Sweeping Lame DNS DelegationsA Proposal

DNS OPS SIG

APNIC 15, Taipei, Taiwan

26 February 2003

Problem

• 10-15% of all reverse DNS domains managed under APNIC are ‘lame’– Lame DNS increase traffic to DNS root

servers– Lame DNS inconveniences end users– Lame DNS inconveniences unrelated

third parties

• Fixing Lame DNS requires top-down coordination

Proposal

• APNIC uses domain: objects in whois to manage reverse DNS delegation– Changing domain object changes DNS

• APNIC Secretariat is measuring and identifying lame DNS records already for statistical purposes– Proposed to add a ‘disable’ function to DNS

zone generation– Mark Lame DNS domain: objects disabled– Notify Maintainer, permit re-enabling

Details

• 30 Day notice of LAME DNS status– Countdown timer– Countdown resets if DNS fixed– EMail to maintainer during 30 day

window

• At end, record marked disabled– Monthly reminder email to maintainer

• Tests see ‘intermittent’ lame DNS– Only persistently lame disabled

• Lame for 30 days or more

Process to re-enable

• Disable flag is extra Remark: field in domain object

• To Re-enable, update whois domain: object to remove the Remark: field added by APNIC systems.

• Domain object must meet normal DNS requirements when re-submitted– Minimum 2 nserver: entries, tested live

Other RIRs

• ARIN– Adopted similar mechanism, will be

reviewed at ARIN-XI

• LACNIC– Measure and record lame DNS daily,

considering proposal to disable at next LACNIC meeting

• RIPE-NCC– Measure only at this stage

Reporting

• Add standing report to DNS OPS SIG– Number of lame DNS records detected– Rate of disabling, re-enabling– Additional reports to IEPG, NANOG,

SANOG etc

• Coordination with other RIRs– May vary process timing, extend process

• Review process in DNS-SIG– RIR and other modifications/proposals

should be subject to DNS-SIG review

Benefits of this proposal

• Improved DNS services– Reduction of load on root DNS servers– Improved Internet connection times– Better logging of connections