Amreesh, Amreesh Phokeer: > On Wed, May 2, 2018 at 11:47 PM, Edward Lewis <edward.le...@icann.org> > wrote: >> >> >> If I can't find the text soon, I'll try to recreate the list of references >> at least. >> > > We are in process of implementing a "Lame delegations" policy at AFRINIC > <http://tiny.cc/afrinic-lame> > > We consider "lame" any NS which is either: > - Not responding at all. > - Responding in some way, but not for the specific domain queried. > - Responding for the correct domain, but without the authority bit set. > > We used the definition in RFC1713: > > A lame delegation is a serious error in DNS configurations, yet a > (too) common one. It happens when a name server is listed in the NS > records for some domain and in fact it is not a server for that > domain. Queries are thus sent to the wrong servers, who don't know > nothing (at least not as expected) about the queried domain. > Furthermore, sometimes these hosts (if they exist!) don't even run > name servers. As a result, queries are timed out and resent, only to > fail, thus creating (more) unnecessary traffic.
A reference! Nice. Pending Ed's archival research, it seems like we need to actually do some work to structure the concepts around lameness. Digging in... Within a given NS RRset for a zone, we have a few failure modes: A. One or more NS do not resolve B. NS RR points to a CNAME (technically disallowed, right?) C. NS RR does not point to any A or AAAA that resolve D. An A or AAAA RR is for one or more addresses that are not authoritative Case C might not strictly be lame, if for example it points to a .ONION address or similar. Case D might be usefully split into addresses that reply and those that timeout. I think that all of these fit into the definition of "lame delegation" in RFC 1713. I don't know if it makes sense to have any more definitions for anything in this list beyond that. Probably not. I think that there may be something useful in creating a term when a delegation only points to lame servers, thus cannot be resolved at all. Perhaps "broken delegation"? 😉 There are also a few related issues coming from mismatches at parent & child. 1. "Lame hint" might describe an NS that is above the zone cut, and points to one or more lame servers 2. "Authoritatively lame" might describe an NS that is below the zone cut 3. "Totally lame, man" might describe a lame NS that is in both We can also have: 4. "Confusingly lame" which might describe when there is a mismatch between NS answers of authoritative servers, some of which point to lame servers 😆 I hesitate to suggest it, but is there value in a draft around lameness? Cheers, -- Shane _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
