1 / 32

Implementation of ARIN's Lame DNS Delegation Policy

Implementation of ARIN's Lame DNS Delegation Policy. Edward Lewis Research Engineer ARIN edlewis@arin.net. Abstract. The membership of ARIN has approved a policy to curb lame delegations The staff is implementing it and has already seen a reduction

falala
Download Presentation

Implementation of ARIN's Lame DNS Delegation Policy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Implementation of ARIN's Lame DNS Delegation Policy Edward Lewis Research Engineer ARIN edlewis@arin.net

  2. Abstract • The membership of ARIN has approved a policy to curb lame delegations • The staff is implementing it and has already seen a reduction • This presentation will outline the policy, results, and how ARIN is interacting with registrants and registries NANOG 28

  3. Background • MAR 2002 – Proposed on ARIN ppml (list) • APR 2002 – Discussion at ARIN IX • JUN 2002 – Measured extent of problem • SUM 2002 – Discussion on email lists • OCT 2002 – Discussion at ARIN X • NOV 2002 – Policy adopted • DEC 2002 – Implementation activity begins NANOG 28

  4. Policy Summary NANOG 28

  5. Policy Summary Four Phases NANOG 28

  6. Policy Summary • Four Phases • Test NANOG 28

  7. Policy Summary • Four Phases • Test Identify Lame Delegation NANOG 28

  8. Policy Summary • Four Phases • Test • Attempt Contact Identify Lame Delegation NANOG 28

  9. Policy Summary • Four Phases • Test • Attempt Contact Identify Lame Delegation E-mail the network POC NANOG 28

  10. Policy Summary • Four Phases • Test • Attempt Contact Identify Lame Delegation E-mail the network POC If No Contact Proceed to Next Step NANOG 28

  11. Policy Summary • Four Phases • Test • Attempt Contact Identify Lame Delegation E-mail the network POC E-mail the ASN POC NANOG 28

  12. Policy Summary • Four Phases • Test • Attempt Contact Identify Lame Delegation E-mail the network POC E-mail the ASN POC If No Contact Proceed to Next Step NANOG 28

  13. Policy Summary • Four Phases • Test • Attempt Contact Identify Lame Delegation E-mail the network POC E-mail the ASN POC Telephone the network or ASN POC NANOG 28

  14. Policy Summary • Four Phases • Test • Attempt Contact Identify Lame Delegation E-mail the network POC E-mail the ASN POC Telephone the network or ASN POC If No Contact Proceed to Next Step NANOG 28

  15. Policy Summary • Four Phases • Test • Attempt Contact Identify Lame Delegation E-mail the network POC E-mail the ASN POC Telephone the network or ASN POC Postal Mail the network or ASN POC NANOG 28

  16. Policy Summary • Four Phases • Test • Attempt Contact Identify Lame Delegation E-mail the network POC E-mail the ASN POC Telephone the network or ASN POC Postal Mail the network or ASN POC If No Contact Proceed to Next Step NANOG 28

  17. Policy Summary • Four Phases • Test • Attempt Contact • Evaluate Identify Lame Delegation E-mail the network POC E-mail the ASN POC Telephone the network or ASN POC Postal Mail the network or ASN POC NANOG 28

  18. Policy Summary • Four Phases • Test • Attempt Contact • Evaluate Identify Lame Delegation E-mail the network POC E-mail the ASN POC Telephone the network or ASN POC Postal Mail the network or ASN POC Wait 30 Days NANOG 28

  19. Policy Summary • Four Phases • Test • Attempt Contact • Evaluate Identify Lame Delegation E-mail the network POC E-mail the ASN POC Telephone the network or ASN POC Postal Mail the network or ASN POC Wait 30 Days Delegation Declared Lame NANOG 28

  20. Policy Summary • Four Phases • Test • Attempt Contact • Evaluate • Remove Delegation Identify Lame Delegation E-mail the network POC E-mail the ASN POC Telephone the network or ASN POC Postal Mail the network or ASN POC Wait 30 Days Delegation Declared Lame NANOG 28

  21. Policy Summary • Four Phases • Test • Attempt Contact • Evaluate • Remove Delegation Identify Lame Delegation E-mail the network POC E-mail the ASN POC Telephone the network or ASN POC Postal Mail the network or ASN POC • Remove NS Delegations • Update WHOIS Record • Delegation Determined to be Lame • Evaluation Date of the Lame Delegation • Contact has been Attempted Unsuccessfully • Date Record Updated Wait 30 Days Delegation Declared Lame Update Record NANOG 28

  22. Lame Delegation Test • Query for SOA record of zone • Try all IP addresses for each server of zone • In response, flag as lame if: • No Authoritative Answer (AA) bit set • AA bit set, but an empty answer section • AA bit set, but answer is not an SOA record NANOG 28

  23. What is Not Flagged • Not flagged as lame in this round of testing: • No IP address for name server • No answer from server • This will be flagged in the future NANOG 28

  24. 2nd Notice 1st Notice Test Test Test 15 Feb 13 Mar 27 Mar 4-6 Mar 18-20 Mar Notice Test Test 12 May 30 May 15 May Timeline • Notify Network POC • Notify Autonomous System POC NANOG 28

  25. Zone Results bounce! NANOG 28

  26. Server Results • 13 Feb findings, percentage of servers • 77% not flagged as lame • (good OR no address/answer) • 19% Authoritative Answer bit set to 0 • 4% with empty answer section • <1% with a non-SOA answer (CNAME) NANOG 28

  27. Notification Results • 3rd Notice - approx. 150 calls in first few days NANOG 28

  28. Help Desk Actions • Determine the problem/exact question • Use “Lame” tool, BIND’s dig tool • Review results with registrant • Explain expected results • Walk through steps to correct ARIN DB entry • Refer registrant for further assistance: • Their local support • Vendor of their name server • BIND documentation (if using a BIND server) NANOG 28

  29. Observations • People are interested • Want to correct problem • Want to know what this is about • Based on feedback from community: http://www.arin.net/registration/lame_delegations/index.html • This will be a deliberate process NANOG 28

  30. Next Steps • Continue notification as per policy • Update database information • Continue testing for lameness • Identify engineering issues with testing • Identify implementation issues • Share experiences with other registries NANOG 28

  31. Email Addresses • Discussions of lame delegations are happening in other regions too • APNIC SIG on DNS issues • <sig-dns.lists.apnic.net> • RIPE DNS Working Group • <dns-wg.ripe.net> • Tool-specific mailing lists • My address: edlewis@arin.net NANOG 28

  32. Thank You

More Related