Post on 31-Dec-2015
description
Sweeping Lame DNS DelegationsA Proposal
DNS OPS SIG
APNIC 15, Taipei, Taiwan
26 February 2003
Problem
• 10-15% of all reverse DNS domains managed under APNIC are ‘lame’– Lame DNS increase traffic to DNS root
servers– Lame DNS inconveniences end users– Lame DNS inconveniences unrelated
third parties
• Fixing Lame DNS requires top-down coordination
Proposal
• APNIC uses domain: objects in whois to manage reverse DNS delegation– Changing domain object changes DNS
• APNIC Secretariat is measuring and identifying lame DNS records already for statistical purposes– Proposed to add a ‘disable’ function to DNS
zone generation– Mark Lame DNS domain: objects disabled– Notify Maintainer, permit re-enabling
Details
• 30 Day notice of LAME DNS status– Countdown timer– Countdown resets if DNS fixed– EMail to maintainer during 30 day
window
• At end, record marked disabled– Monthly reminder email to maintainer
• Tests see ‘intermittent’ lame DNS– Only persistently lame disabled
• Lame for 30 days or more
Process to re-enable
• Disable flag is extra Remark: field in domain object
• To Re-enable, update whois domain: object to remove the Remark: field added by APNIC systems.
• Domain object must meet normal DNS requirements when re-submitted– Minimum 2 nserver: entries, tested live
Other RIRs
• ARIN– Adopted similar mechanism, will be
reviewed at ARIN-XI
• LACNIC– Measure and record lame DNS daily,
considering proposal to disable at next LACNIC meeting
• RIPE-NCC– Measure only at this stage
Reporting
• Add standing report to DNS OPS SIG– Number of lame DNS records detected– Rate of disabling, re-enabling– Additional reports to IEPG, NANOG,
SANOG etc
• Coordination with other RIRs– May vary process timing, extend process
• Review process in DNS-SIG– RIR and other modifications/proposals
should be subject to DNS-SIG review
Benefits of this proposal
• Improved DNS services– Reduction of load on root DNS servers– Improved Internet connection times– Better logging of connections