LAME – Next Steps Mark Kosters, CTO. Delegations tested daily until test good or removed If still lame after 30 consecutive days of testing, POCs notified.

Slides:

Advertisements

Similar presentations

LACNIC V – 18 / 20 november Havana, Cuba Monitoring Lame Delegations Frederico A C Neves.

Advertisements

1 Deprecation of ip6.int reverse DNS service in APNIC Project update IPv6 technical SIG, APNIC 21 1 March 2006 Sanjaya.

Sweeping lame DNS reverse delegations APNIC16 – DNS Operations SIG Seoul, Korea, 20 August 2003.

School of Electrical Engineering and Computer Science, 2004 Slide 1 Autonomic DNS Experiment Architecture, Symptom and Fault Identification.

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.

King of Limitations Present by: Ao-Jan Su. Accuracy? Accuracy depends on the distance of end hosts and their authoritative name servers. Not true for.

DNS Session 4: Delegation and reverse DNS Joe Abley AfNOG 2006 workshop.

DNS. DNS is a network service that enables clients to resolve names to IP address and vice-versa. Allows machines to be logically grouped by domain names.

1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.

The Domain Name System. CeylonLinux DNS concepts using BIND 2 Hostnames IP Addresses are great for computers –IP address includes information used for.

4.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

Domain Name System (DNS) Network Information Center (NIC) : HOSTS.TXT.

Recursive Server. Overview Recursive Service Root server list localhost in-addr.arpa named.conf.

1 [prop-038] Proposal to amend APNIC Lame DNS reverse delegation policy Policy SIG 7 Sep 2006 APNIC 22, Kaohsiung, Taiwan Terry Manderson.

A Study of DNS Lameness Edward Lewis. July 14, 2002 IETF 54 Slide 2 Agenda Lameness Why (Surprise:) Spotty(?) results Approach Plans.

The Domain Name System Unix System Administration Download PowerPoint Presentation.

The Domain Name System (DNS)

DNS Domain Name Service References: Wikipedia 1.

Domain Name Services Oakton Community College CIS 238.

Domain Name System (DNS) Ayitey Bulley Session-1: Fundamentals.

DNS. Introduction What is DNS? –Hierarchy or Tree –Dot used as a separator.

DNS and Active Directory Integration

Providing A Subset of Whois Data Via DNS Shuang Zhu Xing Li CERNET Center.

Global Registry Services com/net/org Registry Update for NANOG24 Matt Larson VeriSign Global Registry Services.

Test cases for domain checks – a step towards a best practice Mats Dufberg,.SE Sandoche Balakrichenan, AFNIC.

Shepherd’s Presentation Draft Policy Allocation of IPv4 and IPv6 Address Space to Out-of-region Requestors 59.

Chapter 17 Domain Name System

Draft Policy Allocation of IPv4 and IPv6 Address Space to Out-of-region Requestors 59.

11 y 12 Noviembre. México DF LACNIC III Inverse Resolution - proposal Frederico A C Neves.

Zone Properties. Zone Properties Continued Aging allows zone to remove “stale” or “old” records for clients who have not updated within a certain period.

October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.

Secured Dynamic Updates. Caution Portions of this slide set present features that do not appear in BIND until BIND 9.3 –Snapshot code is available for.

DNS Tunneling Mihir Nanavati & Long Zhang {mihirn, April 19th 2010.

How to configure DNS for a Windows 2000 domain? 1.Start the Install/Remove Programs Control Panel Applet (Start - Settings - Control Panel - Add/Remove.

Internet and Intranet Protocols and Applications Lecture 5 Application Protocols: DNS February 20, 2002 Joseph Conron Computer Science Department New York.

Module 2 Zone Files. Objective Understand the idea of a zone and how it relates to a domain name understand zone file structure Understand the major Resource.

1 Kyung Hee University Chapter 18 Domain Name System.

Configuring Name Resolution and Additional Services Lesson 12.

1 Domain Name System (DNS). 2 3 How DNS Works Application Transport Internet Network Application Transport Internet Network DNS Resolver Name Server.

Sweeping Lame DNS Delegations A Proposal DNS OPS SIG APNIC 15, Taipei, Taiwan 26 February 2003.

1 Discussion of the new DNS generation system DNS Operations SIG APNIC 18 2nd September 2004, Fiji.

* Agenda  What is the DNS ?  Poisoning the cache  Short term solution  Long term solution.

DNS DNS overview DNS operation DNS zones. DNS Overview Name to IP address lookup service based on Domain Names Some DNS servers hold name and address.

Draft Policy ARIN : Remove NRPM section 7.1.

DNS - BIND9 Přednášející Vaše jméno. Master and caching name server options { directory "/var/named"; allow-transfer {“none”;}; }; zone "." { type hint;

DNS Session 4: Delegation and Reverse DNS Joe Abley AfNOG 2012, Serekunda, The Gambia.

Configuration of Authoritative Nameservice AfCHIX 2011 Blantyre, Malawi (based on slides from Brian Candler for NSRC)

1 Lame delegation status report DNS Operations SIG APNIC , Hanoi.

Mark Kosters Engineering Status Report. Engineering Theme 2011 success was aided by contractors Lots of work yet to do (but a great deal now done) An.

AfNOG-2003 Domain Name System (DNS) Ayitey Bulley

1 CMPT 471 Networking II DNS © Janice Regan,

OPTION section It is the first section of the named.conf User can use only one option statement and many option-value pair under the section. Syntax is.

Ch 6: DNSSEC and Beyond Updated DNSSEC Objectives of DNSSEC Data origin authentication – Assurance that the requested data came from the genuine.

Domain Name System (DNS) Joe Abley AfNOG Workshop, AIS 2014, Djibouti Session-1: Fundamentals.

APNIC LAME NS measurements. Overview Methodology Initial outcomes from 128 days runtime How bad is the problem? LAME-ness trends Proposals for dealing.

DNS Removals - Changing a TLD server‘s address - Peter Koch OARC DNS Operational Meeting Ottawa, 25-SEP-2008.

Internet Naming Service: DNS* Chapter 5. The Name Space The name space is the structure of the DNS database –An inverted tree with the root node at the.

WHAT IS DNS??????????.

CS2910 Week 5, Class 1 Today Sit by someone you have not yet worked with Turn on your laptop and start Wireshark. DNS Next week Monday: Midterm Exam SE-2811.

AfNOG-2003 Domain Name System (DNS) Ayitey Bulley Setting up an Authoritative Name Server.

Draft Policy Compliance Requirement History 1.Origin: ARIN-prop-126 (Jan 2011) 2.AC Shepherds: Chris Grundemann, Owen DeLong 3.AC selected.

DNS Session 3: Configuration of Authoritative Nameservice Joe Abley AfNOG 2013, Lusaka, Zambia.

DNS and Inbound Load Balancing

Delegated RPKI / ARIN Command Line

DNS zones and resource records

Implementation of ARIN's Lame DNS Delegation Policy

IMPLEMENTING NAME RESOLUTION USING DNS

NIC Chile Secondary DNS Service History and Evolution

A Study of DNS Lameness by Ed Lewis ARIN Research Engineer

Custom Automated s: Transcripts Case Study bit.ly/nercomp_slate17

Presentation transcript:

LAME – Next Steps Mark Kosters, CTO

Delegations tested daily until test good or removed If still lame after 30 consecutive days of testing, POCs notified If still lame 30 days after initial notification, POCs notified again If still lame 30 days after second notification, delegation analyzed manually; name servers stripped if delegation determined to be inoperative Lame Delegation Process

How is “Lame” defined? – No A record for name server – The name server is unresponsive to queries (times out) – Name server doesn’t think it’s authoritative for the reverse zone (the “aa” bit isn’t set) – No SOA record for reverse zone When is a Name Server stripped? – No A record for name server – The name server is unresponsive to queries (times out) – The name server doesn’t know reverse zone exists (thus can’t have individual PTR records)

Policy Experience Report Leslie provided the following text for the Policy Experience Report at the LA meeting (ARIN XXII)

Problems Observed No clear way of detecting a Lame Delegation Potential legal liability Operationally significant number of man hours spent on development, notification, and follow up

Service Issues with Current Lame System Turning off “working” delegations – Delegation in dns for a /16 when have a /19 – Incorrectly configured dns servers Substantial customer support

New Definition of LAME (1 of 3) Three Tests: – Issue a SOA query for the delegation. If the server responds, the delegation is good. Note that the AA bit does not need to be set on the response.

If test #1 fails, fill out the dotted quad for the delegation and issue a PTR query (eg in-addr.arpa PTR). If the AA bit is set, then the delegation is good. New Definition of LAME (2 of 3)

If test #2 fails, provide 3 random PTR queries for dotted quads that reside in that delegation. If any of the three tests provide something in the answer section, then the delegation is good. Note that the AA bit does not need to be set on the response. New Definition of LAME (3 of 3)

Next Steps Consensus – Is the relaxed algorithm worthy? – If yes, place it in the work queue