014.

The existing system has an audit function and transaction logging, but doesn't capture everything the internet community wants. And the details it does log are currently provided in clunky PDF documents listed by month on different webpages on ICANN's website. The idea is to bring ICANN in line with the internet of 2015 with real-time XML feeds, graphs, and color-coded warnings.

That said, Conrad doesn't see the value in measuring "the time the automation system takes from when the last required confirmation is received until the business process logic progresses the request to the next logic state," but since it has been requested, he will add it to the system.

"None of this is hard, it's small modifications to the existing system," he admits. But when that system could bring down the entire internet if it goes wrong, he confesses to being cautious. "We are dealing with the code for root zone here so we have to be careful."

The IANA team is planning to test code changes for six months before making it a permanent part of the system. It is also pondering whether to keep in the step that the NTIA currently uses to approve changes – and require an IANA staffer to carry out an additional click – or pull out the authorization code altogether.

The new code will be introduced in April 2016 and the data collected and analyzed in time for the planned transition on 30 September. There are roughly 100 to 200 root zone change requests each month, so the plan is that the 400 to 800 requests in that time period will give enough of a sample to check that the new systems are up and running, and the new metrics provide the sort of transparency and accountability that the internet community is looking for.

When that is done, and assuming the transition overcomes the political barriers that are currently in its path, then anyone on the internet will be able to see just how the top level of the internet is functioning. ®

More about

More about

More about

TIP US OFF

Send us news


Other stories you might like