Implementation of ARIN's Lame DNS Delegation Policy - PowerPoint PPT Presentation
Title:
Implementation of ARIN's Lame DNS Delegation Policy
Description:
APR 2002 Discussion at ARIN IX. JUN 2002 Measured extent of problem. SUM 2002 Discussion on email lists. OCT 2002 Discussion at ARIN X. NOV 2002 Policy ... – PowerPoint PPT presentation
Number of Views:87
Avg rating:3.0/5.0
Title: Implementation of ARIN's Lame DNS Delegation Policy
1
Implementation of ARIN's Lame DNS Delegation
Policy
- Edward Lewis
- Research Engineer
- ARIN
- edlewis_at_arin.net
2
Abstract
- The membership of ARIN has approved a policy to
curb lame delegations - The staff is implementing it and has already seen
a reduction - This presentation will outline the policy,
results, and how ARIN is interacting with
registrants and registries
3
Background
- MAR 2002 Proposed on ARIN ppml (list)
- APR 2002 Discussion at ARIN IX
- JUN 2002 Measured extent of problem
- SUM 2002 Discussion on email lists
- OCT 2002 Discussion at ARIN X
- NOV 2002 Policy adopted
- DEC 2002 Implementation activity begins
4
Policy Summary
5
Policy Summary
Four Phases
6
Policy Summary
- Four Phases
- Test
7
Policy Summary
- Four Phases
- Test
Identify Lame Delegation
8
Policy Summary
- Four Phases
- Test
- Attempt Contact
Identify Lame Delegation
9
Policy Summary
- Four Phases
- Test
- Attempt Contact
Identify Lame Delegation
E-mail the network POC
10
Policy Summary
- Four Phases
- Test
- Attempt Contact
Identify Lame Delegation
E-mail the network POC
If No Contact Proceed to Next Step
11
Policy Summary
- Four Phases
- Test
- Attempt Contact
Identify Lame Delegation
E-mail the network POC
E-mail the ASN POC
12
Policy Summary
- Four Phases
- Test
- Attempt Contact
Identify Lame Delegation
E-mail the network POC
E-mail the ASN POC
If No Contact Proceed to Next Step
13
Policy Summary
- Four Phases
- Test
- Attempt Contact
Identify Lame Delegation
E-mail the network POC
E-mail the ASN POC
Telephone the network or ASN POC
14
Policy Summary
- Four Phases
- Test
- Attempt Contact
Identify Lame Delegation
E-mail the network POC
E-mail the ASN POC
Telephone the network or ASN POC
If No Contact Proceed to Next Step
15
Policy Summary
- Four Phases
- Test
- Attempt Contact
Identify Lame Delegation
E-mail the network POC
E-mail the ASN POC
Telephone the network or ASN POC
Postal Mail the network or ASN POC
16
Policy Summary
- Four Phases
- Test
- Attempt Contact
Identify Lame Delegation
E-mail the network POC
E-mail the ASN POC
Telephone the network or ASN POC
Postal Mail the network or ASN POC
If No Contact Proceed to Next Step
17
Policy Summary
- Four Phases
- Test
- Attempt Contact
- Evaluate
Identify Lame Delegation
E-mail the network POC
E-mail the ASN POC
Telephone the network or ASN POC
Postal Mail the network or ASN POC
18
Policy Summary
- Four Phases
- Test
- Attempt Contact
- Evaluate
Identify Lame Delegation
E-mail the network POC
E-mail the ASN POC
Telephone the network or ASN POC
Postal Mail the network or ASN POC
Wait 30 Days
19
Policy Summary
- Four Phases
- Test
- Attempt Contact
- Evaluate
Identify Lame Delegation
E-mail the network POC
E-mail the ASN POC
Telephone the network or ASN POC
Postal Mail the network or ASN POC
Wait 30 Days
Delegation Declared Lame
20
Policy Summary
- Four Phases
- Test
- Attempt Contact
- Evaluate
- Remove Delegation
Identify Lame Delegation
E-mail the network POC
E-mail the ASN POC
Telephone the network or ASN POC
Postal Mail the network or ASN POC
Wait 30 Days
Delegation Declared Lame
21
Policy Summary
- Four Phases
- Test
- Attempt Contact
- Evaluate
- Remove Delegation
Identify Lame Delegation
E-mail the network POC
E-mail the ASN POC
Telephone the network or ASN POC
Postal Mail the network or ASN POC
- Remove NS Delegations
- Update WHOIS Record
- Delegation Determined to be Lame
- Evaluation Date of the Lame Delegation
- Contact has been Attempted Unsuccessfully
- Date Record Updated
Wait 30 Days
Delegation Declared Lame
Update Record
22
Lame Delegation Test
- Query for SOA record of zone
- Try all IP addresses for each server of zone
- In response, flag as lame if
- No Authoritative Answer (AA) bit set
- AA bit set, but an empty answer section
- AA bit set, but answer is not an SOA record
23
What is Not Flagged
- Not flagged as lame in this round of testing
- No IP address for name server
- No answer from server
- This will be flagged in the future
24
Timeline
- Notify Network POC
- Notify Autonomous System POC
25
Zone Results
bounce!
26
Server Results
- 13 Feb findings, percentage of servers
- 77 not flagged as lame
- (good OR no address/answer)
- 19 Authoritative Answer bit set to 0
- 4 with empty answer section
- lt1 with a non-SOA answer (CNAME)
27
Notification Results
- 3rd Notice - approx. 150 calls in first few days
28
Help Desk Actions
- Determine the problem/exact question
- Use Lame tool, BINDs dig tool
- Review results with registrant
- Explain expected results
- Walk through steps to correct ARIN DB entry
- Refer registrant for further assistance
- Their local support
- Vendor of their name server
- BIND documentation (if using a BIND server)
29
Observations
- People are interested
- Want to correct problem
- Want to know what this is about
- Based on feedback from community
- http//www.arin.net/registration/lame_delegations/
index.html - This will be a deliberate process
30
Next Steps
- Continue notification as per policy
- Update database information
- Continue testing for lameness
- Identify engineering issues with testing
- Identify implementation issues
- Share experiences with other registries
31
Email Addresses
- Discussions of lame delegations are happening in
other regions too - APNIC SIG on DNS issues
- ltsig-dns.lists.apnic.netgt
- RIPE DNS Working Group
- ltdns-wg.ripe.netgt
- Tool-specific mailing lists
- My address edlewis_at_arin.net
32
Thank You
