domain
Click on the red underlined text to get to the source
... any of those machines just by naming it. This facility is possible
thanks to the world widest distributed database, the Domain Name
System, used to provide distributed applications various services,
the most notable one being translating names into IP addresses ...
... DNS owes much of its success to its distributed administration. Each
component (called a zone, the same as a domain in most cases), is
seen as an independent entity, being responsible for what happens
...
... seen as an independent entity, being responsible for what happens
inside its domain of authority, how and what information changes and
for letting the tree ...
... nature: many administrators make mistakes in the way they configure
their domains and when they delegate authority to sub-domains; many
...
... their domains and when they delegate authority to sub-domains; many
of them don't even know how to do these things properly, letting
problems last and propagate. Also, many problems occur due to bad
...
... managed, including what is already in place to help administrators
taking better care of their domains.
...
... there is a set of tools developed specifically for this purpose.
There is probably a lot of people in charge of domain administration
having no idea of these tools (and, worse, not aware of the anomalies
...
... of DNS debugging, as well as a guide to those who are looking for
something to help them finding out how healthy their domains and
servers are.
...
... status messages" in the program's
documentation): inconsistencies between SOA records as shown by
different servers for a domain, unexpected address-to-name mappings,
name servers not responding, not reachable, not running or not
...
...
The program checks domain configurations stored locally, with data
arranged hierarchically in directories, resembling the DNS tree
...
... arranged hierarchically in directories, resembling the DNS tree
organization of domains. To set up this information dnswalk may
first perform zone transfers from authoritative name servers. You can
have a recursive transfer of a domain ...
... domains. To set up this information dnswalk may
first perform zone transfers from authoritative name servers. You can
have a recursive transfer of a domain and its sub-domains, though you
should be careful when doing this, as it may generate a great amount
...
... first perform zone transfers from authoritative name servers. You can
have a recursive transfer of a domain and its sub-domains, though you
should be careful when doing this, as it may generate a great amount
of traffic ...
... authority information, namely lame delegations and
domains with only one name server. It is easy to use, you only have
to specify the domain ...
... domains with only one name server. It is easy to use, you only have
to specify the domain to analyze and some optional parameters and the
program does the rest. Only one domain ...
... domain to analyze and some optional parameters and the
program does the rest. Only one domain (and its sub-domains, if
that's the case) can be checked at a time, though.
...
... optional parameters and the
program does the rest. Only one domain (and its sub-domains, if
that's the case) can be checked at a time, though.
...
... data as authority information from the servers of the analyzed
domains, names from IP addresses so as to verify the existence of PTR
records, aliases ...
... name server is listed in the NS
records for some domain and in fact it is not a server for that
domain. Queries ...
... records for some domain and in fact it is not a server for that
domain. Queries are thus sent to the wrong servers, who don't know
nothing (at least not as expected) about the queried domain ...
... domain. Queries are thus sent to the wrong servers, who don't know
nothing (at least not as expected) about the queried domain.
Furthermore, sometimes these hosts (if they exist!) don't even run
...
... when an administrator changes the NS list for his domain, dropping
one or more servers from that list, without informing his parent
domain ...
... domain, dropping
one or more servers from that list, without informing his parent
domain administration, who delegated him authority over the domain.
...
... domain administration, who delegated him authority over the domain.
From now on the parent name server announces one or more servers for
...
... From now on the parent name server announces one or more servers for
the domain, which will receive queries for something they don't know
about. (On the other hand, servers may be added to the list without
...
... delegations
found. This reporting is done by sending mail to the hostmasters of
the affected domains, as stated in the SOA record for each of them.
If this is not possible, the message is sent to the affected name
servers' postmasters instead. Manual processing is needed in case of
...
...
If you ever receive such a report, you should study it carefully in
order to find and correct problems in your domain, or see if your
servers are being affected by the spreading of erroneous information.
Better yet, lamers could be run on your servers to detect more lame
...
... delegations (U-M can't see them all!). Also, if you receive mail
reporting a lame delegation affecting your domain or some of your
hosts, please don't just ignore it or flame the senders ...
... Authority information is one of the most significant parts of the DNS
data, as the whole mechanism depends on it to correctly traverse the
domain tree. Incorrect authority information leads to problems such
...
... as lame delegations or even, in extreme cases, the inaccessibility of
a domain. Take the case where the information given about all its
name servers is incorrect: being unable to contact the real servers
you may end up being unable to reach anything inside that domain ...
... domain. Take the case where the information given about all its
name servers is incorrect: being unable to contact the real servers
you may end up being unable to reach anything inside that domain.
This may be exaggerated, but if you're on the DNS business long
...
... To look for this kind of problems Paul Mockapetris and Steve Hotz,
from the Information Sciences Institute, wrote a C-shell script
called DOC (Domain Obscenity Control), an automated domain testing
tool ...
... from the Information Sciences Institute, wrote a C-shell script
called DOC (Domain Obscenity Control), an automated domain testing
tool that uses dig to query ...
... anticipated that people would complain about such things as invasion
of privacy. Also, at the time it was written most domains were so
messy that they thought there wouldn't be much point in checking
anything deeper until the basic problems weren't fixed.
...
...
Only one domain is analyzed each time: the program checks if all the
servers for the parent domain agree about the delegation ...
... Only one domain is analyzed each time: the program checks if all the
servers for the parent domain agree about the delegation information
for the domain ...
... domain agree about the delegation information
for the domain. DOC then picks a list of name servers for the domain
(obtained from one of the parent's servers) and starts ...
... delegation information
for the domain. DOC then picks a list of name servers for the domain
(obtained from one of the parent's servers) and starts checking on
...
... NS, compares the lists (both among
these servers and the parent's), and for those servers inside the
domain the program looks for PTR records for them.
...
... Due to several factors, DOC seems to have frozen since its first
public release, back in 1990. Within the distribution there is an
RFC draft about automated domain testing, which was never published.
Nevertheless, it may provide useful reading. The software can be
fetched from ftp://ftp.uu.net/networking/ip/dns/doc.2.0.tar.Z ...
... authority checker,
queries (via dig) each domain's purported name servers in order to
test the consistency of the authority ...
... consistency of the authority information they provide about
the domain. Second, it may be argued that when the actual tests are
done the information used may be out of date. While this is true,
you should note that this is the DNS ...
... valid. Furthermore, if your source was not the primary for the
domain then you can't even be sure of the validity in the exact
moment you got it in the first place. But experience shows that if
...
... you see an error, it is likely to be there in the next version of the
domain information (and if it isn't, nothing was lost by having
detected it in the past). On the other side, of course there's
little point in checking one month old data...
...
... delegations, version
number mismatches between servers (this may be a transient problem),
non-existing servers, domains with only one server, unnecessary glue
information, MX records pointing to hosts not in the analyzed domain ...
... domains with only one server, unnecessary glue
information, MX records pointing to hosts not in the analyzed domain
(may not be an error, it's just to point possibly strange or
expensive mail-routing policies ...
...
Presently Checker has been running on a secondary for the US domain
for more than a year with little trouble. Authors feel confident it
should run on any BSD platform (at least SunOS) without problems, and
...
... doesn't mean they are not valuable contributions, in some cases they
may be just what you are looking for, without having to install a
complete package to do some testings on your domain.
...
... serious kind. See [9] for a description of the most common errors
made while configuring domains.
...
... tools vary according to their kind
of involvement with DNS. If you are responsible for a big domain,
e.g., a top-level one or a big institution with many hosts ...
... top-level one or a big institution with many hosts and sub-
domains, you probably want to see how well is the tree below your
node ...
... node organized, since the consequences of errors tend to propagate
upwards, thus affecting your own domain and servers. For that you
need some program that recursively descends the domain tree ...
... upwards, thus affecting your own domain and servers. For that you
need some program that recursively descends the domain tree and
analyzes each domain ...
... domain tree and
analyzes each domain per se and the interdependencies between them
all. You will have to consider how deep you want your analysis to
be, the effects it will have on the network infrastructure ...
...
You may simply want to perform some sanity checks on your own domain,
without any further concerns. Or you may want to participate in some
kind of global effort to monitor name server ...
... Lottor, M., "Internet Domain Survey, October 1994", http://www.nw.com/zone/WWW/report.html, October 1994. ...
... Frazao, J. and J. L. Martins, "Ddt - Domain Debug Tools, A Package to Debug the DNS Tree", Dept. Informatica Faculdade Ciencias Univ. Lisboa, DI ...
... Partridge, C., "Mail Routing and the Domain System", STD 14, RFC 974(-> 2821prop), CSNET CIC BBN Laboratories Inc., January 1986. ...
... Rosenbaum, R., "Using the Domain Name System to Store Arbitrary String Attributes", RFC 1464exp, Digital Equipment Corporation, May 1993. ...