[mat-wg] NSID option on the RIPE Atlas SOA measurements of the root servers
- Previous message (by thread): [mat-wg] NSID option on the RIPE Atlas SOA measurements of the root servers
- Next message (by thread): [mat-wg] New on RIPE Labs: Public Policy Demands Better Statistics
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Andrea Barberio
insomniac at slackware.it
Mon Jul 24 19:57:21 CEST 2017
On Thu, Jul 20, 2017 at 02:20:39PM +0200, Chris Amin <camin at ripe.net> wrote a message of 90 lines which said: >> it would be useful to have SOA queries from all probes with the NSID >> EDNS option set, in order to be able to match up responses with the >> particular responding instances > It is also useful to detect rogue root name servers (quite common with > anycast) or transparent DNS proxies. (Measurement #9209448 finds > several probes asking a rogue L-root, which has no NSID support, or > located behind a middlebox which strips NSID. Check probes > 23621,19770, 24890, 26328, 27059, 27080, 27843, 33806, 21570,14272, > 13660, 17775, 17841, 26587, 30847, 11410, 23438, 29814, 13719, 21140, > 25189, 25197. For some, the SOA serial number is so old that it is > probably a rogue root name server. Also, one probe, 28846, finds a > server replying with an abnormal NSID, which is not the normal from > L-root.) I also find useful to match id.server./hostname.bind. queries against the NSID results (à-la-nsidenumerator, see flag --id-server, https://github.com/insomniacslk/nsidenumerator )
- Previous message (by thread): [mat-wg] NSID option on the RIPE Atlas SOA measurements of the root servers
- Next message (by thread): [mat-wg] New on RIPE Labs: Public Policy Demands Better Statistics
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ mat-wg Archives ]