1 / 12

Autonomic DNS

This experiment setup features Dell workstations running Redhat Linux connected to a DNS network for fault identification and symptom analysis. The architecture includes multiple master and slave DNS servers to test various issues and scenarios.

malik-rojas
Télécharger la présentation

Autonomic DNS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Autonomic DNS Experiment Architecture, Symptom and Fault Identification

  2. Experiment Architecture • Physical system setup • Three Dell workstations running Redhat Linux 9.0, configured on an isolated network via IP Tables. • The network resides on the Computer Science Research network • Logical Domain Name System • Two Root servers controlling two top level domains: • .example • .test • Six sub-domains • red.test, yellow.test, green.test • white.example, orange.example, black.example

  3. Experiment Architecture • All instances of the DNS will consist of Bind 9.2.3 • Each domain will consist of one master DNS. • Each domain will have 0 to 5 slave DNS. • Master (red) – ns.red.test • Slave (red) – ns.yellow.test, ns.green.test, ns.white.example, ns.orange.example, ns.black.example • Master (yellow) – ns.yellow.test • Slave (yellow) – ns.green.test, ns.white.example, ns.orange.example, ns.black.example From the examples above, each zone will have n-1 slave name servers assigned to it. The last name server will be without a slave.

  4. Experiment Architecture • Having a varied number of slave name servers associated with the master name servers will allow us to test issues ranging from server performance on various levels to multiple user issues. • The experiments conducted will consist of the symptoms identified on the following slides

  5. DNS Symptoms • Loss of Network Connectivity • Response from unexpected source • Recursion Bugs • Client unsure on handling of NS record in authority section • No answer to query • Client calls on server too many times • Name server is infected with bogus cache data

  6. DNS Symptoms • A server refers to itself in the authority section • Cache leaks • Remote names can’t be looked up • Name error bugs • Lookups take a long time • Wrong or Inconsistent Answer • Slave name server data does not change when master server zone data changes • Is invalid proceeding anyway

  7. DNS Symptoms • Slave server can’t load zone data • Internet services refused • Host fails authentication checks • Inconsistant or missing bad data • Lame server reported • Name server fails to load • Name server reports “Too many open files”

  8. DNS Faults • Forgot to increment serial number • Forgot to reload primary master server after changes are made • Corrupt server cache • Ignored referral • To many referrals • Malicious server • Zero answer • Added name to db file, but forgot to add PTR record

  9. DNS Faults • Name server cache set too small • Server does not do negative caching • Syntax error in zone data file on master • Incorrect IP address for master on slave zone data file • Syntax error in configuration file or zone data file • Missing dot at end of a domain name in zone data file

  10. DNS Faults • Missing root.hints/db.cache data file • Missing subdomain delegation • TTL exceeded • Syntax error in resolv.conf • Incorrect labels in DNS name • Incorrect SOA format • Incorrect Glue records • Retry interval is set too low in SOA

  11. DNS Faults • Incorrect address in query list – allow-query { address_match_list; }; • Incorrect configuration named.conf listen-on { ip_address; }; • PTR record points to CNAME • Expire time exceeded • Loss of network connectivity

  12. Symptom/Fault Matrix

More Related