Sweeping lame DNS reverse Delegations

50 %
50 %
Information about Sweeping lame DNS reverse Delegations

Published on November 6, 2008

Author: aSGuest2710

Source: authorstream.com

Sweeping lame DNS reverse delegations : Sweeping lame DNS reverse delegations APNIC16 – DNS Operations SIG Seoul, Korea, 20 August 2003 Overview : Overview Amended proposal from AMM15 Referred back to SIG-DNS list for discussion at AMM 16. Outcomes: Adopted more ARIN-like communications processes Clearer definition of applicable problems in state of delegated NS Refined process to deal with specific lame NS Definitions : Definitions DNS delegations are lame if: Some or all of the registered DNS ns are: Unreachable Badly configured. Registered DNS NS are the NS defined at the delegation point. In the case of Reverse-DNS for IPv4 and Ipv6 number ranges APNIC allocates, APNIC or another RIR is the delegation point. Lame DNS conditions : Lame DNS conditions Problem Summary : Problem Summary Lame DNS reverse delegations can cause problems across the Internet: Delays in service binding for clients using affected address ranges: timeouts in reverse-address lookup Eg receiving party tries to resolve the calling source address. Refusal of service due to failures during DNS processing. Problem Summary : Problem Summary Increased DNS traffic between caching DNS nameservers and the listed DNS authority chain down from the root Processing requests which can only fail after timeout. Measurable load on critical Infrastructure The RIRs have been requested to investigate and reduce this traffic. Problem Summary : Problem Summary Lame DNS reverse delegations affect The users of the network in question. Unrelated third parties. End users cannot resolve problem directly Due to hierarchical nature of authoritative delegation. If the network administrators do not correct errors in their DNS configurations RIR has to resume control of the delegated domain (pending delegate resuming control) disable the listing of the misconfigured servers. Proposal : Proposal Identify potential lameness. (two points of test, AU & JP) Test the DNS reverse delegation (15 day test period). Attempt to notify the domain holder (45 day notice period). Disable lame DNS reverse delegation. (If not corrected at end of notice period) Identify potential lameness : Identify potential lameness Modified process based on scripts used for current statistical measurement exercise Run independently in Japan and Australia Mark each delegated NS separately for status Collate state at HQ nightly to compute aggregated lameness state (pass/fail value, not lame at either location == pass) Prevents single-point failure in test Test the DNS reverse delegation : Test the DNS reverse delegation 15 day test period Must be consistently lame for entire period. Can expose state on website. NS listing status is globally visible anyway in DNS Attempt to notify the domain holder : Attempt to notify the domain holder 45 day contact period Contact administrators of domain If unresponsive contact administrators of parent zone (either domain or inetnum) Use all available methods Email, Fax, Phone Disable lame DNS reverse delegation : Disable lame DNS reverse delegation Only if domain remains lame during contact period (even if contact successful) Disable by marker in domain: object in whois Disables only the ‘bad’ NS If all NS bad, sub-domain is withdrawn from DNS : If all NS bad, sub-domain is withdrawn from DNS (APNIC will return NXDOMAIN) While disabled, monthly reminders emailed Re-enabling possible at any time by maintainer of domain: object acting: remove marker(s) via normal whois update DNS update will apply within 2 hours. Disabled domains will be clearly identifiable As will disabled NS inside functional domains Implementation : Implementation This proposal will be implemented three months after it has been accepted by the APNIC community. Extend current lame measurement to JP location Implement decision logic for status checks Implement communications process to delegates Code disable function into DNS production cycle Collect statistics on process for report back to DNS Ops SIG, other bodies Questions? Feedback? : Questions? Feedback?

Add a comment

Related presentations

Related pages

Lame DNS Reverse Delegation | APNIC

DNS reverse delegations are considered lame if some or all of the registered DNS nameservers are ... Upon identification of a lame delegation, ...
Read more

Lame delegation test | APNIC

Access to reverse DNS; Lame DNS Reverse Delegation. APNIC's operational response; Lame delegation test; DNSSEC; Unused space recovery; ... Lame delegation ...
Read more

[sig-dns]Revised Policy Proposal: Lame DNS - Home | APNIC

[sig-dns]Revised Policy Proposal: Lame DNS. To: sig-dns ... ----- A proposal for sweeping lame DNS reverse delegations Proposed by: APNIC ...
Read more

Delegating zones: Domain Name System(DNS)

... Windows Server 2003, ... DNS provides the option of dividing up the ... you will need delegation records in other zones that point to the ...
Read more

Create a zone delegation: Domain Name System(DNS)

Create a zone delegation. Updated: January 21, 2005. Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1 ...
Read more

How do I get reverse DNS for my IP addresses delegated to ...

... then the reverse DNS sub-delegation uses a slightly ... so it is very important that you setup your reverse zone on your DNS server with ...
Read more

networking - What is DNS Delegation? - Server Fault

With DNS delegation, ... blocking the work, you will not have working DNS and the delegation breaks. ... ipv6 reverse DNS delegation.
Read more

Lame delegation - Wikipedia, the free encyclopedia

Lame delegation. This article is an orphan, as no other articles link to it. Please introduce links to this page from ; try the Find link tool for ...
Read more

DNS Questions & Answers - Men & Mice | First choice in IP ...

... use reverse DNS information to access my ... What are reverse (PTR) records? ... cache.example.net logs a lame delegation from ns2.example.com ...
Read more

Presentation "1 [prop-038] Proposal to amend APNIC Lame ...

... Proposal to amend APNIC Lame DNS reverse delegation policy Policy SIG 7 Sep 2006 APNIC 22, Kaohsiung, Taiwan Terry Manderson. SlidePlayer. Search;
Read more