1 / 10

LAME – Next Steps

LAME – Next Steps. Mark Kosters, CTO. Lame Delegation Process. Delegations tested daily until test good or removed  If still lame after 30 consecutive days of testing, POCs notified   If still lame 30 days after initial notification, POCs notified again 

kishi
Télécharger la présentation

LAME – Next Steps

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. LAME – Next Steps Mark Kosters, CTO

  2. Lame Delegation Process • Delegations tested daily until test good or removed  • If still lame after 30 consecutive days of testing, POCs notified   • If still lame 30 days after initial notification, POCs notified again  • If still lame 30 days after second notification, delegation analyzed manually; name servers stripped if delegation determined to be inoperative

  3. How is “Lame” defined? • No A record for name server • The name server is unresponsive to queries (times out) • Name server doesn’t think it’s authoritative for the reverse zone (the “aa” bit isn’t set) • No SOA record for reverse zone • When is a Name Server stripped? • No A record for name server • The name server is unresponsive to queries (times out) • The name server doesn’t know reverse zone exists (thus can’t have individual PTR records)

  4. Policy Experience Report Leslie provided the following text for the Policy Experience Report at the LA meeting (ARIN XXII)

  5. Problems Observed • No clear way of detecting a Lame Delegation • Potential legal liability • Operationally significant number of man hours spent on development, notification, and follow up

  6. Service Issues with Current Lame System • Turning off “working” delegations • Delegation in dns for a /16 when have a /19 • Incorrectly configured dns servers • Substantial customer support

  7. New Definition of LAME (1 of 3) • Three Tests: • Issue a SOA query for the delegation. If the server responds, the delegation is good. Note that the AA bit does not need to be set on the response.

  8. New Definition of LAME (2 of 3) • If test #1 fails, fill out the dotted quad for the delegation and issue a PTR query (eg dig @ns.example.com 0.0.168.192.in-addr.arpa PTR). If the AA bit is set, then the delegation is good.

  9. New Definition of LAME (3 of 3) • If test #2 fails, provide 3 random PTR queries for dotted quads that reside in that delegation. If any of the three tests provide something in the answer section, then the delegation is good. Note that the AA bit does not need to be set on the response.

  10. Next Steps • Consensus • Is the relaxed algorithm worthy? • If yes, place it in the work queue

More Related