Lame DNS Server Sweeping

Slides:



Advertisements
Similar presentations
1 Deprecation of ip6.int reverse DNS service in APNIC Project update IPv6 technical SIG, APNIC 21 1 March 2006 Sanjaya.
Advertisements

1 Addition of IPv6 servers to in-addr.arpa tree DNS Operations Sig APNIC 18 2 September 2004, Fiji.
Sweeping lame DNS reverse delegations APNIC16 – DNS Operations SIG Seoul, Korea, 20 August 2003.
1 prop-018-v001 Protecting historical records in the APNIC Whois Database Project Update DB SIG APNIC18 2 September 2004 Nadi, Fiji Sanjaya, Project Manager,
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
Implementing Domain Name System
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
The new APNIC DNS generation system. Previous System Direct access to backend whois.db files – Constructed radix tree in memory from domain objects –
1 [prop-038] Proposal to amend APNIC Lame DNS reverse delegation policy Policy SIG 7 Sep 2006 APNIC 22, Kaohsiung, Taiwan Terry Manderson.
Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.
Impact of Configuration Errors on DNS Robustness Vasileios Pappas, Zhiguo Xu, Songwu Lu, Daniel Massey, Andreas Terzis, Lixia Zhang SIGCOMM 2004 Presented.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
Domain Name Services Oakton Community College CIS 238.
1 APNIC reverse DNS management roadmap DNS operations SIG, APNIC 21 2 March 2006.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 7: Domain Name System.
Module 5: Planning a DNS Strategy. Overview Planning DNS Servers Planning a Namespace Planning Zones Planning Zone Replication and Delegation Integrating.
Taiwan Network Information Center Introduction to TWNIC RMS (Resource Management System) 15 th APNIC NIR Meeting David Chen Feb 26,
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 6: Name Resolution.
Regional Internet Registries Statistics & Activities IETF 55 Atlanta Prepared By APNIC, ARIN, LACNIC, RIPE NCC.
Status report on Lame Delegations (work in progress) George Michaelson DB SIG APNIC17/APRICOT 2004 Feb KL, Malaysia.
18th APNIC Open Policy Meeting SIG: DB Thursday 2 September 2004 Nadi, Fiji Chair: Xing Li.
APNIC Status Report ARIN X Eugene, Oregon Oct 30-Nov 1, 2002.
11 December, th IETF, AAA WG1 AAA Proxies draft-ietf-aaa-proxies-01.txt David Mitton.
Sweeping Lame DNS Delegations A Proposal DNS OPS SIG APNIC 15, Taipei, Taiwan 26 February 2003.
Whois Domain Object Authorisation APNIC18 – DB SIG Nadi, Fiji 2 September 2004.
APNIC Report RIPE 43 Rhodes, Greece 9-13 September 2002.
Services Area Report Sanjaya Services Area Manager.
IP Addressing and ICT Development in the Pacific Islands Anne Lord and Save Vocea, APNIC ICT Workshop, Fiji, November, 2002.
Publishing zone scan data using an open data portal Sebastian Castro OARC Workshop Montreal – Oct 2015.
1 Lame delegation status report DNS Operations SIG APNIC , Hanoi.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Address Policy Meeting APNIC Reverse DNS October 26th, Brisbane Bruce.
DNS Security Risks Section 0x02. Joke/Cool thing traceroute traceroute c
1 DNS Operations SIG Report Joe Abley, ISC APNIC 18 Nadi, Fiji, September 2004.
DNS and Inbound Load Balancing
Implementation Of Lame Delegation Policy
Ip addressing: dhcp & dns
Understand Names Resolution
Module 3: Enabling Access to Internet Resources
Module 5: Resolving Host Names by Using Domain Name System (DNS)
Regional Internet Registries An Overview
Database backed DNS.
Domain Name System (DNS)
Implementation of ARIN's Lame DNS Delegation Policy
IMPLEMENTING NAME RESOLUTION USING DNS
Research & Liaison Officer (Pacific)
A proposal to deprecate ip6.int reverse DNS service in APNIC
A Study of DNS Lameness by Ed Lewis ARIN Research Engineer
Legacy Resources in the Research & Education Community
APNIC Open Policy Meeting
Net 323 D: Networks Protocols
Subject Name: Computer Communication Networks Subject Code: 10EC71
ROUND ROBIN DNS Round robin DNS is usually used for balancing the load of geographically distributed Web servers. For example, a company has one domain.
Lame delegation status report
A Proposal for IPv4 Essential Infrastructure
Status report on primary and secondary DNS load
Sanjaya, Project Manager, APNIC Secretariat
DNS: Domain Name System
News from APNIC ARIN XXII 16 October 2008.
DNS Operations SIG Feb APNIC19, Kyoto, Japan
COMPUTER NETWORKS PRESENTATION
MyAPNIC Project Update
Windows Name Resolution
Designing IIS Security (IIS – Internet Information Service)
Computer Networks Presentation
AMM APNIC 15, Taipei, Taiwan 28 Feb 2003
Proposal to Clean Up Whois Database
Status Report on Policy Implementation at the APNIC Secretariat
Status Report on Policy Implementation at the APNIC Secretariat
Status on “Proposal for the whois database query”
Earning to be Trusted Advisor
Presentation transcript:

Lame DNS Server Sweeping DNS Operations Sig APNIC 18 2 September 2004, Fiji

Lame DNS reverse delegations can cause problems across the Internet: Problem Summary Lame DNS reverse delegations can cause problems across the Internet: Delays in service binding for clients using affected address ranges: Timeouts in reverse-address lookup Receiving party tries to resolve the calling source address. Refusal of service due to failures during DNS processing

Problem Summary Increased DNS traffic between caching DNS nameservers and the listed DNS authority chain down from the root Processing requests which can only fail after timeout Measurable load on critical Infrastructure The RIRs have been requested to investigate and reduce this traffic

Problem Summary Lame DNS reverse delegations affect The users of the network in question Unrelated third parties End users cannot resolve problem directly Due to hierarchical nature of authoritative delegation If the network administrators do not correct errors in their DNS configurations RIR has to resume control of the delegated domain pending the delegate resuming control disable the listing of the misconfigured servers

Adopted proposal (from AMM16/17) Identify potential lameness two points of test, AU & JP Test the DNS reverse delegation 15 day test period Attempt to notify the domain holder 45 day notice period Disable lame DNS reverse delegation If not corrected at end of notice period

Project Deliverables Web based tools to support maintenance of Reverse DNS Implemented in MyAPNIC, in deployment SQL based engine backing DNS Implemented, in testing presented in database sig Integrated data management lame status checking, de-listing functions Will interoperate with new DNS generation system Support systems for APNIC staff In early design phases Contact scheduling system for HM dept Service delivery expected in 4Q04

Current status of listed NS in DB Total NS Disabled by Domain Admin (for future services) Live NS 168,042 61,963 domains In 15 day period 12,471 9,571 domains In 45 day period 11,544 6,982 domains Disabled by APNIC Will increase when policy goes live

LAME-ness summary lame nameservers = 24,015 (12.180%) Many unstable (flapping) rather than persistently lame Noted ‘aggregation’ towards a top-10 list of NS which serve many domains Likely to be initial contact list for Hostmasters Privacy issues prevent listing on web Focus on communication with lame domain admin directly via email, phone etc

Questions Thank You !