Presentation is loading. Please wait.

Presentation is loading. Please wait.

LAME – Next Steps Mark Kosters, CTO. Delegations tested daily until test good or removed If still lame after 30 consecutive days of testing, POCs notified.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "LAME – Next Steps Mark Kosters, CTO. Delegations tested daily until test good or removed If still lame after 30 consecutive days of testing, POCs notified."— Presentation transcript:

1 LAME – Next Steps Mark Kosters, CTO

2 Delegations tested daily until test good or removed If still lame after 30 consecutive days of testing, POCs notified If still lame 30 days after initial notification, POCs notified again If still lame 30 days after second notification, delegation analyzed manually; name servers stripped if delegation determined to be inoperative Lame Delegation Process

3 How is “Lame” defined? – No A record for name server – The name server is unresponsive to queries (times out) – Name server doesn’t think it’s authoritative for the reverse zone (the “aa” bit isn’t set) – No SOA record for reverse zone When is a Name Server stripped? – No A record for name server – The name server is unresponsive to queries (times out) – The name server doesn’t know reverse zone exists (thus can’t have individual PTR records)

4 Policy Experience Report Leslie provided the following text for the Policy Experience Report at the LA meeting (ARIN XXII)

5 Problems Observed No clear way of detecting a Lame Delegation Potential legal liability Operationally significant number of man hours spent on development, notification, and follow up

6 Service Issues with Current Lame System Turning off “working” delegations – Delegation in dns for a /16 when have a /19 – Incorrectly configured dns servers Substantial customer support

7 New Definition of LAME (1 of 3) Three Tests: – Issue a SOA query for the delegation. If the server responds, the delegation is good. Note that the AA bit does not need to be set on the response.

8 If test #1 fails, fill out the dotted quad for the delegation and issue a PTR query (eg dig @ns.example.com 0.0.168.192.in-addr.arpa PTR). If the AA bit is set, then the delegation is good. New Definition of LAME (2 of 3)

9 If test #2 fails, provide 3 random PTR queries for dotted quads that reside in that delegation. If any of the three tests provide something in the answer section, then the delegation is good. Note that the AA bit does not need to be set on the response. New Definition of LAME (3 of 3)

10 Next Steps Consensus – Is the relaxed algorithm worthy? – If yes, place it in the work queue

Download ppt "LAME – Next Steps Mark Kosters, CTO. Delegations tested daily until test good or removed If still lame after 30 consecutive days of testing, POCs notified."

Similar presentations

LACNIC V – 18 / 20 november 2003 - Havana, Cuba Monitoring Lame Delegations Frederico A C Neves.

LACNIC V – 18 / 20 november Havana, Cuba Monitoring Lame Delegations Frederico A C Neves.
1 Deprecation of ip6.int reverse DNS service in APNIC Project update IPv6 technical SIG, APNIC 21 1 March 2006 Sanjaya.

1 Deprecation of ip6.int reverse DNS service in APNIC Project update IPv6 technical SIG, APNIC 21 1 March 2006 Sanjaya.
Sweeping lame DNS reverse delegations APNIC16 – DNS Operations SIG Seoul, Korea, 20 August 2003.

Sweeping lame DNS reverse delegations APNIC16 – DNS Operations SIG Seoul, Korea, 20 August 2003.
School of Electrical Engineering and Computer Science, 2004 Slide 1 Autonomic DNS Experiment Architecture, Symptom and Fault Identification.

School of Electrical Engineering and Computer Science, 2004 Slide 1 Autonomic DNS Experiment Architecture, Symptom and Fault Identification.
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
King of Limitations Present by: Ao-Jan Su. Accuracy? Accuracy depends on the distance of end hosts and their authoritative name servers. Not true for.

King of Limitations Present by: Ao-Jan Su. Accuracy? Accuracy depends on the distance of end hosts and their authoritative name servers. Not true for.
DNS Session 4: Delegation and reverse DNS Joe Abley AfNOG 2006 workshop.

DNS Session 4: Delegation and reverse DNS Joe Abley AfNOG 2006 workshop.
DNS. DNS is a network service that enables clients to resolve names to IP address and vice-versa. Allows machines to be logically grouped by domain names.

DNS. DNS is a network service that enables clients to resolve names to IP address and vice-versa. Allows machines to be logically grouped by domain names.
1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.

1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.
The Domain Name System. CeylonLinux DNS concepts using BIND 2 Hostnames IP Addresses are great for computers –IP address includes information used for.

The Domain Name System. CeylonLinux DNS concepts using BIND 2 Hostnames IP Addresses are great for computers –IP address includes information used for.
4.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

4.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Domain Name System (DNS) Network Information Center (NIC) : HOSTS.TXT.

Domain Name System (DNS) Network Information Center (NIC) : HOSTS.TXT.
Recursive Server. Overview Recursive Service Root server list localhost 0.0.127.in-addr.arpa named.conf.

Recursive Server. Overview Recursive Service Root server list localhost in-addr.arpa named.conf.
1 [prop-038] Proposal to amend APNIC Lame DNS reverse delegation policy Policy SIG 7 Sep 2006 APNIC 22, Kaohsiung, Taiwan Terry Manderson.

1 [prop-038] Proposal to amend APNIC Lame DNS reverse delegation policy Policy SIG 7 Sep 2006 APNIC 22, Kaohsiung, Taiwan Terry Manderson.
A Study of DNS Lameness Edward Lewis. July 14, 2002 IETF 54 Slide 2 Agenda Lameness Why (Surprise:) Spotty(?) results Approach Plans.

A Study of DNS Lameness Edward Lewis. July 14, 2002 IETF 54 Slide 2 Agenda Lameness Why (Surprise:) Spotty(?) results Approach Plans.
The Domain Name System Unix System Administration Download PowerPoint Presentation.

The Domain Name System Unix System Administration Download PowerPoint Presentation.
The Domain Name System (DNS)

The Domain Name System (DNS)
DNS Domain Name Service References: Wikipedia 1.

DNS Domain Name Service References: Wikipedia 1.
Domain Name Services Oakton Community College CIS 238.

Domain Name Services Oakton Community College CIS 238.
Domain Name System (DNS) Ayitey Bulley Session-1: Fundamentals.

Domain Name System (DNS) Ayitey Bulley Session-1: Fundamentals.

Similar presentations

Ads by Google