Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Lame delegation in AFRINIC WHOIS database

JP froztbyte at froztbyte.net
Wed Oct 26 07:56:54 UTC 2016 

On 26 Oct 2016, at 9:24, Amreesh Phokeer wrote:

> Dear Community,
>
> AFRINIC carried out an experiment on the WHOIS database and checked 
> for lame delagations on our domain objects. Domain objects are used to 
> register reverse delegation from our members to whom resources have 
> been allocated or assigned.  A domain object consists of two main 
> parts: the reverse zone and a set of name servers.
>
> A name server is considered 'lame' if it is found to be either:
> 	- not responsive
> 	- not serving the intended zone
> 	- not authoritative
>
> At the time of the experiment, AFRINIC had 29894 'in-addr.arpa' domain 
> objects with 72341 NS records and 196 'ip6.arpa' domain objects with 
> 550 NS records.
> We studied each <domain, NS> tuple.
>
> In total, it was found that 45.5% of <domain, NS> records to be lame 
> for IPv4 zones and 32% for IPv6 zones. The cause of lameness is due to 
> unresponsive DNS servers (23.5%), name servers not serving the 
> intended zone (75.5%) and non-authoritative NS (1%) for both v4 and 
> v6.

That’s a pretty large percentage.

> Lame delegations can negatively impact Internet performance for 
> example through delayed DNS lookups or simply failed responses. It is 
> therefore important to provide a clean reverse delegation database to 
> improve the robustness of the DNS.
>
> Other RIRs have set stringent operational checks, that remind 
> operators to fix their lame name servers, failing which, reverse 
> delegations are simply removed. LACNIC has a lame delegation policy 
> [1].
>
> Questions to the community:
> 1. Should AFRINIC implement operational checks that are run 
> periodically and members are informed about the status of their domain 
> objects. After X reminders, if domain object still contain lame NS 
> records, domain object are removed.
>
> 2. Should the AFRINIC community enforce lame delegation removal 
> through a policy.

Both 1 and 2 seem like they’d be in the interests of getting more 
reliable whois and reverse DNS present in the region.

As a side consideration[0], it might be worth releasing some (further?) 
information as a guide for operators in the region, as it might be that 
some of them struggle to set this up (thus leading to this lack).

-J

[0] - I must admit that I haven’t gone through any of the AfriNIC 
operator training myself, so I’m not certain if this is already 
addressed

More information about the RPD mailing list