[dns-operations] Delegation health was Re: Worst current practice example
Ed.Lewis at neustar.biz
Tue May 4 11:27:00 UTC 2010
At 21:00 +1000 5/4/10, Mark Andrews wrote:
>I don't think this one is notable other than it should be something
>that should be picked up in regular checks of delegations by parent
>zone administrators and corrected after consultation with the child
>zones administrators. If they are unreachable or fail to correct
>it within a reasonable period of time the delegation should be
>pulled. This is not a new requirement.
It may be a requirement in the RFC but it is not practical in operations.
What makes this impractical?
1. What is "Unreachable?" - just because X can't reach Y doesn't mean
Z can't reach Y. (This is the Bill Manning reply.)
2. Fail to connect - failure on which end?
3. Registries already tread lightly on pulling down delegations
involved in illegal activity (with illegal being a local
determination), treading into unreliable technical checks is not
4. And then there is volume. If you demand that the test happen on a
daily basis and the TLD has 10 million delegations (there are a
handful with that now), that's 115 checks per second using a 24 hour
clock. If 99% are good, that means every second you are launching
yet another in depth check into a potentially bad delegation, 60
times a minute, 3600 times an hour.
(To pump this a bit, COM I would guess would have a significant
problem with this. The current floated population is 80 million. At
1% bad, that would be 8 per second. With all of the work the COM
engineers do now, do you think they could add on such a workload?
Granted, the 1% guess is just a number plucked from air. They way
COM is monitored, I bet they have some idea of the real number.)
...All this to figure out why people can't get to a delegation that
seems to otherwise be a delegation no one needs to see. (The old "if
a tree falls in a forest and no one hears it, did it make a sound"
question.) It's not like a browser user complained that they
couldn't get to a site.
NeuStar You can leave a voice message at +1-571-434-5468
Wouldn't it be nice if all of the definitions of equivalence were the same?
More information about the dns-operations