Versions Compared

Old Version 10

changes.mady.by.user Steven Kim

Saved on

compared with

New Version 11

changes.mady.by.user Steven Kim

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

KINDNS best practices and implementation guidelines cover the following five categories of Authoritative Server and Recursive Resolver operators:


Authoritative Server Operators:

  • Critical Zones.For KINDNS purposes, the following are considered critical zones:
  • Zones managed by Top-level Domain (TLD) operators/registries, including TLD zones themselves (e.g., .com, .info, .be) and their subdomains (e.g., co.uk, co.za), and any auxiliary zones necessary to the operation of a ccTLD (e.g., nic.uk, nic.fr, nic.dk)
    • Other delegation-centric zones of national importance for TLDs
    • SLDs tied to critical services such as healthcare and e-governance/citizen and ID services (e.g., mitid.dk)
    • Finance/banking sites
  • Other SLD Zones. This includes all SLD zones except those specifically called out as critical zones.


Recursive Server Operators:

  • Private Resolvers.Private resolvers are not publicly accessible and cannot be reached over the open internet. They are typically found in corporate networks or other restricted-access networks. Private resolvers in some cases are part of a trusted computing domain (e.g., Active Directory).
  • Shared Private Resolvers.Shared private resolver operators are typically ISPs or similar hosting service providers. They offer DNS resolution services to their customers (mobile, cable/DSL/fiber residential and commercial users, as well as hosted servers and applications). The client or host is using the ISP to access the rest of the Internet.
  • Public Resolvers.This category includes both open and closed public resolvers. Examples of open public resolvers include CloudFlare’s 1.1.1.1, Google’s 8.8.8.8, and Quad9’s 9.9.9.9. Closed public resolvers are typically commercial DNS filtering/scrubbing services, such as DNSfilter and OpenDNS. These service providers are typically not Internet Service Providers, and the clients sending queries to them are located on remote networks. Note that some operators of closed public resolvers may also offer a free tier service, which also makes them open public resolvers.

  • Authoritative DNS operators of critical zones

  • Authoritative DNS operators of other (SLD) zones

  • Recursive DNS operators 

  • Operators of Private Resolvers

  • Operators of Shared Private Resolvers

    • Operators of Public Resolvers