Lame DNS Server Sweeping

Slides:

Advertisements

Similar presentations

1 Deprecation of ip6.int reverse DNS service in APNIC Project update IPv6 technical SIG, APNIC 21 1 March 2006 Sanjaya.

Advertisements

1 Addition of IPv6 servers to in-addr.arpa tree DNS Operations Sig APNIC 18 2 September 2004, Fiji.

Sweeping lame DNS reverse delegations APNIC16 – DNS Operations SIG Seoul, Korea, 20 August 2003.

1 prop-018-v001 Protecting historical records in the APNIC Whois Database Project Update DB SIG APNIC18 2 September 2004 Nadi, Fiji Sanjaya, Project Manager,

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.

Implementing Domain Name System

Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.

The new APNIC DNS generation system. Previous System Direct access to backend whois.db files – Constructed radix tree in memory from domain objects –

1 [prop-038] Proposal to amend APNIC Lame DNS reverse delegation policy Policy SIG 7 Sep 2006 APNIC 22, Kaohsiung, Taiwan Terry Manderson.

Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.

Impact of Configuration Errors on DNS Robustness Vasileios Pappas, Zhiguo Xu, Songwu Lu, Daniel Massey, Andreas Terzis, Lixia Zhang SIGCOMM 2004 Presented.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

Domain Name Services Oakton Community College CIS 238.

1 APNIC reverse DNS management roadmap DNS operations SIG, APNIC 21 2 March 2006.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 7: Domain Name System.

Module 5: Planning a DNS Strategy. Overview Planning DNS Servers Planning a Namespace Planning Zones Planning Zone Replication and Delegation Integrating.

Taiwan Network Information Center Introduction to TWNIC RMS (Resource Management System) 15 th APNIC NIR Meeting David Chen Feb 26,

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 6: Name Resolution.

Regional Internet Registries Statistics & Activities IETF 55 Atlanta Prepared By APNIC, ARIN, LACNIC, RIPE NCC.

Status report on Lame Delegations (work in progress) George Michaelson DB SIG APNIC17/APRICOT 2004 Feb KL, Malaysia.

18th APNIC Open Policy Meeting SIG: DB Thursday 2 September 2004 Nadi, Fiji Chair: Xing Li.

APNIC Status Report ARIN X Eugene, Oregon Oct 30-Nov 1, 2002.

11 December, th IETF, AAA WG1 AAA Proxies draft-ietf-aaa-proxies-01.txt David Mitton.

Sweeping Lame DNS Delegations A Proposal DNS OPS SIG APNIC 15, Taipei, Taiwan 26 February 2003.

Whois Domain Object Authorisation APNIC18 – DB SIG Nadi, Fiji 2 September 2004.

APNIC Report RIPE 43 Rhodes, Greece 9-13 September 2002.

Services Area Report Sanjaya Services Area Manager.

IP Addressing and ICT Development in the Pacific Islands Anne Lord and Save Vocea, APNIC ICT Workshop, Fiji, November, 2002.

Publishing zone scan data using an open data portal Sebastian Castro OARC Workshop Montreal – Oct 2015.

1 Lame delegation status report DNS Operations SIG APNIC , Hanoi.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Address Policy Meeting APNIC Reverse DNS October 26th, Brisbane Bruce.

DNS Security Risks Section 0x02. Joke/Cool thing traceroute traceroute c

1 DNS Operations SIG Report Joe Abley, ISC APNIC 18 Nadi, Fiji, September 2004.

DNS and Inbound Load Balancing

Implementation Of Lame Delegation Policy

Ip addressing: dhcp & dns

Understand Names Resolution

Module 3: Enabling Access to Internet Resources

Module 5: Resolving Host Names by Using Domain Name System (DNS)

Regional Internet Registries An Overview

Database backed DNS.

Domain Name System (DNS)

Implementation of ARIN's Lame DNS Delegation Policy

IMPLEMENTING NAME RESOLUTION USING DNS

Research & Liaison Officer (Pacific)

A proposal to deprecate ip6.int reverse DNS service in APNIC

A Study of DNS Lameness by Ed Lewis ARIN Research Engineer

Legacy Resources in the Research & Education Community

APNIC Open Policy Meeting

Net 323 D: Networks Protocols

Subject Name: Computer Communication Networks Subject Code: 10EC71

ROUND ROBIN DNS Round robin DNS is usually used for balancing the load of geographically distributed Web servers. For example, a company has one domain.

Lame delegation status report

A Proposal for IPv4 Essential Infrastructure

Status report on primary and secondary DNS load

Sanjaya, Project Manager, APNIC Secretariat

DNS: Domain Name System

News from APNIC ARIN XXII 16 October 2008.

DNS Operations SIG Feb APNIC19, Kyoto, Japan

COMPUTER NETWORKS PRESENTATION

MyAPNIC Project Update

Windows Name Resolution

Designing IIS Security (IIS – Internet Information Service)

Computer Networks Presentation

AMM APNIC 15, Taipei, Taiwan 28 Feb 2003

Proposal to Clean Up Whois Database

Status Report on Policy Implementation at the APNIC Secretariat

Status Report on Policy Implementation at the APNIC Secretariat

Status on “Proposal for the whois database query”

Earning to be Trusted Advisor

Presentation transcript:

Lame DNS Server Sweeping DNS Operations Sig APNIC 18 2 September 2004, Fiji

Lame DNS reverse delegations can cause problems across the Internet: Problem Summary Lame DNS reverse delegations can cause problems across the Internet: Delays in service binding for clients using affected address ranges: Timeouts in reverse-address lookup Receiving party tries to resolve the calling source address. Refusal of service due to failures during DNS processing

Problem Summary Increased DNS traffic between caching DNS nameservers and the listed DNS authority chain down from the root Processing requests which can only fail after timeout Measurable load on critical Infrastructure The RIRs have been requested to investigate and reduce this traffic

Problem Summary Lame DNS reverse delegations affect The users of the network in question Unrelated third parties End users cannot resolve problem directly Due to hierarchical nature of authoritative delegation If the network administrators do not correct errors in their DNS configurations RIR has to resume control of the delegated domain pending the delegate resuming control disable the listing of the misconfigured servers

Adopted proposal (from AMM16/17) Identify potential lameness two points of test, AU & JP Test the DNS reverse delegation 15 day test period Attempt to notify the domain holder 45 day notice period Disable lame DNS reverse delegation If not corrected at end of notice period

Project Deliverables Web based tools to support maintenance of Reverse DNS Implemented in MyAPNIC, in deployment SQL based engine backing DNS Implemented, in testing presented in database sig Integrated data management lame status checking, de-listing functions Will interoperate with new DNS generation system Support systems for APNIC staff In early design phases Contact scheduling system for HM dept Service delivery expected in 4Q04

Current status of listed NS in DB Total NS Disabled by Domain Admin (for future services) Live NS 168,042 61,963 domains In 15 day period 12,471 9,571 domains In 45 day period 11,544 6,982 domains Disabled by APNIC Will increase when policy goes live

LAME-ness summary lame nameservers = 24,015 (12.180%) Many unstable (flapping) rather than persistently lame Noted ‘aggregation’ towards a top-10 list of NS which serve many domains Likely to be initial contact list for Hostmasters Privacy issues prevent listing on web Focus on communication with lame domain admin directly via email, phone etc

Questions Thank You !