Implementation of ARIN s Lame DNS Delegation Policy Edward

Скачать презентацию Implementation of ARIN s Lame DNS Delegation Policy Edward

8562cb2d174fbc85a5dee421b5b8ebe7.ppt

Количество слайдов: 32

Implementation of ARIN's Lame DNS Delegation Policy Edward Lewis Research Engineer ARIN edlewis@arin. net

Abstract The membership of ARIN has approved a policy to curb lame delegations The staff is implementing it and has already seen a reduction This presentation will outline the policy, results, and how ARIN is interacting with registrants and registries June 3, 2003 NANOG 28 2

Background MAR 2002 – Proposed on ARIN ppml (list) APR 2002 – Discussion at ARIN IX JUN 2002 – Measured extent of problem SUM 2002 – Discussion on email lists OCT 2002 – Discussion at ARIN X NOV 2002 – Policy adopted DEC 2002 – Implementation activity begins June 3, 2003 NANOG 28 3

Policy Summary June 3, 2003 NANOG 28 4

Policy Summary Four Phases June 3, 2003 NANOG 28 5

Policy Summary Four Phases • Test June 3, 2003 NANOG 28 6

Policy Summary Four Phases • Test Identify Lame Delegation June 3, 2003 NANOG 28 7

Policy Summary Four Phases • Test • Attempt Contact Identify Lame Delegation June 3, 2003 NANOG 28 8

Policy Summary Four Phases • Test • Attempt Contact Identify Lame Delegation E-mail the network POC June 3, 2003 NANOG 28 9

Policy Summary Four Phases • Test • Attempt Contact Identify Lame Delegation E-mail the network POC If No Contact Proceed to Next Step June 3, 2003 NANOG 28 10

Policy Summary Four Phases • Test • Attempt Contact Identify Lame Delegation E-mail the network POC E-mail the ASN POC June 3, 2003 NANOG 28 11

Policy Summary Four Phases • Test • Attempt Contact Identify Lame Delegation E-mail the network POC E-mail the ASN POC If No Contact Proceed to Next Step June 3, 2003 NANOG 28 12

Policy Summary Four Phases • Test • Attempt Contact Identify Lame Delegation E-mail the network POC E-mail the ASN POC Telephone the network or ASN POC June 3, 2003 NANOG 28 13

Policy Summary Four Phases • Test • Attempt Contact Identify Lame Delegation E-mail the network POC E-mail the ASN POC Telephone the network or ASN POC If No Contact Proceed to Next Step June 3, 2003 NANOG 28 14

Policy Summary Four Phases • Test • Attempt Contact Identify Lame Delegation E-mail the network POC E-mail the ASN POC Telephone the network or ASN POC Postal Mail the network or ASN POC June 3, 2003 NANOG 28 15

Policy Summary Identify Lame Delegation E-mail the network POC Four Phases • Test • Attempt Contact • Evaluate E-mail the ASN POC Telephone the network or ASN POC Postal Mail the network or ASN POC June 3, 2003 NANOG 28 17

Policy Summary Four Phases • Test • Attempt Contact • Evaluate Identify Lame Delegation E-mail the network POC E-mail the ASN POC Telephone the network or ASN POC Postal Mail the network or ASN POC Wait 30 Days June 3, 2003 NANOG 28 18

Policy Summary Four Phases • Test • Attempt Contact • Evaluate • Remove Delegation Identify Lame Delegation E-mail the network POC E-mail the ASN POC Telephone the network or ASN POC Postal Mail the network or ASN POC Wait 30 Days Delegation Declared Lame June 3, 2003 NANOG 28 20

Policy Summary Identify Lame Delegation E-mail the network POC Four Phases • Test • Attempt Contact • Evaluate • Remove Delegation E-mail the ASN POC Telephone the network or ASN POC • • Remove NS Delegations Postal Mail the network or ASN POC Update WHOIS Record Wait 30 Days • Delegation Determined to be Lame Delegation Declared Lame • Evaluation Date of the Lame Delegation • Contact has been Attempted Unsuccessfully Update Record • Date Record Updated June 3, 2003 NANOG 28 21

Lame Delegation Test Query for SOA record of zone ØTry all IP addresses for each server of zone In response, flag as lame if: ØNo Authoritative Answer (AA) bit set ØAA bit set, but an empty answer section ØAA bit set, but answer is not an SOA record June 3, 2003 NANOG 28 22

What is Not Flagged Not flagged as lame in this round of testing: ØNo IP address for name server ØNo answer from server This will be flagged in the future June 3, 2003 NANOG 28 23

Timeline Notify Network POC st 1 Fe 4 -6 Te 15 st b e e tic No 2 Te 13 Ma nd st r Ma r Te 12 Ma y June 3, 2003 e tic o N -20 t es T 27 M 18 Notify Autonomous System POC st c oti Ma ar r t N s Te 15 30 Ma y Ma NANOG 28 y 24

Zone Results 13 Feb Zones Flagged for Checked Lameness 198, 213 55, 281 27 Mar 35, 944 12 May 55, 281 28, 735 30 May June 3, 2003 55, 281 34, 625 NANOG 28 25

Server Results 13 Feb findings, percentage of servers Ø 77% not flagged as lame Ø(good OR no address/answer) Ø 19% Authoritative Answer bit set to 0 Ø 4% with empty answer section Ø<1% with a non-SOA answer (CNAME) June 3, 2003 NANOG 28 26

Notification Results Telephone Email 1 st Notice 125 119 2 nd Notice 91 141 3 rd Notice - approx. 150 calls in first few days June 3, 2003 NANOG 28 27

Help Desk Actions Determine the problem/exact question Ø Use “Lame” tool, BIND’s dig tool Ø Review results with registrant Explain expected results Walk through steps to correct ARIN DB entry Refer registrant for further assistance: Ø Their local support Ø Vendor of their name server Ø BIND documentation (if using a BIND server) June 3, 2003 NANOG 28 28

Observations People are interested ØWant to correct problem ØWant to know what this is about ØBased on feedback from community: http: //www. arin. net/registration/lame_delegations/index. html This will be a deliberate process June 3, 2003 NANOG 28 29

Next Steps Continue notification as per policy Update database information Continue testing for lameness Identify engineering issues with testing Identify implementation issues Share experiences with other registries June 3, 2003 NANOG 28 30

Email Addresses Discussions of lame delegations are happening in other regions too ØAPNIC SIG on DNS issues Ø ØRIPE DNS Working Group Ø ØTool-specific mailing lists ØMy address: edlewis@arin. net June 3, 2003 NANOG 28 31