New draft charter for the RIPE DNS WG
Brad Knowles brad.knowles at skynet.be
Fri Jul 12 15:57:15 CEST 2002
At 10:57 AM +0200 2002/07/12, Bruce Campbell wrote: > Reverse domains (weekly): > http://www.ripe.net/ripencc/pub-services/stats/revdns/index.html This is a start, but there's not enough information here. We see how many zones are "OK" vs. "not OK", but we don't see how many zones have problems like lame delegations, SOA serial number mis-matches, mis-matches in zone content even though the serial number is the same, which servers don't have proper reverse DNS set up for their IP address, what I like to call orphan delegations (where additional servers are listed as being authoritative within the zone but are not listed in the delegation data), etc.... No DNS debugging tool I know of catches all these problems, but we could work on that. We also don't see tests like which servers are public caching recursive nameservers, what versions of what nameservers are running (both by doing a version.bind query and by doing fingerprinting of the server) or otherwise exhibit behaviour that would be considered insecure. Moreover, while this information is being made publicly available, it does not appear that any pro-active use of this information is being made (i.e., e-mail messages being sent to the owners of the zone as well as the owners of the server(s) in question, etc...). Even if this deeper level of investigation & reporting were done for just the TLD zones that are in the geographical area belonging to RIPE, I think that this would be a very good thing. > Forward domains in the RIPE region (monthly): > http://www.ripe.net/ripencc/pub-services/stats/hostcount/index.html Again, there's just not enough detail here. -- Brad Knowles, <brad.knowles at skynet.be> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania.
[ dns-wg Archives ]