DRAFT: Measuring and Reporting on Reverse Tree DNS Lameness in the RIPE NCC Service Region.
Background:
IPv4 | IPv6 | ||
62.in-addr.arpa 80.in-addr.arpa 81.in-addr.arpa 82.in-addr.arpa 83.in-addr.arpa 84.in-addr.arpa 85.in-addr.arpa 86.in-addr.arpa 87.in-addr.arpa 88.in-addr.arpa 89.in-addr.arpa 90.in-addr.arpa |
91.in-addr.arpa 141.in-addr.arpa 145.in-addr.arpa 151.in-addr.arpa 188.in-addr.arpa 193.in-addr.arpa 194.in-addr.arpa 195.in-addr.arpa 212.in-addr.arpa 213.in-addr.arpa 217.in-addr.arpa |
a.0.1.0.0.2.ip6.arpa a.1.1.0.0.2.ip6.arpa a.4.1.0.0.2.ip6.arpa b.0.1.0.0.2.ip6.arpa b.1.1.0.0.2.ip6.arpa b.4.1.0.0.2.ip6.arpa c.4.1.0.0.2.ip6.arpa d.4.1.0.0.2.ip6.arpa 0.a.2.ip6.arpa 4.1.1.0.0.2.ip6.arpa 5.1.1.0.0.2.ip6.arpa 6.0.1.0.0.2.ip6.arpa |
6.1.1.0.0.2.ip6.arpa 7.0.1.0.0.2.ip6.arpa 7.1.1.0.0.2.ip6.arpa 8.0.1.0.0.2.ip6.arpa 9.0.1.0.0.2.ip6.arpa |
- This table includes those parts of Early Registration Transfer (ERX) space that are under the control of the RIPE NCC.
- ERX was a project to take IP allocations made before the RIR System started and move them into management by Regional Internet Registries.
The RIPE NCC provides DNS delegations within these zones for IP address ranges allocated to network operators. For further details see:
http://www.ripe.net/data-tools/dns/reverse-dns
A survey carried out in March 2006 revealed that around 11-13% of the nameservers listed in the delegations are 'lame', meaning they are not responding correctly.
Definition of Lameness
There are several definitions of lameness available. However, within the context of this document and these checks, a server will be regarded as lame if it does not satisfy the following test:
- The target of an NS RR must resolve into at least one address record RR (A or AAAA RR).
- A standard DNS UDP query with RD=0 for an SOA RR in the IN class, with QNAME=zonename, must result in an authoritative response, sent from the same address the queries were targeted at with a single SOA RR for the QNAME in the answer section.
- This testing will be network layer protocol independent.
If a server fails this test it will be retried five times over a period of ten days (at varying times of day). After this time, it will be classed as lame.
- In the case of multihomed servers with multiple A (or AAAA) records, repeated failure of any of the designated A records will result in the server being classed as lame.
- In the case of anycasted servers, only the server visible from the RIPE NCC premises in Amsterdam will be tested. If this project is successful, we may expand this test to cover different areas.
Lameness Checking and Reporting
The RIPE NCC will run a lameness check once each month against all DNS servers listed as delegation points within the RIPE NCC delegated zones.
- Lameness will be checked over both IPv4 and IPv6, but reported separately.
- Following the completion of this check, we will send an e-mail (via SOA RNAME) to all operators with servers reported as lame.
- We will send an email to the maintainer listed for the domain object in the RIPE Database.
- We will send just one email for each lame server.
- We will publish details and statistics of lameness levels on www.ripe.net.
- We will periodically assess the effectiveness of these efforts by reviewing the published statistics.
Interaction with ns.ripe.net
- As the server ns.ripe.net is a delegation target for all /16 IPv4 reverse delegations, we will check all of its zones automatically.
- We will further investigate all zones reported as lame on this server to determine why and resolve the problem as soon as is possible, although this may also involve contact with third parties.
Email to Maintainers
The sample text of the alert email that we will send to operators with servers reported as lame:
Dear administrator of [server name]
According to checks made on [date], your server, [server name],
was lame for the following zone(s):
[zonelist]
For information about the checks that we made on your zone(s), please see:
http://www.ripe.net/ripe/draft-documents/dns-lameness.html