JPRS is pleased to release the English translation of "DNSSEC Technology Experiment Report / Verification of Functionality and Performance" and "DNSSEC Technology Experiment Report / Operational Design". These reports are designed to introduce case examples to share knowledge and results gained through DNSSEC technology experiments which JPRS carried out in cooperation with domestic ISPs, equipment vendors and hosting providers, etc. in 2010.
"DNSSEC Technology Experiment Report / Verification of Functionality
and Performance" English Translation (PDF: 825KB)
http://jprs.jp/dnssec/doc/DNSSEC-testbed-report-fpv1.0-E.pdf
Original (in Japanese, PDF: 1076KB)
http://jprs.jp/dnssec/doc/DNSSEC-testbed-report-fpv1.0.pdf
"DNSSEC Technology Experiment Report / Operational Design"
English Translation (PDF: 448KB)
http://jprs.jp/dnssec/doc/DNSSEC-testbed-report-odv1.0-E.pdf
Original (in Japanese, PDF: 522KB)
http://jprs.jp/dnssec/doc/DNSSEC-testbed-report-odv1.0.pdf
Note: The above English documents are provided only for reference.
Acknowledgment: These translations are contributed by APNIC (Asia Pacific Network Information Centre) . We would like to express our sincere thanks to APNIC.
APNIC and JPRS collaborate to translate "DNSSEC Technology Experiment Report"
| Updated: 3 October 2011 The version 1.1 is now effective. |
On September 22th, JPRS revised "DNSSEC Practice Statement for the JP Zone (JP DPS)". This action is a consequence of annual re-examination of JP DPS, which is regulated in section 1.4.3 of JP DPS itself.
The new version of JP DPS is found on the following URI.
cf. the current version of JP DPS;
Notes:
Document version: 1.1
Effective date: October 1st, 2011
Update overview:
- Clarified specification for NSEC3 parameters
- Deleted unnecessary description of NSEC3PARAM
(For more information, "Update History" is attached to the document)
JPRS posted English translation of "JP Domain Name Registry Report 2010." This is the annual report for 2010, briefing that year's activities performed by JPRS, in relation to its management and administration of .JP top-level domain.
Translation: JP Domain Name Registry Report 2010 (PDF)
http://jprs.co.jp/doc/report/registry-report-2010-e.pdf
Original: JP Domain Name Registry Report 2010 (in Japanese, PDF)
http://jprs.co.jp/doc/report/registry-report-2010.pdf
Note: This English translation is provided only for reference.
On January 16, Japan Registry Services Co., Ltd. (JPRS: head office at Chiyoda-ku Tokyo; President: Koki Higashida) completed the release of DNSSEC feature in the JP domain name service in order to improve the security of JP domain names.
DNSSEC is a security extension of DNS that uses digital signatures through public key cryptography. With this release, registrants of JP domain names can register the registrants' key information to the JP zone, which in turn enables Internet users to validate the response with its digital signature(s) and to detect bogus DNS responses. Consequently, the release will considerably reduce the risks including phishing, etc.
JPRS considers that DNSSEC can effectively prevent the security threats caused by bogus DNS responses. Based on this understanding, it has introduced the specifications in Japan and performed testbeds and demonstrations in cooperation with the DNS operators at home and abroad with an aim to deploy DNSSEC. On October 17, 2010, JPRS started signing the JP zone and registered the key information (DS resource record) of the JP zone in the root on December 10, 2010. After confirming that the JP zone was properly validated by the root zone key as a trust point, and that existing DNS infrastructures were not adversely affected, JPRS has completed the deployment of DNSSEC in the JP domain name service this time.
Along with this service launch, JP Registrars explained their plan with regard to DNSSEC deployment as follows.
|
Internet Initiative Japan Inc. Internet Initiative Japan Inc. (IIJ) announced that it will upgrade all of its DNS-related services, such as the DNS Outsourcing Service, to be compatible with DNS Security Extensions (DNSSEC). With this conversion, DNS Outsourcing Service can now provide signature and key renewal for relevant zone information. It can also provide key management for relevant zone information. Additionally Domain Management Service can perform registration of DS (delegation signer) for top-level DNS servers IIJ will continue to expand the use of DNSSEC enabled services in the future.
|
|
INTERNET MULTIFEED CO. Beginning on January 28, 2011, DNSSEC registration service will be available to our customers using MultiFEED service, an Internet data center service. DNSSEC validation service for MultiFEED cache DNS service will be available at the same time. Other services will adopt DNSSEC accordingly.
|
In addition, detailed information about DNSSEC operation is available at the following JPRS webpages.
About JPRS
JPRS is the company whose main businesses are to provide services related to management and registration of domain names and operate the domain name system (DNS). It was established on December 26, 2000. As a company dedicated to maintaining the Internet infrastructure of Japan, JPRS contributes to the development of the Internet and the building of a better future for everyone.
References
Press Contacts
Japan Registry Services Co., Ltd. (JPRS)On January 14th, 2011, JPRS published "DNSSEC Practice Statement forthe JP Zone (JP DPS)".
DPS (DNSSEC Practice Statement) is a document in which zone operator states ideas of security, policies, practices and procedures with regard to operational issues of DNSSEC.
DPS is comparable to a CPS (Certification Practice Statement) in PKI(Public Key Infrastructure), and the framework is proposed and being standardized in IETF. JP DPS adopts the DPS framework described in draft-ietf-dnsop-dnssec-dps-framework-03 (see References).
The full version of JP DPS is published in the following URI.
Hirofumi Hotta, Director of JPRS, was re-appointed as the Council Member of ICANN ccNSO (Country Code Names Supporting Organisation).
ccNSO, one of ICANN's Supporting Organisations, was established under the bylaws of ICANN. ccNSO bears important roles in nurturing consensus across the ccTLD community relating various issues concerning ccTLD's, and in making policy recommendations to ICANN Board, through coordination with the other ICANN Supporting Organisations and Committees.
ccNSO Council Member is to be first nominated by the other ccTLD managers and then selected through election. Hotta, who has been the Councilor since June 2004, has vigorously contributed to ICANN activities such as establishing Accountability Framework (a framework to formalize the relationship between ICANN and ccTLD managers), establishing global policies concerning Internationalized Domain Names (IDNs), and reviewing the ICANN Bylaws in line with the introduction of IDN ccTLD's.
Due to termination of his current term as the Councilor, and through the process to select the successor, Hotta has been elected again to represent Asia-Pacific region. He will cotinue to serve until March 2014.
The major challenges for the ccTLD community today is to create overall policies related to the introduction of IDN ccTLD's and to build up secure and stable ccTLD service through collaboration at the global level. By contributing to ccNSO, Hotta and JPRS will make full use of their knowledge and expertise in addressing these issues, as well as other relevant issues.
References:
| Updated: 22 October 2010 On 18 October 2010, we started signing JP zone with DNSSEC. |
We, JPRS, have developed a plan to implement DNSSEC [*1], the technology that adds improved security to the Domain Name System. Currently, we are working on preparation for the deployment in JP domain name services on 16 January 2011. The purpose of this document is to present a background of the implementation and future actions.
*1 DNSSEC: DNS Security Extensions
DNS is a vital mechanism which provides the core function of the Internet, and its operational stability is required in line with the growing importance of the Internet as part of the social infrastructure. In addition, under the circumstance where security threats caused by frauds of DNS responses have turned into reality, a strong demand for worry-free DNS which excludes these threats has grown in late years.
Aiming at improving DNS security, IETF [*2] advanced the consideration to establish the security extension of DNS called DNSSEC. DNSSEC adds signatures to DNS responses with the public key encryption scheme. This enables receivers of the DNS response to validate whether or not the response is correct and complete.
JPRS regards DNSSEC as the most effective and feasible current solution against the security threats caused by frauds of DNS responses. Based on this view, JPRS has researched and developed the method of implementing DNSSEC into large-scale zones, while discussing operational technology and roadmap toward diffusion through collaboration with DNS-related parties from home and abroad.
At present, we are conducting tests and reviews of specifications in order to implement DNSSEC, as well as performing technological evaluation with a wide range of DNS-related parties listed below.
In July 2010, ICANN [*3] introduced DNSSEC in DNS Root Servers, the highest stratum in the DNS. This contributes to the development of an environment promoting DNSSEC deployment among TLDs. Based on these circumstances, JPRS determined to implement DNSSEC in JP domain name services on 16 January 2011.
*2 IETF: Internet Engineering Task ForceDNSSEC is a mechanism to validate integrity and authenticity of DNS response, which is realized by supporting DNSSEC on both DNS providers' and users' side. Consequently, various DNS-related parties need to move ahead on their own plan to handle DNSSEC.
JPRS will continue to focus on deploying DNSSEC in JP DNS and JP domain name services provided by JPRS itself, while conducting promotional and educational activities and providing information to different DNS-related parties categorized as follows.
Operators of authoritative DNS serverAs DNS forms a hierarchical structure stretched from the root, it is demanded that DNSSEC be introduced into all the layers of DNS from the highest layer of root DNS to DNS at the TLD level and DNS server for each domain name.
- Operators of the other TLD registriesUse of DNS does not close within the national borders or respective TLDs. With a view to contributing to spread of DNSSEC over the whole Internet and enhancing DNS security, JPRS will further pursue information exchange among the TLD registries.- DNS server operators for each JP domain name
DNSSEC requires specific procedures including signing DNS information and registering signing key information in DNS server for each domain name. Targeting the operators of each JP domain names, JPRS will keep on providing information on DNSSEC operation through seminars and the media.Operators of cache DNS server
Validation of DNS responses in DNSSEC is done by cache DNS servers administered in ISPs, universities and companies. JPRS will carry on building deeper cooperation with domestic ISPs and developing activities such as providing information on DNSSEC operation through seminars and the media.
JP RegistrarsTo enable JP domain name registrants to use DNSSEC service provided by JPRS, it is required that the services of JP Registrars support DNSSEC. JPRS is going to cooperate with JP Registrars to promote the arrangement of DNSSEC service environment.
Internet usersInternet users are not required to take any special action, as the necessary validation on the users' side is done in the cache DNS servers of their providers such as ISPs. However, it is important for the users to be aware of DNSSEC and whether he/she is in the environment supporting DNSSEC or not. To help ensure this circumstance, JPRS is going to provide explanatory information on DNSSEC for the users.
As mentioned above, we will continue to promote actions by various related parties toward dissemination of DNSSEC, with an eye to implementing DNSSEC into JP domain name services in January 2011.
Oct. 2010 Start signing JP zone with DNSSEC (Completed on 18 Oct. 2010)
16 Jan. 2011 Introduction of DNSSEC in JP domain name services
(Registration of signing key starts, and DNSSEC service will be provided in JP DNS)
| 28 July 2010 | First published. |
| 22 October 2010 | We started signing JP zone with DNSSEC on 17 October 2010, and we decided to implement DNSSEC into JP domain name services on 16 January 2011. |
On July 15th, 2010, JPRS released Internationalized Domain Name Toolkit 2.0 (idnkit-2.0).
idnkit implements specifications for Internationalized Domain Name (IDN) which is standardized by IETF, and provides the following features:
The idnkit-2.0 released today is compliant with new IDN standards (*1), and is based on idnkit-1.0 (*2) developed and released by JPNIC.
It is considered that IDN's compliance to new IDN standards will progress hereafter. By providing the above features at an early stage, idnkit-2.0 will help site administrators and application developers evaluate and adopt new standards.
The idnkit-2.0 is available at the following page:
IDN Info by JPRS
http://jprs.co.jp/idn/index-e.html
For inquiries on idnkit-2.0, please contact the following e-mail address:
idnkit-info@jprs.co.jp
To download idnkit-1.0, access the following page:
http://www.nic.ad.jp/ja/idn/idnkit/download/
The following are the major changes from idnkit-1.0:
For details, please refer to NEWS file contained in idnkit-2.0.
]]>
JPRS posted English translation of "JP Domain Name Registry Report 2009." This is the annual report for 2009, briefing that year's activities performed by JPRS, in relation to its management and administration of .JP top-level domain.
Translation: JP Domain Name Registry Report 2009 (PDF)
http://jprs.co.jp/doc/report/registry-report-2009-e.pdf
Original: JP Domain Name Registry Report 2009 (in Japanese, PDF)
http://jprs.co.jp/doc/report/registry-report-2009.pdf
Note: This English translation is provided only for reference.
On September 30th, 2009, ICANN and the U.S. Department of Commerce concluded the JPA (Joint Project Agreement). On the same day, the Affirmation of Commitments was signed between them.
The Affirmation is of long standing and is not limited to the three years for which previous agreements operated.
It declares ICANN is independent and is not controlled by any one entity. It commits ICANN to reviews performed BY THE COMMUNITY -- a further recognition that the multi-stakeholder model is robust enough to review itself.
The Affirmation of Commitments - What it Means
http://www.icann.org/en/announcements/announcement-30sep09-en.htm
JPRS has, since its establishment, supported Internet resource management led by private sector. Being a private organization itself, JPRS has taken responsibility as the registry of .JP top-level domain and built up international framework through signing the Sponsorship Agreement with ICANN, also the private organization.
In addition, JPRS has actively taken part in ICANN's relevant councils, committees, working groups and other policy development discussions.
In the past JPA reviews, JPRS has supported ICANN by publicly stating that ICANN has become capable of taking its responsibility.
JPRS Submitted Comments to U.S. Department of Commerce
(9 June 2009)
http://jprs.co.jp/en/topics/2009/090609.html
JPRS Submitted Comments Responding to Notice of Inquiry by the U.S. Department of Commerce Regarding Joint Project Agreement
(19 February 2008)
http://jprs.co.jp/en/topics/2008/080219.html
JPRS Submitted Comments Responding to Notice of Inquiry by the U.S. Department of Commerce
(7 July 2006)
http://jprs.co.jp/en/topics/2006/060707.html
JPRS welcomes the end of JPA and signing of the Affirmation as the milestone of private-sector-led Internet resource management. And JPRS will contribute more than ever to sound evolution of the Internet.
]]>We, JPRS, are developing a plan to implement DNSSEC [*1], the technology that adds improved security to the Domain Name System, in JP domain name services by the end of 2010. The purpose of this document is to present a background of the implementation and future actions.
*1 DNSSEC: DNS Security Extensions
Background
DNS is a vital mechanism which provides the core function of the Internet, and its operational stability is required in line with the growing importance of the Internet as part of the social infrastructure. In addition, under the circumstance where security threats caused by frauds of DNS responses have turned into reality, a strong demand for worry-free DNS which excludes these threats has grown in late years.
Aiming at improving DNS security, IETF [*2] advanced the consideration to establish the security extension of DNS called DNSSEC. DNSSEC adds signatures to DNS responses with the public key encryption scheme. This enables receivers of the DNS response to validate whether or not the response is correct and complete.
JPRS regards DNSSEC as the most effective and feasible current solution against the security threats caused by frauds of DNS responses. Based on this view, JPRS has researched and developed the method of implementing DNSSEC into large-scale zones, while discussing operational technology and roadmap toward diffusion through collaboration with DNS-related parties from home and abroad. From now on, we are going to conduct tests and reviews of specifications in order to implement DNSSEC into JP domain name services.
*2 IETF: Internet Engineering Task Force
Actions to be taken by related parties
DNSSEC is a mechanism to validate integrity and authenticity of DNS response, which is realized by supporting DNSSEC on both DNS providers' and users' side. Consequently, various DNS-related parties need to move ahead on their own plan to handle DNSSEC.
JPRS is going to deploy DNSSEC in JP DNS and JP domain name services provided by JPRS itself, while conducting promotional and educational activities and providing information to different DNS-related parties categorized as follows.
Operators of authoritative DNS server
As DNS forms a hierarchical structure stretched from the root, it is demanded that DNSSEC be introduced into all the layers of DNS from the highest layer of root DNS to DNS at the TLD level and DNS server for each domain name.
- Operators of root DNS
To ensure smooth operation of DNSSEC, it is essential to introduce DNSSEC into root DNS which is the highest layer in the DNS structure. ICANN [*3]/IANA [*4] is moving ahead the discussion toward adopting DNSSEC. Taking the discussion into consideration, JPRS continues to support early adoption of DNSSEC at the root level, by cooperating with the other TLD registries.
*3 ICANN: Internet Corporation for Assigned Names and Numbers
*4 IANA: Internet Assigned Numbers Authority
- Operators of the other TLD registries
Use of DNS does not close within the national borders or respective TLDs. With a view to contributing to spread of DNSSEC over the whole Internet and enhancing DNS security, JPRS is going to play an active part in information exchange among the TLD registries.
- DNS server operators for each JP domain name
DNSSEC requires specific procedures including signing DNS information and registering signing key information in DNS server for each domain name. Targeting the operators of each JP domain names, JPRS will provide information on DNSSEC operation through seminars and media.
Operators of cache DNS server
Validation of DNS responses in DNSSEC is done by cache DNS servers administered in ISPs, universities and companies. JPRS will build deeper cooperation with domestic ISPs and will develop activities such as providing information on DNSSEC operation through seminars and media.
JP domain name registrars
To enable JP domain name registrants to use DNSSEC service provided by JPRS, it is required that the services of JP domain name registrars support DNSSEC. JPRS is going to cooperate with registrars to promote the arrangement of DNSSEC service environment.
Internet users
Internet users are not required to take any special action, as the necessary validation on the users' side is done in the cache DNS servers of their providers such as ISPs. However, it is important for the users to be aware of DNSSEC and whether he/she is in the environment supporting DNSSEC or not. To help ensure this circumstance, JPRS is going to provide explanatory information on DNSSEC for the users.
As mentioned above, we will continue to promote actions by various related parties toward dissemination of DNSSEC, with an eye to implement DNSSEC into JP domain name services by the end of 2010.
]]>
|
8th June 2009 Ms. Fiona M. Alexander Office of International Affairs National Telecommunications and Information Administration U.S. Department of Commerce 1401 Constitution Avenue, N.W. Room 4701, Washington, DC 20230 United States of America Re: Docket No. 090420688-9689-01 Assessment of the Transition of the Technical Coordination and Management of the Internet's Domain Name and Addressing System Dear Ms. Alexander, We, JPRS (Japan Registry Services Co., Ltd.), are one of the ccTLD sponsoring organizations that formalized relationship with ICANN at its earliest stage, through conclusion of the ccTLD sponsorship agreement. JPRS has supported coordination of Internet resource management led by private sector centering on ICANN, thus has actively participated in and contributed to the ICANN process. We submit the following comments responding to your Notice of Inquiry:
Sincerely yours, Koki Higashida President Japan Registry Services Co., Ltd. |
JPRS posted English translation of "JP Domain Name Registry Report 2008." This is the annual report for 2008, briefing that year's activities performed by JPRS, in relation to its management and administration of .JP top-level domain.
Translation: JP Domain Name Registry Report 2008 (PDF)
http://jprs.co.jp/doc/report/registry-report-2008-e.pdf
Original: JP Domain Name Registry Report 2008 (in Japanese, PDF)
http://jprs.co.jp/doc/report/registry-report-2008.pdf
Note: This English translation is provided only for reference.
April 22, 2009
Japan Registry Services Co., Ltd.(JPRS)
Japan Registry Services Co., Ltd. (JPRS: head office at Chiyoda-ku, Tokyo; President: Koki Higashida), the company responsible for management and administration of .JP top-level domain and overall management and operation of the JP Domain Name System (JP DNS), announced today that it would participate in the BIND 10 development project. BIND 10 is the next version of DNS software to be launched by Internet Systems Consortium, Inc. (ISC: head office at Redwood City, CA; President: Paul Vixie).
DNS is one of the fundamental functions supporting the Internet and is indispensable for its smooth operation. BIND, which is developed by ISC, is the most widely-used DNS server software. The current BIND version 9 was released in September 2000, thus it has been nearly a decade since the start of its distribution.
With the remarkable growth of the Internet during these years, requirements for DNS, such as stronger resistance against DDoS attacks on DNS servers, are building up continuously. In addition, as the new technologies including IP Anycast and DNSSEC spread, demand for the new DNS software to apply these new technologies is increasing. In response to these growing needs, ISC announced a new project to develop the next-generation BIND 10 which offers enhanced security and resilience.
In support of the objectives of the project, and as the registry of .JP domain names, JPRS decided to participate in it from the development stage. JPRS believes that would lead to its contribution towards the operational stability of the Internet. A number of TLD registries in the world, including CIRA (.ca) and DENIC (.de), have also announced that they will join the project. And JPRS plans to take an active part in this joint development initiative not only by offering financial support, but also by assigning its engineers to the project.
According to the current plan, BIND 10 will have the features including the followings:
Like its predecessors, BIND 10 will be released by ISC as the open-source software offered for the entire Internet community.
JPRS will continue to cooperate with DNS server operators to meet the needs of the Internet community and society at large, and endeavor to achieve growth and operational stability of the Internet.
List of TLD Registries Announcing Participation in BIND 10 Development Project:
- JPRS (.jp/ Japan)
- CIRA (.ca/ Canada)
- Afilias (.info)
- AFNIC (.fr/ France)
- DENIC (.de/ Germany)
- IIS.SE (.se/ Sweden)
- Nominet (.uk/ United Kingdom)
- Registro.br (.br/ Brazil)
- SIDN (.nl/ The Netherlands)
- ZADNA (.za/ South Africa)
Glossary
* IP Anycast
Generally, a single IP address is assigned to each specific host on the Internet. With the IP Anycast technology, a single IP address is assigned to a particular function or service so that multiple hosts can handle the transactions assigned to the address. With this approach, load distribution is realized by the routing technology. Servers that use IP Anycast technology share a single IP address, and users' requests are handled by the server closest to the user in terms of routing protocols.
* DNSSEC
DNSSEC is an extended function of DNS providing DNS services more securely. DNSSEC uses the public key encryption technology for authentication to assure the legitimacy of the source and contents of the data received from servers.
* DDoS attack
Distributed Denial of Service (DDoS) attack whereby a number of computers are engaged in denial of service attacks simultaneously.
* Japan Registry Services Co., Ltd. (JPRS)
http://jprs.co.jp/en/
JPRS was incorporated on December 26, 2000 to carry out responsibility of the management and administration of the .JP top-level domain and to operate the domain name system. As a company dedicated to maintaining the Internet infrastructure, JPRS contributes to the development of the Internet and building of a better future for everyone.
References
* "ISC Commences Development of Next Generation Domain Name Server Architecture with Unprecedented Community Sponsorship": Release by ISC
https://www.isc.org/about/pr/2009042200
* ISC BIND 10
https://www.isc.org/bind10/
* ISC (Internet Systems Consortium, Inc.)
https://www.isc.org/
* BIND (Berkeley Internet Name Domain)
https://www.isc.org/software/bind/
Press Contacts
Japan Registry Services Co., Ltd. (JPRS)
TEL:+81-3-5215-8451
FAX:+81-3-5215-8452
E-mail: press@jprs.co.jp
http://jprs.co.jp/
Chiyoda First Bldg. East 13F, 3-8-1 Nishi-Kanda
Chiyoda-ku, Tokyo 101-0065, Japan
On 31 March 2009, an RFC which specifies a standard for E-mail Address Internationalization (EAI) and was co-authored by two (2) engineers of JPRS was published. This means that EAI is prepared for the field tests toward the actual utilization.
An e-mail address is described in the form of "user-name@domain-name". In terms of standardization of "domain name" which is on the right part to @, a standard is already defined as Internationalized Domain Name (IDN). EAI is the technology which internationalizes the whole e-mail address including the left part to @, i.e., "local part"; also, it is the technology whereby non-ASCII characters of various languages including Japanese can be used in any part of an e-mail address.
Internationalization of e-mail address is one of the significant technical developments to break down barriers to the use of the Internet; thus, it is beneficial for those whose mother tongue is not English. E-mail is one of the fundamental services of the Internet. Therefore, we need to internationalize e-mail through retaining the compatibility with the current system, while making them interface with the future extensions.
With this publication, the fundamental standards to keep the backward compatibility and extend the respective protocols which set up the e-mail system are compiled in four (4) RFCs (RFC 5335, RFC 5336, RFC 5337 and RFC 5504) as experimental standards. RFC 5504 specifically defines a standard for the backword compatibility with the existing e-mail system in case the internationalized e-mail address is used. RFC 5504 is co-authored by Mr. Kazunori Fujiwara and Mr.Yoshiro Yoneya from JPRS.
Now that these RFCs are published, all the fundamental RFCs required to handle the internationalized e-mail address are in place, so the development of experimental implementation and the field test on the Internet toward the actual utilization are now available. From now on, implementation to e-mail softwares and the review toward the preparation of a variety of RFCs which become standard track are going to be proceeded through the field tests and other related activities.
References: