1. DNS/lame_delegation/RIPE80
について、ここに記述してください。
Contents
https://ripe80.ripe.net/presentations/2-RIPE80-Sommese.pdf
WHEN PARENTS AND CHILDREN DISAGREE: DIVING INTO DNS DELEGATION INCONSISTENCY Raffaele Sommese ほか University of Twente
CHECK YOUR RESOLVER http://superdns.nl/
RFC 7477 CHILD-TO-PARENT SYNCHRONIZATION IN DNS
The Domain Name System (DNS) is one of the most critical components of the Internet DNS is a distributed, hierarchical database DNS maps hosts, services and applications to IP addresses and various other types of records.
A key mechanism that enables the DNS to be hierarchical and distributed is delegation The DNS hierarchy is organized in parent and child zones typically managed by different entities Different zones need to share common information (NS records) about which are the authoritative name servers for a given domain.
WHICH KIND OF INCONSISTENCY WE FOUND? Parent and children have a disjoint NS Set 01 Parent NSSet is a subset of children NS Set 02 Parent NSSet is a superset of children NS Set 03 Parent and children NSSet have some common elements and some different elements. 04 PARENT AND CHILDREN HAVE A DISJOINT NSSET In 55% of domains with delegation inconsistency, parents and children has a disjoint NSSet. Half of these domains are consistent at IP level Half are NOT! 16 TLDs present this inconsistency in the root zone, but all are consistent at IP level. b0.org.afilias-nst.org (.org Auth NS) -Parent example.org.86400INNSa.iana-serv ers.net. example.org.86400INNSb.iana-serv ers.net. a.iana-serv ers.net. (example.org Auth NS) -Child example.org.86400 IN NS c.iana-serv ers.net. example.org.86400 IN NS d.iana-serv ers.ne