Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lame DNS Server Sweeping

Published byGwendolyn Norris Modified over 6 years ago

Similar presentations

Presentation on theme: "Lame DNS Server Sweeping"— Presentation transcript:

1 Lame DNS Server Sweeping
DNS Operations Sig APNIC 18 2 September 2004, Fiji

2 Lame DNS reverse delegations can cause problems across the Internet:
Problem Summary Lame DNS reverse delegations can cause problems across the Internet: Delays in service binding for clients using affected address ranges: Timeouts in reverse-address lookup Receiving party tries to resolve the calling source address. Refusal of service due to failures during DNS processing

3 Problem Summary Increased DNS traffic
between caching DNS nameservers and the listed DNS authority chain down from the root Processing requests which can only fail after timeout Measurable load on critical Infrastructure The RIRs have been requested to investigate and reduce this traffic

4 Problem Summary Lame DNS reverse delegations affect
The users of the network in question Unrelated third parties End users cannot resolve problem directly Due to hierarchical nature of authoritative delegation If the network administrators do not correct errors in their DNS configurations RIR has to resume control of the delegated domain pending the delegate resuming control disable the listing of the misconfigured servers

5 Adopted proposal (from AMM16/17)
Identify potential lameness two points of test, AU & JP Test the DNS reverse delegation 15 day test period Attempt to notify the domain holder 45 day notice period Disable lame DNS reverse delegation If not corrected at end of notice period

6 Project Deliverables Web based tools to support maintenance of Reverse DNS Implemented in MyAPNIC, in deployment SQL based engine backing DNS Implemented, in testing presented in database sig Integrated data management lame status checking, de-listing functions Will interoperate with new DNS generation system Support systems for APNIC staff In early design phases Contact scheduling system for HM dept Service delivery expected in 4Q04

7 Current status of listed NS in DB
Total NS Disabled by Domain Admin (for future services) Live NS 168,042 61,963 domains In 15 day period 12,471 9,571 domains In 45 day period 11,544 6,982 domains Disabled by APNIC Will increase when policy goes live

8 LAME-ness summary lame nameservers = 24,015 (12.180%)
Many unstable (flapping) rather than persistently lame Noted ‘aggregation’ towards a top-10 list of NS which serve many domains Likely to be initial contact list for Hostmasters Privacy issues prevent listing on web Focus on communication with lame domain admin directly via , phone etc

9

10 Questions Thank You !

Download ppt "Lame DNS Server Sweeping"

Similar presentations

1 Deprecation of ip6.int reverse DNS service in APNIC Project update IPv6 technical SIG, APNIC 21 1 March 2006 Sanjaya.

1 Deprecation of ip6.int reverse DNS service in APNIC Project update IPv6 technical SIG, APNIC 21 1 March 2006 Sanjaya.
1 Addition of IPv6 servers to in-addr.arpa tree DNS Operations Sig APNIC 18 2 September 2004, Fiji.

1 Addition of IPv6 servers to in-addr.arpa tree DNS Operations Sig APNIC 18 2 September 2004, Fiji.
Sweeping lame DNS reverse delegations APNIC16 – DNS Operations SIG Seoul, Korea, 20 August 2003.

Sweeping lame DNS reverse delegations APNIC16 – DNS Operations SIG Seoul, Korea, 20 August 2003.
1 prop-018-v001 Protecting historical records in the APNIC Whois Database Project Update DB SIG APNIC18 2 September 2004 Nadi, Fiji Sanjaya, Project Manager,

1 prop-018-v001 Protecting historical records in the APNIC Whois Database Project Update DB SIG APNIC18 2 September 2004 Nadi, Fiji Sanjaya, Project Manager,
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
Implementing Domain Name System

Implementing Domain Name System
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.

Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
The new APNIC DNS generation system. Previous System Direct access to backend whois.db files – Constructed radix tree in memory from domain objects –

The new APNIC DNS generation system. Previous System Direct access to backend whois.db files – Constructed radix tree in memory from domain objects –
1 [prop-038] Proposal to amend APNIC Lame DNS reverse delegation policy Policy SIG 7 Sep 2006 APNIC 22, Kaohsiung, Taiwan Terry Manderson.

1 [prop-038] Proposal to amend APNIC Lame DNS reverse delegation policy Policy SIG 7 Sep 2006 APNIC 22, Kaohsiung, Taiwan Terry Manderson.
Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.

Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.
Impact of Configuration Errors on DNS Robustness Vasileios Pappas, Zhiguo Xu, Songwu Lu, Daniel Massey, Andreas Terzis, Lixia Zhang SIGCOMM 2004 Presented.

Impact of Configuration Errors on DNS Robustness Vasileios Pappas, Zhiguo Xu, Songwu Lu, Daniel Massey, Andreas Terzis, Lixia Zhang SIGCOMM 2004 Presented.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
Domain Name Services Oakton Community College CIS 238.

Domain Name Services Oakton Community College CIS 238.
1 APNIC reverse DNS management roadmap DNS operations SIG, APNIC 21 2 March 2006.

1 APNIC reverse DNS management roadmap DNS operations SIG, APNIC 21 2 March 2006.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 7: Domain Name System.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 7: Domain Name System.
Module 5: Planning a DNS Strategy. Overview Planning DNS Servers Planning a Namespace Planning Zones Planning Zone Replication and Delegation Integrating.

Module 5: Planning a DNS Strategy. Overview Planning DNS Servers Planning a Namespace Planning Zones Planning Zone Replication and Delegation Integrating.
Taiwan Network Information Center Introduction to TWNIC RMS (Resource Management System) 15 th APNIC NIR Meeting David Chen Feb 26,

Taiwan Network Information Center Introduction to TWNIC RMS (Resource Management System) 15 th APNIC NIR Meeting David Chen Feb 26,
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 6: Name Resolution.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 6: Name Resolution.
Regional Internet Registries Statistics & Activities IETF 55 Atlanta Prepared By APNIC, ARIN, LACNIC, RIPE NCC.

Regional Internet Registries Statistics & Activities IETF 55 Atlanta Prepared By APNIC, ARIN, LACNIC, RIPE NCC.
Status report on Lame Delegations (work in progress) George Michaelson DB SIG APNIC17/APRICOT 2004 Feb 23-27 2004 KL, Malaysia.

Status report on Lame Delegations (work in progress) George Michaelson DB SIG APNIC17/APRICOT 2004 Feb KL, Malaysia.

Similar presentations

Ads by Google