[dns-wg] DNS Misbehavior Doc
- Previous message (by thread): [dns-wg] DNS Misbehavior Doc
- Next message (by thread): [dns-wg] Announcement DNS Training Course
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Peter Koch
pk at DENIC.DE
Tue Feb 21 19:39:34 CET 2006
On Mon, Feb 06, 2006 at 09:14:46PM +0000, David Malone wrote: > Do people think this is worth perusing as a RIPE document? Is the > related issues section useful? Are the comments on testing useful? Thanks, David, for posting this summary. Together with the IPJ article this gives a good overview of the problem and its development over time. > Simple testing can be conducted by making a query for a AAAA record > using a tool such as dig. Supposing that the server has IP 192.0.2.1 > and is to serve the domain example.com, queries such as the following > should be made: > > dig AAAA exists.example.com @192.0.2.1 > dig AAAA does-not-exist.example.com @192.0.2.1 > dig AAAA www.subdomain.example.com @192.0.2.1 Might want to add "+norec" to the options list. > In each case the server should return the correct number of AAAA > records (0 if there are none) and a status of NOERROR. Even if the Would the "speaking names" above indicate that just the AAAA does not exist, but the name does? > This tool can detect some of the most common problems given > a domain name. You might want to inspect the additional section. There's one implementation that puts an A RR into the additional section whenever you ask for AAAA or A6, another one rewrites A6 queries to ANY queries. Would it be possible to publish the script? > It is also possible to automatically produce lists of names and > nameservers that exhibit these problems. Clearly it is possible to > automatically mail hostmaters or to publish "hall of shame" lists > based on such data. It is unclear if such actions would achieve any > useful effect, as service maintainers are usually primarily concerned > about complaints directly from paying users! Agreed, we might want to drop this option. > 5. Related Issues > 5.1 A6 Records > 5.2 ip6.int vs. ip6.arpa > 5.3 Resolver Issues Personally I'd not touch these here or at most by reference. The ip6.int vs. ip6.arpa will appear on our agenda in the near future anyway. -Peter
- Previous message (by thread): [dns-wg] DNS Misbehavior Doc
- Next message (by thread): [dns-wg] Announcement DNS Training Course
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]