Lame Delegation Status Report
Download
Report
Transcript Lame Delegation Status Report
Implementation of
ARIN's Lame DNS
Delegation Policy
Edward Lewis
Research Engineer
ARIN
[email protected]
Abstract
The membership of ARIN has approved
a policy to curb lame delegations
The staff is implementing it and has
already seen a reduction
This presentation will outline the policy,
results, and how ARIN is interacting with
registrants and registries
June 3, 2003
NANOG 28
2
Background
MAR 2002 – Proposed on ARIN ppml (list)
APR 2002 – Discussion at ARIN IX
JUN 2002 – Measured extent of problem
SUM 2002 – Discussion on email lists
OCT 2002 – Discussion at ARIN X
NOV 2002 – Policy adopted
DEC 2002 – Implementation activity begins
June 3, 2003
NANOG 28
3
Policy Summary
June 3, 2003
NANOG 28
4
Policy Summary
Four Phases
June 3, 2003
NANOG 28
5
Policy Summary
Four Phases
• Test
June 3, 2003
NANOG 28
6
Policy Summary
Four Phases
• Test
Identify Lame Delegation
June 3, 2003
NANOG 28
7
Policy Summary
Four Phases
• Test
• Attempt Contact
Identify Lame Delegation
June 3, 2003
NANOG 28
8
Policy Summary
Four Phases
• Test
• Attempt Contact
Identify Lame Delegation
E-mail the network POC
June 3, 2003
NANOG 28
9
Policy Summary
Four Phases
• Test
• Attempt Contact
Identify Lame Delegation
E-mail the network POC
If No Contact
Proceed to Next Step
June 3, 2003
NANOG 28
10
Policy Summary
Four Phases
• Test
• Attempt Contact
Identify Lame Delegation
E-mail the network POC
E-mail the ASN POC
June 3, 2003
NANOG 28
11
Policy Summary
Four Phases
• Test
• Attempt Contact
Identify Lame Delegation
E-mail the network POC
E-mail the ASN POC
If No Contact
Proceed to Next Step
June 3, 2003
NANOG 28
12
Policy Summary
Four Phases
• Test
• Attempt Contact
Identify Lame Delegation
E-mail the network POC
E-mail the ASN POC
Telephone the network or ASN POC
June 3, 2003
NANOG 28
13
Policy Summary
Four Phases
• Test
• Attempt Contact
Identify Lame Delegation
E-mail the network POC
E-mail the ASN POC
Telephone the network or ASN POC
If No Contact
Proceed to Next Step
June 3, 2003
NANOG 28
14
Policy Summary
Four Phases
• Test
• Attempt Contact
Identify Lame Delegation
E-mail the network POC
E-mail the ASN POC
Telephone the network or ASN POC
Postal Mail the network or ASN POC
June 3, 2003
NANOG 28
15
Policy Summary
Four Phases
• Test
• Attempt Contact
Identify Lame Delegation
E-mail the network POC
E-mail the ASN POC
Telephone the network or ASN POC
If No Contact
Proceed to Next Step
June 3, 2003
Postal Mail the network or ASN POC
NANOG 28
16
Policy Summary
Identify Lame Delegation
E-mail the network POC
Four Phases
• Test
• Attempt Contact
• Evaluate
E-mail the ASN POC
Telephone the network or ASN POC
Postal Mail the network or ASN POC
June 3, 2003
NANOG 28
17
Policy Summary
Four Phases
• Test
• Attempt Contact
• Evaluate
Identify Lame Delegation
E-mail the network POC
E-mail the ASN POC
Telephone the network or ASN POC
Postal Mail the network or ASN POC
Wait 30 Days
June 3, 2003
NANOG 28
18
Policy Summary
Four Phases
• Test
• Attempt Contact
• Evaluate
Identify Lame Delegation
E-mail the network POC
E-mail the ASN POC
Telephone the network or ASN POC
Postal Mail the network or ASN POC
Wait 30 Days
Delegation Declared Lame
June 3, 2003
NANOG 28
19
Policy Summary
Four Phases
• Test
• Attempt Contact
• Evaluate
• Remove Delegation
Identify Lame Delegation
E-mail the network POC
E-mail the ASN POC
Telephone the network or ASN POC
Postal Mail the network or ASN POC
Wait 30 Days
Delegation Declared Lame
June 3, 2003
NANOG 28
20
Policy Summary
Identify Lame Delegation
E-mail the network POC
Four Phases
• Test
• Attempt Contact
• Evaluate
• Remove Delegation
E-mail the ASN POC
Telephone the network or ASN POC
•
•
Remove NS Delegations
Postal Mail the network or ASN POC
Update WHOIS Record
Wait 30 Days
• Delegation Determined to be Lame
Delegation Declared Lame
• Evaluation Date of the Lame Delegation
• Contact has been Attempted Unsuccessfully
Update Record
• Date Record Updated
June 3, 2003
NANOG 28
21
Lame Delegation Test
Query for SOA record of zone
Try all IP addresses for each server of
zone
In response, flag as lame if:
No Authoritative Answer (AA) bit set
AA bit set, but an empty answer section
AA bit set, but answer is not an SOA record
June 3, 2003
NANOG 28
22
What is Not Flagged
Not flagged as lame in this round of
testing:
No IP address for name server
No answer from server
This will be flagged in the future
June 3, 2003
NANOG 28
23
Timeline
Notify Network POC
Notify Autonomous System POC
June 3, 2003
NANOG 28
24
Zone Results
13 Feb
June 3, 2003
Zones
Flagged for
Checked
Lameness
198,213
55,281
27 Mar
55,281
35,944
12 May
55,281
28,735
30 May
55,281
34,625
NANOG 28
25
Server Results
13 Feb findings, percentage of servers
77% not flagged as lame
(good OR no address/answer)
19% Authoritative Answer bit set to 0
4% with empty answer section
<1% with a non-SOA answer (CNAME)
June 3, 2003
NANOG 28
26
Notification Results
Telephone
Email
1st Notice
125
119
2nd Notice
91
141
3rd Notice - approx. 150 calls in first few days
June 3, 2003
NANOG 28
27
Help Desk Actions
Determine the problem/exact question
Use “Lame” tool, BIND’s dig tool
Review results with registrant
Explain expected results
Walk through steps to correct ARIN DB entry
Refer registrant for further assistance:
Their local support
Vendor of their name server
BIND documentation (if using a BIND server)
June 3, 2003
NANOG 28
28
Observations
People are interested
Want to correct problem
Want to know what this is about
Based on feedback from community:
http://www.arin.net/registration/lame_delegations/index.html
This will be a deliberate process
June 3, 2003
NANOG 28
29
Next Steps
Continue notification as per policy
Update database information
Continue testing for lameness
Identify engineering issues with testing
Identify implementation issues
Share experiences with other registries
June 3, 2003
NANOG 28
30
Email Addresses
Discussions of lame delegations are
happening in other regions too
APNIC SIG on DNS issues
<sig-dns.lists.apnic.net>
RIPE DNS Working Group
<dns-wg.ripe.net>
Tool-specific mailing lists
My address: [email protected]
June 3, 2003
NANOG 28
31