APNIC LAME NS measurements. Overview Methodology Initial outcomes from 128 days runtime How bad is the problem? LAME-ness trends Proposals for dealing.

Slides:

Advertisements

Similar presentations

LACNIC V – 18 / 20 november Havana, Cuba Monitoring Lame Delegations Frederico A C Neves.

Advertisements

Testing IPv6 Address Records in the DNS Root APNIC 23 February 2007 Geoff Huston Chief Scientist APNIC.

Reverse DNS SIG Summary Report APNIC Annual Member Meeting Bangkok, March

1 Deprecation of ip6.int reverse DNS service in APNIC Project update IPv6 technical SIG, APNIC 21 1 March 2006 Sanjaya.

Data export to Summon Mark Huppert, ANU Library System & Web Coordinator

1 Addition of IPv6 servers to in-addr.arpa tree DNS Operations Sig APNIC 18 2 September 2004, Fiji.

NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.

Clearinghouse for Incident Handling Tools TF-CSIRT Seminar January 18, 2001 Barcelona Yuri Demchenko.

Scanning CS391. Overview  The TCP protocol: quick overview  Scanning  Fingerprinting  OS Detection.

Sweeping lame DNS reverse delegations APNIC16 – DNS Operations SIG Seoul, Korea, 20 August 2003.

Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.

The new APNIC DNS generation system. Previous System Direct access to backend whois.db files – Constructed radix tree in memory from domain objects –

DNS Security Extension (DNSSEC). Why DNSSEC? DNS is not secure –Applications depend on DNS ►Known vulnerabilities DNSSEC protects against data spoofing.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Address Policy Meeting What is Reverse DNS October 26th, Brisbane Bruce.

1 [prop-038] Proposal to amend APNIC Lame DNS reverse delegation policy Policy SIG 7 Sep 2006 APNIC 22, Kaohsiung, Taiwan Terry Manderson.

Impact of Configuration Errors on DNS Robustness Vasileios Pappas, Zhiguo Xu, Songwu Lu, Daniel Massey, Andreas Terzis, Lixia Zhang SIGCOMM 2004 Presented.

A Study of DNS Lameness Edward Lewis. July 14, 2002 IETF 54 Slide 2 Agenda Lameness Why (Surprise:) Spotty(?) results Approach Plans.

LAME – Next Steps Mark Kosters, CTO. Delegations tested daily until test good or removed If still lame after 30 consecutive days of testing, POCs notified.

7/16/20151 Quality Assurance Overview. 7/16/20152 Quality Assurance System Overview FY 04/05- new Quality Assurance tools implemented  included CMS Quality.

Reverse DNS. Overview Principles Creating reverse zones Setting up nameservers Reverse delegation procedures.

11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,

Module 3 DNS Types.

Providing A Subset of Whois Data Via DNS Shuang Zhu Xing Li CERNET Center.

DNS Registries. Overview What is a DNS registry? –DNS registries –Data In –Data Out –Transactions Registry Structure –Registry –Registrars –Registrants.

The APNIC Whois Database Introduction and Usage. whois.apnic.net whois.ripe.netwhois.arin.net Server Unix Client ‘X’ Client Command Prompt / Web Interface.

Database Update Paul Palse Database Manager, RIPE NCC.

Petrozavodsk State University, Alex Moschevikin, 2003NET TECHNOLOGIES Domain Name System HISTORY File hosts (the size of Internet became more than 1000.

Global Registry Services com/net/org Registry Update for NANOG24 Matt Larson VeriSign Global Registry Services.

Chapter 17 Domain Name System

SERVER I SLIDE: 6. SERVER I Topics: Objective 4.3: Deploy and configure the DNS service Objective 5.1: Install domain controllers.

DNS & BIND Chapter 24. This Chapter DNS Overview.

DNS Dynamic Update Performance Study The Purpose Dynamic update and XFR is key approach to perform zone data replication and synchronization,

Naming March 8, Networks What is naming?  Associations between some elements in a set of names and some elements in a set of values  Binding.

Early Registration Transfer Project Status Update.

Assignment 3 Threads. Scientific Store A container contains 3 different objects: Laboratory: – Name of Head of Laboratory – Number of scientists in laboratory.

Configuring Name Resolution and Additional Services Lesson 12.

Domain Name System (DNS). DNS Server Service Overview of Domain Name System What Is a Domain Namespace? Standards for DNS Naming.

Self-Service Open Resolver Scanning Duane Wessels DNS-OARC Workshop Dublin May 12, 2013.

REVERSE DNS Why and how AFRINIC-II Maputo,Mozambique 26 April 2005 Alain AINA.

Sweeping Lame DNS Delegations A Proposal DNS OPS SIG APNIC 15, Taipei, Taiwan 26 February 2003.

1 Discussion of the new DNS generation system DNS Operations SIG APNIC 18 2nd September 2004, Fiji.

The CS Data Management and Tutor Monitoring system Xebiso Tshuma & Hope Mutete Supervisor: Mike Linck Date: 21 July.

Whois Domain Object Authorisation APNIC18 – DB SIG Nadi, Fiji 2 September 2004.

MultiJob pilot on Titan. ATLAS workloads on Titan Danila Oleynik (UTA), Sergey Panitkin (BNL) US ATLAS HPC. Technical meeting 18 September 2015.

Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.

Publishing zone scan data using an open data portal Sebastian Castro OARC Workshop Montreal – Oct 2015.

1. STARTING POINT Data is an important part of helping State and Local HDs achieve better health outcomes for their constituencies. Currently there appear.

RDAP Andy Newton, Chief Engineer. Background WHOIS (Port 43) – Old, very old – Lot’s of problems Under specified, no I18N, insecure, no authentication,

Early Registration Record Transfers Richard Jimmerson Director of Operations APNIC 11Kuala Lumpur.

1 Lame delegation status report DNS Operations SIG APNIC , Hanoi.

1 CMPT 471 Networking II DNS © Janice Regan,

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Address Policy Meeting APNIC Reverse DNS October 26th, Brisbane Bruce.

Aug 2008 KRNIC of NIDA KRNIC Updates.

Gridmake for GlueX software Richard Jones University of Connecticut GlueX offline computing working group, June 1, 2011.

Current Topic – EPP - TWNIC Jeff Yeh

Open DNS resolvers have to be closed ● Open resolvers respond to recursive queries from any host on the Internet ● Amplification DNS attack 2.

Scenario use cases Szymon Mueller PSNC. Agenda 1.General description of experiment use case. 2.Detailed description of use cases: 1.Preparation for observation.

MapReduce: Simplied Data Processing on Large Clusters Written By: Jeffrey Dean and Sanjay Ghemawat Presented By: Manoher Shatha & Naveen Kumar Ratkal.

AfNOG-2003 Domain Name System (DNS) Ayitey Bulley Setting up an Authoritative Name Server.

Implementation of ARIN's Lame DNS Delegation Policy

A proposal to deprecate ip6.int reverse DNS service in APNIC

NIC Chile Secondary DNS Service History and Evolution

A Study of DNS Lameness by Ed Lewis ARIN Research Engineer

Lame DNS Server Sweeping

Fall 2009 B+ Tree Recitation

Regional Internet Registries

A Coordinated Proposal Regional Internet Registries

LAMAS Working Group June 2017

Measuring KSK Roll Readiness

AMM APNIC 15, Taipei, Taiwan 28 Feb 2003

Presentation transcript:

APNIC LAME NS measurements

Overview Methodology Initial outcomes from 128 days runtime How bad is the problem? LAME-ness trends Proposals for dealing with LAME NS

Methodology Forked tree of perl processes – Implemented on Net::DNS package – Searches source:APNIC domain objects – For each listed object, checks nserver(s) – 20 parallel tasks Very low server impact, circa 3 queries/sec Completes scan of 45,000 objects in in under 5 hours Status is either OK, partially or fully lame Daily run

Initial outcomes from 128 days of data 20% to 30% of domains have problems – One or more NS not visible – SOA serial mismatches 10% to 15% fully lame – No functional NS in set of nserver – Zone file may have other (valid) NS (checks on SOA listed NS future work)

How bad is the problem? During sample period – 33% of domains all ns visible, all the time 43% better than 99% visible – 11% of domains all ns lame, all the time 18% have a semi-persistant problem Caveats: only one point of probe – Need to correlate with other query points – Coordination with RIPE, ARIN sweeps

Full and Partial LAME-ness trend

LAME-ness is all good or all bad No lame All lame

LAME-ness is consistent

Proposals for APNIC SIG-DB APNIC to send out 'reminders' to tech-c of domain objects with consistently LAME ns – Need to set threshold correctly Target the persistantly lame cases After time, if still lame: – APNIC disables DNS By marking domain: object with special data – Causes DNS generation to be skipped Tech-c (real data owner) can un-mark the domain object at any time