[dns-operations] Delegation health was Re: Worst current practice example

Edward Lewis Ed.Lewis at neustar.biz
Tue May 4 15:23:23 UTC 2010 

At 23:08 +1000 5/4/10, Mark Andrews wrote:

>By unreachable I was actually refering to the administrators.

>Pulling down is the last resort.  Getting the delegation corrected
>is the desired result.  I suspect most registants would be more
>than happy to have someone catch and report their errors to them
>as they are not always easily visible unless you are a external
>party.

>That's just a cost of doing business.  Most of it can be automated
>or don't you require valid contact details?

Mark, seriously, it's a cost - and it would raise the "price" of a 
domain name considerably.

Automated?  Above you indicate "referring to the administrators." 
Are you suggesting an auto-dialer?  If I have to test 100 delegations 
per second, I'd have to dial awfully fast.

Getting something fixed is even more time consuming.  I once had the 
real experience of writing and running code that did lame delegation 
testing.  It's one thing to test, another to diagnose, and yet 
another to hand hold someone through a fix.

>As for the number of delegations that are problematic.  Removing
>then provides incentive for people to actually ensure that they are
>initially correct and remain correct.  The current situation is the
>direct result of failure to check and correct.
>
>I'd love to see weekly reports about the numbers of broken delegations
>per infrustucture zone.  Both raw and as a percentage.

When I was testing lameness, I observed a high number, but that was 
because the delegations ran in "runs."  (Meaning one registration had 
a number of delegations and it was pretty common that if one of the 
delegations was bad so were others in the registration.)  My 
observations were about 20-30%, others in the same situation reported 
as low as 5%, but I know their numbers grew over time.

>The problem is that people do hear the tree falling or stumble across it.
>
>Yes, "I can't lookup <foo>" is a pretty regular sort of message on
>bind-users.  Most of the time it ends up being a delegation problem.

What's wrong with having error recovery be event driven?
-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStar                    You can leave a voice message at +1-571-434-5468

Wouldn't it be nice if all of the definitions of equivalence were the same?

More information about the dns-operations mailing list