DNS
Click on the red underlined text to get to the source
... gateways before it reaches the final recipient, when
you post an article to Usenet and want it propagated all over the
world. While these may be the most visible uses of DNS, a lot more
applications rely on this system to operate, e.g., network security,
...
...
DNS owes much of its success to its distributed administration. Each
component (called a zone, the same as a domain in most cases), is
...
... of them don't even know how to do these things properly, letting
problems last and propagate. Also, many problems occur due to bad
implementations of both DNS clients and servers, especially very old
ones, either by not following the standards or by being error prone,
...
...
All these anomalies make DNS less efficient than it could be, causing
trouble to network operations, thus affecting the overall Internet ...
... network operations, thus affecting the overall Internet.
This document tries to show how important it is to have DNS properly
managed, including what is already in place to help administrators
...
... DNS debugging ...
...
To help finding problems in DNS configurations and/or implementations
there is a set of tools developed specifically for this purpose.
...
... availability, and is hoped to serve as an introduction to the subject
of DNS debugging, as well as a guide to those who are looking for
something to help them finding out how healthy their domains and
...
...
Some prior knowledge from the reader is assumed, both on DNS basics
and some other tools (e.g., dig and nslookup), which are not analyzed
...
...
Host is a program used to retrieve DNS information from name servers.
This information may be used simply to get simple things like
address ...
...
As a debugger, host analyzes some set of the DNS space (e.g., an
entire zone) and produces reports with the results of its operation.
To do this, host ...
... Error messages have to do with serious anomalies, either with the
packets exchanged with the queried servers (size errors, invalid
ancounts, nscounts and the like), or others related to the DNS
information itself (also called "status messages" in the program's
...
... once, but if you forget something or for any reason have to run it
again, this means extra zone transfers, extra load on name servers,
extra DNS traffic.
...
... simple command. Apart from that, its resolver simulation and debug
capabilities make it useful to find many common and some not so
common DNS configuration errors, as well as generate useful reports
and statistics about the DNS tree. As an example, RIPE (Reseaux IP ...
... common DNS configuration errors, as well as generate useful reports
and statistics about the DNS tree. As an example, RIPE (Reseaux IP
Europeens) NCC ...
...
Dnswalk is a DNS debugger written in Perl by David Barr, from
Pennsylvania State University. You'll find the latest version ...
... The program checks domain configurations stored locally, with data
arranged hierarchically in directories, resembling the DNS tree
organization of domains. To set up this information dnswalk may
...
...
A lame delegation is a serious error in DNS configurations, yet a
(too) common one. It happens when a name server is listed in the NS ...
...
To detect and warn DNS administrators all over the world about this
kind of problem, Bryan Beecher from University of Michigan wrote
...
...
Authority information is one of the most significant parts of the DNS
data, as the whole mechanism depends on it to correctly traverse the
domain tree ...
... you may end up being unable to reach anything inside that domain.
This may be exaggerated, but if you're on the DNS business long
enough you've probably have seen some enlightened examples of this
scenario.
...
... DDT (Domain Debug Tools) is a package of programs to scan DNS
information for error detection, developed originally by Jorge Frazao
from PUUG - Portuguese UNIX ...
... kinds of resource records. As a whole, they do a rather extensive
checking on DNS configurations.
...
...
These tools work on cached DNS data, i.e., data stored locally after
performing zone transfers (presently done by a slightly modified
version ...
... domain. Second, it may be argued that when the actual tests are
done the information used may be out of date. While this is true,
you should note that this is the DNS nature, if you obtain some piece
of information you can't be sure that one second later it is still
valid ...
... getting researchers close attention for quite some time, mainly
because most of it is unnecessary. Observations have shown that DNS
consumes something like twenty times more bandwidth than it should
...
... on distributed systems [7]. DNS is one such system and it was chosen
as the platform for testing the validity of these techniques over the
...
... All the tools described above are the result of systematic work on
the issue of DNS debugging, some of them included in research
projects. For the sake of completeness several other programs are
mentioned here. These, though just as serious, seem to have been
...
... distribution (where some of the above programs can also be found).
There you will find tools for creating your DNS configuration files
and NIS maps from /etc/hosts ...
... Why look after DNS? ...
... people's expectations from these tools vary according to their kind
of involvement with DNS. If you are responsible for a big domain,
e.g., a top-level ...
... think of all the applications that depend on it, not just to get
addresses out of names. Many systems rely on DNS to store, retrieve
and spread the information they need: Internet electronic mail ...
... 10] for details) and work is in progress to
integrate X.400 operations with DNS [11]; others include "remote
printing" services ...
... 14, 15]. Even if some of them won't succeed, one may well
expect some more load on the DNS burden.
...
...
The ubiquitous DNS thus deserves a great deal of attention, perhaps
much more than it generally has. One may say that it is a victim of
its own success: if a user triggers an excessive amount of queries ...
... he won't notice it), won't complain to his system administrator, and
things will just go on like this. Of course, DNS was designed to
resist and provide its services despite all these anomalies. But by
...
... doing so it is frequently forgotten, as long as people can Telnet or
ftp. As DNS will be given new responsibilities, as pointed in the
above paragraph, the problems described in this text will grow more
serious and new ones may appear (notably security ...
... lot of work being presently in progress addressing security in DNS),
if nothing is done to purge them.
...
... Frazao, J. and J. L. Martins, "Ddt - Domain Debug Tools, A Package to Debug the DNS Tree", Dept. Informatica Faculdade Ciencias Univ. Lisboa, DI-FCUL-1992-04, January 1992. ...
... Danzig, P., "Probabilistic Error Checkers: Fixing DNS", Univ. Southern California, Technical Report, February 1992. ...
... Kumar, A., J. Postel, C. Neuman, P. Danzig and S. Miller, "Common DNS Implementation Errors and Suggested Fixes", RFC 1536, USC/Information Sciences Institute, October 1993. ...
... Albitz, P. and C. Liu, "DNS and BIND", O'Reilly and Associates Inc., October 1992. ...
... Beertema, P., "Common DNS Data File Configuration Errors", RFC 1537(-> 1912), CWI, October 1993. ...
... Allocchio, C., A. Bonito, B. Cole, S. Giordano and R. Hagens, "Using the Internet DNS to Distribute RFC1327 Mail Address Mapping Tables", RFC 1664(-> 2163prop), GARR, Cisco Systems ...
... Everhart, C., L. Mamakos, R. Ullmann and P. Mockapetris (Ed.), "New DNS RR Definitions", RFC 1183exp, Transarc, Univ. Maryland, Prime Computer, Information Sciences Institute, October 1990. ...
... Gavron, E., "A Security Problem and Proposed Correction With Widely Deployed DNS Software", RFC 1535, ACES Research Inc., October 1993 ...