Most clients, servers and test tools in the Domain Name System (DNS) ecosystem today strive to get the DNS protocol implementation as correct as possible.
This is a particularly difficult effort for DNS test tools, such as Zonemaster, which require a specific infrastructure to ascertain their own correctness.
Testing such tools is traditionally done by having DNS servers serve specially crafted zones, containing malformed Resource Records (RR), invalid DNS Security Extension (DNSSEC) signatures or other invalid data.
However, the server itself also needs to be predictably faulty in order to elicit a particular response from the testing tool.
Hence there was a need for a DNS server that offers a choice between a correct implementation and a faulty implementation of some aspect of the protocol. We named it : « Intentionally Broken DNS (IBDNS) ».
Although this project is still in "work-in-progress", this presentation by its author from Afnic Labs will introduce the project and how it has already led to a bug involving a subtle edge case in a DNS test tool.
|Presentation delivery||In-person at the workshop venue|