About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: [dns-wg] DNS Lameness Checking Proposal

  • To: "Brett Carr" brettcarr@localhost
  • From: Edward Lewis <Ed.Lewis@localhost
  • Date: Tue, 8 Aug 2006 14:20:36 -0400
At 3:37 PM +0200 8/8/06, Brett Carr wrote:

As per the dns-wg Action point 52.3 from RIPE 52

"post questions and proposal to wg mailing list on how to deal with lame
delegations when either the NCC is responsible for maintaining the parent or
for running a (secondary) server for the child that is or is about to become
delegated lame due to an unavailable *xfr source."

Please find attached "dnslamecheckAug2006.txt" a proposal on how the RIPE
NCC should test for lameness and what the resulting actions could be.

Your feedback and discussion on this proposal is welcomed.


I can't resist dwelling in lameness.

I'll throw out a few ideas at a non-detail level.
One is that I'd like to see a plan to measure the success of the efforts. More or less, how big is the problem and what dent is being made. This will help decide if the work is worth the payoff.
Two is to clear up "one email per server." The average number of zones per server is higher in the reverse space than forward space (a /20 translates into a bunch of /24's). I think you should look at what you want to present to an admin from their point of view. Not just for their benefit, but also to make interactions more manageable for you.
I think is it beneficial to just observe and report lameness, maybe there's no need to remove lame delegations for this to have a benefit. I don't see any mention of what the plan is for zones that remain lame. Do you just want to let them be, or do you want to "enforce" non-lameness?
Three is remove any specificity about "A or AAAA" - just call them address records. And make it clear that the testing is network-layer protocol independent.
Four is what do you do about failed lookups of address records for name servers? Like, no response as opposed to NXDOMAIN? Without an IP address, you may still have to track a lame NS record, as opposed to a lame NS-A[AAA] combination.
Five, what about anycasted servers? It's possible that a zone may have no available servers in some regions (because of routing effects), but be okay in other locations. Will all testing be done from one location? 
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                                +1-571-434-5468
NeuStar

Soccer/Futbol. IPv6.  Both have lots of 1's and 0's and have a hard time
catching on in North America.
Post To The List:

Replies

Message References

<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | © RIPE Community. All rights reserved.
RIPE.NET Homepage LIR Portal RIPE Community