Speaker
Paul Hoffman
(ICANN)
Description
Most tests of authoritative DNS servers are done on those serving the root and TLDs. Yet there are millions of name servers listed for the level under the TLDs, and the reliability and capabilities those name servers are also important for end users.
In order to test properties of these authoritative servers, we collect all of the name servers from the gTLD zones and ccTLDs that make their zones available. We then tested on good name per server to determine whether or not the server supported EDNS0 and, if so, what UDP payload size it reported back. We also separately tested whether or not the authoritative server supports the long-standing NSID extension (RFC 5001) and the very recent edns-client-subnet extension (RFC 7871).
It would be useful to be able to fingerprint authoritative servers if possible. We preform some preliminary tests that might assist in such categorization by looking at how the authoritative server reacts to valid but illogical queries to them (such as queries with RD=1 on names for which they are not responsible).
Based on feedback we received at DNS-OARC 24, we also report on how many name servers have multiple names for a single IP address, including histograms of distributions of domains. We also show how name servers might be locally related to each other by proximity in the address space. Because the testing will be ongoing, we seek ideas for new tests that would be useful to the DNS operations community.
| Talk duration | 30 Minutes |
|---|
Primary author
Paul Hoffman
(ICANN)
