Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[rpd] Lame delegation in AFRINIC WHOIS database

Amreesh Phokeer amreesh at afrinic.net
Thu Oct 27 08:53:43 UTC 2016 

Hi Mark,

> On Oct 26, 2016, at 11:29 AM, Mark Elkins <mje at posix.co.za> wrote:
> 
> 
> 
> On 26/10/2016 09:24, Amreesh Phokeer wrote:
> 
>> Questions to the community:
>> 1. Should AFRINIC implement operational checks that are run periodically
>> and members are informed about the status of their domain objects. 
> 
> "After X reminders, if domain object still contain lame NS records, domain
> object are removed." is part of "2"
> 
> years ago, when I started to run the CO.ZA domain name system, Mike
> Lawrie, the previous administrator, strongly suggested to me that you
> should not put something into the zone until it works. i.e. Start off
> with something that works.

+1

> 
> This was built into the CO.ZA DNS system - your Nameservers has to work
> at the time of delegation. Lots of people did not like this - but it was
> policy. This has relaxed a bit over time.
> 
> When Nameservers are added to the AFRINIC "my.afrinic.net" web interface
> - one could run some checks there and then and provide user feedback.
> One could either refuse to accept the new/change operation immediately -
> or perhaps after a day (before people forget).

some of those checks can(should) be implemented on the MyAFRINIC/WHOIS
interface, it will help reduce fake entries.

75% of errors are due to non-responsive servers

	• Response status is REFUSED or SERVFAIL
	• No answer received from server i.e ANSWER: 0

What maybe happening is that at the moment of creation, the NS works well
but they are probably not maintained any further (possibly because they are
secondary servers).

A further analysis would be what percentage of domain objects have at least
one working NS.

> 
> A once-yearly check would perhaps be appropriate. If something is noted
> to be bad, check once a week/month and send warnings until its fixed (or
> perhaps automatically deleted).
> 
> Currently - I have no idea if any of my Nameservers are Lame. That would
> be the first problem to "fix”.

yes.

> 
> I think visual feedback should also be provided for DS records
> added/present in the system. Always do these tests when someone makes a
> change - and perhaps when ever someone logs into my.afrinic.

thanks for the suggestions

> 
>> 2. Should the AFRINIC community enforce lame delegation removal through
>> a policy.
> 
> Whether Policy or not - I'd support the eventual removal of nameservers
> found to be completely broken.
> 
> -- 
> Mark James ELKINS  -  Posix Systems - (South) Africa
> mje at posix.co.za       Tel: +27.128070590  Cell: +27.826010496
> For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1587 bytes
Desc: not available
URL: <https://lists.afrinic.net/pipermail/rpd/attachments/20161027/ba0c15f3/attachment.p7s>

More information about the RPD mailing list