A Study of DNS Lameness by Ed Lewis ARIN Research Engineer

Slides:

Advertisements

Similar presentations

Reverse DNS SIG Summary Report APNIC Annual Member Meeting Bangkok, March

Advertisements

Review iClickers. Ch 1: The Importance of DNS Security.

1 Addition of IPv6 servers to in-addr.arpa tree DNS Operations Sig APNIC 18 2 September 2004, Fiji.

State of DNS Security Extensions Edward Lewis February 26, 2001 APRICOT 2001 Panel.

Sweeping lame DNS reverse delegations APNIC16 – DNS Operations SIG Seoul, Korea, 20 August 2003.

Domain Name System (DNS) Network Information Center (NIC) : HOSTS.TXT.

1 [prop-038] Proposal to amend APNIC Lame DNS reverse delegation policy Policy SIG 7 Sep 2006 APNIC 22, Kaohsiung, Taiwan Terry Manderson.

A Study of DNS Lameness Edward Lewis. July 14, 2002 IETF 54 Slide 2 Agenda Lameness Why (Surprise:) Spotty(?) results Approach Plans.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

LAME – Next Steps Mark Kosters, CTO. Delegations tested daily until test good or removed If still lame after 30 consecutive days of testing, POCs notified.

CSE 461 Section (Week 0x02). Port numbers for applications MAC addresses for hardware IP addresses for a way to send data in a smart, routable way.

Chabot College ELEC Name Resolution.

Providing A Subset of Whois Data Via DNS Shuang Zhu Xing Li CERNET Center.

Global Registry Services com/net/org Registry Update for NANOG24 Matt Larson VeriSign Global Registry Services.

Test cases for domain checks – a step towards a best practice Mats Dufberg,.SE Sandoche Balakrichenan, AFNIC.

Objectives  Basic Introduction to DNS  Purpose of Domain Naming  DNS Features: Global Distribution  Fully Qualified Domain Name  DNS Lookup Types.

Chapter 13 Microsoft DNS Server n DNS server: A Microsoft service that resolves computer names to IP addresses, such as resolving the computer name Brown.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 6: Name Resolution.

ARIN Update Ray Plzak President & CEO. Kitakyushu September 2002APNIC 14 Overview Membership Organization News Emerging RIR Activities ARIN IX ARIN X.

DHCPv6 Redundancy Considerations Redundancy Proposals in RFC 6853.

Karrenberg et. Al.. RIPE 43, September 2002, Ρόδος. DISTEL Domain Name Server Testing Lab Daniel Karrenberg with Alexis Yushin, Ted.

Configuring Name Resolution and Additional Services Lesson 12.

Domain Name System (DNS). DNS Server Service Overview of Domain Name System What Is a Domain Namespace? Standards for DNS Naming.

Networks Computer Technology Day 17. Network  Two or more computers and other devices (printers or scanners) that are connected, for the purpose of sharing.

AU, March 2, DNSSEC, APNIC, & how EPP might play a Role Ed Lewis DNS SIG APNIC 21.

* Agenda  What is the DNS ?  Poisoning the cache  Short term solution  Long term solution.

DNS DNS overview DNS operation DNS zones. DNS Overview Name to IP address lookup service based on Domain Names Some DNS servers hold name and address.

Happy Eyeballs for the DNS Geoff Huston, George Michaelson APNIC Labs October 2015.

DNS Security 1. Fundamental Problems of Network Security Internet was designed without security in mind –Initial design focused more on how to make it.

Early Registration Record Transfers Richard Jimmerson Director of Operations APNIC 11Kuala Lumpur.

APNIC LAME NS measurements. Overview Methodology Initial outcomes from 128 days runtime How bad is the problem? LAME-ness trends Proposals for dealing.

Aug 2008 KRNIC of NIDA KRNIC Updates.

WHAT IS DNS??????????.

So DNS is A client-server application that maps domain names into their corresponding IP addresses with the help of name servers. Mapping domain names.

Basics of the Domain Name System (DNS) By : AMMY- DRISS Mohamed Amine KADDARI Zakaria MAHMOUDI Soufiane Oujda Med I University National College of Applied.

Short Intro to DNS (part of Tirgul 9) Nir Gazit. What is DNS? DNS = Domain Name System. For translation of host names to IPs. A Distributed Database System.

AfNOG-2003 Domain Name System (DNS) Ayitey Bulley Setting up an Authoritative Name Server.

System Administration(SAD622S) Name of Presenter: Shadreck Chitauro Lecturer 18 July 2016 Faculty of Computing and Informatics.

DNS and Inbound Load Balancing

Implementation Of Lame Delegation Policy

Understand Names Resolution

Domain Name System (DNS)

Networking Applications

Domain Name System (DNS)

Delegated RPKI / ARIN Command Line

Module 5: Resolving Host Names by Using Domain Name System (DNS)

Regional Internet Registries An Overview

Implementation of ARIN's Lame DNS Delegation Policy

IMPLEMENTING NAME RESOLUTION USING DNS

Benefits of Using Domain Name System (DNS)

Teemu Savolainen (Nokia) MIF WG IETF#75 28-July-2009

Networking Applications

A proposal to deprecate ip6.int reverse DNS service in APNIC

Partnership of Governments, Businesses and Civil Society: the ICANN example in coordinating resources and policy making Dr. Olivier MJ Crépin-Leblond

Lame DNS Server Sweeping

APNIC Open Policy Meeting

Internet: Names and Addresses

NET 536 Network Security Lecture 8: DNS Security

ICANN/IANA Update at APNIC 29

Status report on primary and secondary DNS load

IPv6 Unique Local Addresses Report on IETF Activity

Status Update Presented By Ray Plzak On Behalf Of AfriNIC.

DNS Operations SIG APNIC , Kyoto

IPv6 Allocation Service in JPNIC

Windows Name Resolution

AMM APNIC 15, Taipei, Taiwan 28 Feb 2003

APNIC Member Meeting APNIC16 Seoul, Korea

What part of “NO” is so hard for the DNS to understand?

CS2911 Week 5, Class 3 Today Next Class: DNS – Domain Name Service

Presentation transcript:

A Study of DNS Lameness by Ed Lewis ARIN Research Engineer Presented by Ray Plzak President

Agenda Definition Purpose Results September 2002 APNIC 14

Definitions Lameness is – an NS RR That Lameness might happen if: Contains no address record(s) Does not respond to queries Responds negatively for the zone Lameness might happen if: Domain name has multiple addresses Server responds non-authoritatively (recursively) September 2002 APNIC 14

Why Bother? ARIN membership raised the issue of cleaning this up Lame delegations cause Application Failure Service Delay Lame delegations can be limited easily Intermittent network problems make it infeasible to eliminate it completely September 2002 APNIC 14

Reverse Map This effort is targeted at ARIN's reverse map delegations ARIN's /8's Legacy /8's Not all /8's - not RIPE NCC, not APNIC Dependencies are simplifying assumptions about the parsing of the zone files summary output breaks results into /16's and /24's September 2002 APNIC 14

Early results Remember, this is not all of in-addr.arpa... As of July 2002 Number of NS RR's 548,667 Number of zones 231,240 Number of name server names 25,047 Number of IP unique addresses 21,846 September 2002 APNIC 14

per Zone demographics Servers per zone - max 7, avg 2.37 Addresses per zone - max 26, avg 2.32 Zones with no addresses 3,062 Zones with one address 7,365 All zones have multiple NS RR's Some lacked glue for one Some had two names with identical glue Some duplicates slipped through September 2002 APNIC 14

per Name Server Zones - max 5772, avg 21.9 No address - 3,178 Multiple addresses - 219 Addresses - max 24, avg not counted Longest name 41 chars September 2002 APNIC 14

per IP Zones - max 5772, avg 24.6 Addresses with multiple domain names pointing to them - 291 Max number of domain names pointing to an address - 9 PTR records not checked September 2002 APNIC 14

Counting By Zones Condition % Comment No IP address 1 Unreachable One IP address 3 Multi Address 95 “the requirement” No Working 38 Zone not reachable One Working 10 Multi Working 52 No Broken 49 “perfect zones” Some Broken 13 Notes "No working" – Never a reply "No broken" – All servers good "Some broken“ – Some lameness September 2002 APNIC 14

Next steps Measure number of faulty NS RRs Distribute and run from different locations Correlate results from different network locations Present observations to membership Investigate the use of this data September 2002 APNIC 14

Thank You September 2002 APNIC 14