[dns-wg] DNS Lameness Checking Proposal
-
From: "Brett Carr" brettcarr@localhost
-
Date: Tue, 8 Aug 2006 15:37:13 +0200
As per the dns-wg Action point 52.3 from RIPE 52
"post questions and proposal to wg mailing list on how to deal with lame
delegations when either the NCC is responsible for maintaining the parent or
for running a (secondary) server for the child that is or is about to become
delegated lame due to an unavailable *xfr source."
Please find attached "dnslamecheckAug2006.txt" a proposal on how the RIPE
NCC should test for lameness and what the resulting actions could be.
Your feedback and discussion on this proposal is welcomed.
Brett Carr.
--
Brett Carr RIPE Network Coordination Centre
Systems Engineer -- Operations Group Amsterdam, Netherlands
GPG Key fingerprint = F20D B2A7 C91D E370 44CF F244 B6A1 EF48 E743 F7D8
**Measuring and Reporting on Reverse Tree DNS Lameness**
**in the RIPE NCC Service Region**
*Background*
The RIPE NCC has been delegated several /8 IPv4 and various length IPv6 reverse
zones by the Internet Assigned Numbers Authority (IANA).
The RIPE NCC provides Domain Name System (DNS) delegation within these
zones for IP address ranges allocated to network operators.
You can find details at: http://www.ripe.net/reverse
Initial investigations have revealed that as many as 13% of the name servers
listed in the delegations are not responding correctly. They are said to be 'lame'.
*Definition of Lameness*
Within the context of this document, a server is regarded as 'lame' if it does
not satisfy the following test:
The target of a name server Resource Record (RR) must resolve into at
least one A or AAAA RR.
A standard DNS User Datagram Protocol (UDP) query with the recursion
desired bit set to 0 (RD=0) must result in an authoritative response from the
target address. The answer section of the response must contain a single
Start of Authority (SOA) RR for the QNAME.
If a server fails this test, it will be retried five times over ten days
before it is deemed to be 'lame'.
In the case of multihomed servers with multiple A records, repeated
failure of any of the designated A records will result in the server
being considered 'lame'.
*Lameness Checking and Reporting*
We will run a lameness check once per month against all DNS servers listed
as delegation points within RIPE NCC delegated zones. We will check lameness
over both IPv4 and IPv6, but report it separately.
We will also check any Early Registration Transfer (ERX) space that is
under our control.
All operators with servers reported as 'lame' will be informed by e-mail.
We will send an e-mail to the maintainer listed for the domain object in
the RIPE Database. We will send one e-mail for each lame server.
We will publish details and statistics of lameness levels on our website.
*Interactions with ns.ripe.net*
As the server ns.ripe.net is a delegation target for all /16 IPv4 reverse delegations,
it will automatically be checked for all these zones. We will investigate all zones
reported as lame on this server and resolve the problem as soon as possible.
This may involve requesting assistance from third parties.
RIPE NCC Delegated Zones
IPv4 (including majority ERX)
141.in-addr.arpa
145.in-addr.arpa
151.in-addr.arpa
193.in-addr.arpa
194.in-addr.arpa
195.in-addr.arpa
62.in-addr.arpa
212.in-addr.arpa
213.in-addr.arpa
217.in-addr.arpa
80.in-addr.arpa
81.in-addr.arpa
82.in-addr.arpa
83.in-addr.arpa
84.in-addr.arpa
85.in-addr.arpa
86.in-addr.arpa
87.in-addr.arpa
88.in-addr.arpa
89.in-addr.arpa
90.in-addr.arpa
91.in-addr.arpa
188.in-addr.arpa
IPv6
1.0.a.2.ip6.arpa
6.0.1.0.0.2.ip6.arpa
7.0.1.0.0.2.ip6.arpa
8.0.1.0.0.2.ip6.arpa
9.0.1.0.0.2.ip6.arpa
a.0.1.0.0.2.ip6.arpa
b.0.1.0.0.2.ip6.arpa
4.1.1.0.0.2.ip6.arpa
5.1.1.0.0.2.ip6.arpa
6.1.1.0.0.2.ip6.arpa
7.1.1.0.0.2.ip6.arpa
a.1.1.0.0.2.ip6.arpa
b.1.1.0.0.2.ip6.arpa
a.4.1.0.0.2.ip6.arpa
b.4.1.0.0.2.ip6.arpa
c.4.1.0.0.2.ip6.arpa
d.4.1.0.0.2.ip6.arpa
|
you are here: RIPE -> RIPE Maillists > Archives
