IETF Logo Mail Archive

Re: [DNSOP] Asking TLD's to perform checks.

Mark Andrews <marka@isc.org> Wed, 11 November 2015 08:23 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B48711A1A73 for <dnsop@ietfa.amsl.com>; Wed, 11 Nov 2015 00:23:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.911
X-Spam-Level:
X-Spam-Status: No, score=-3.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_22=0.6, J_CHICKENPOX_32=0.6, J_CHICKENPOX_42=0.6, J_CHICKENPOX_72=0.6, J_CHICKENPOX_92=0.6, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qPCLZnAAzHYg for <dnsop@ietfa.amsl.com>; Wed, 11 Nov 2015 00:23:19 -0800 (PST)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [199.6.1.65]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A4031A1A33 for <dnsop@ietf.org>; Wed, 11 Nov 2015 00:23:12 -0800 (PST)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx.ams1.isc.org (Postfix) with ESMTPS id 4F7601FCAB2; Wed, 11 Nov 2015 08:23:08 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 82DD6160067; Wed, 11 Nov 2015 08:23:33 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 6DC6516007D; Wed, 11 Nov 2015 08:23:33 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id CNGJyGE4qHjI; Wed, 11 Nov 2015 08:23:33 +0000 (UTC)
Received: from rock.dv.isc.org (c122-106-161-187.carlnfd1.nsw.optusnet.com.au [122.106.161.187]) by zmx1.isc.org (Postfix) with ESMTPSA id E8902160067; Wed, 11 Nov 2015 08:23:32 +0000 (UTC)
Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 375753C8532A; Wed, 11 Nov 2015 19:23:04 +1100 (EST)
To: el@lisse.NA
From: Mark Andrews <marka@isc.org>
References: <20151105235402.39FFC3BF2F29@rock.dv.isc.org> <20151110152511.6f1a1c20@pallas.home.time-travellers.org> <20151110204330.C47C63C7D699@rock.dv.isc.org> <7B4B7DEA-C705-437E-8BC1-64D96D55014E@vpnc.org> <0F2DD78A-69C4-49DA-936F-C32D0FC97CC2@rfc1035.com> <5373DDAB-1ED2-489B-AB62-BA7CF6D3DB48@frobbit.se> <20151111064744.GW18315@mournblade.imrryr.org> <314D2303-5654-4BA3-A190-F658DAF60E31@frobbit.se> <5642EA31.5060801@lisse.NA>
In-reply-to: Your message of "Wed, 11 Nov 2015 09:11:45 +0200." <5642EA31.5060801@lisse.NA>
Date: Wed, 11 Nov 2015 19:23:04 +1100
Message-Id: <20151111082304.375753C8532A@rock.dv.isc.org>
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/UrAGi51jfIME15QVB73pA2PNbp0>
Cc: dnsop@ietf.org, garth.miller@cocca.org.nz, ccnso-techwg@icann.org
Subject: Re: [DNSOP] Asking TLD's to perform checks.
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Nov 2015 08:23:21 -0000

In message <5642EA31.5060801@lisse.NA>, Dr Eberhard W Lisse writes:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> For smaller (cc)TLDs it's not only the enforceability that's
> difficult (or as mentioned counterproductive) it's also the real
> world (Open Source Tools)
> 
> If someone writes me a zonemaster based tool that can read a list of
> all domain names in the CoCCAtools PostgreSQL (or even a generic
> SQL) database and produce a skeleton of a report (per Registrar)
> I'll run it for .NA (and I am sure others using CoCCATools might
> too).

Well we have tools that can test every server in a zone.

They can start with a list of domains, domains and servers, or
domains, servers and addresses.  Adding in the registrar so the
output can be sorted by registrar is trivial.  Just another field
to process.

They produce lines like this for each <domain,server,address> tuple.

clinicaltrial.gov. @2607:f220:41e:252::53 (gslb03.nlm.nih.gov.) dns=ok edns=ok edns1=timeout edns@512=noopt ednsopt=ok edns1opt=timeout do=ok ednsflags=ok optlist=ok

Well we have tools that then turn the output into reports like:

* https://ednscomp.isc.org/compliance/gov-full-report.html
* https://ednscomp.isc.org/compliance/summary.html

All in all it is no more than a few shell and awk scripts.

Mark

> I do a lot of LaTeX so I can generate reasonably looking PDF
> reports.
> 
> We have allocated (staff) resources to a whois cleanup anyway and so
> this could be incorporated reducing manual labor.
> 
> And we have decided to devote some time at the next TechDay at ICANN
> Marrakesh to (algorithmic) data cleanup/verification including
> badness checks eg via Secure Domain Foundation and others(.
> 
> So whatever comes out of that could, eventually, also go in.
> 
> el
> 
> 
> On 2015-11-11 08:53, Patrik F=E4ltstr=F6m wrote:
> > On 11 Nov 2015, at 7:47, Viktor Dukhovni wrote:
> > =
> 
> >> It may not be possible for everyone to agree on a comprehensive =
> 
> >> set of 'wrongs' with no omissions, but it should be possible to =
> 
> >> get consensus on a core set of 'wrongs' that are not =
> 
> >> controversial.
> > =
> 
> > Yes and no.  I think going for a minimum will be a good goal, but =
> 
> > for example to have lame delegations must by definition be allowed,
> > as some registration policies do require delegation (i.e. NS
> > records).  So people add NS records in parent zone, but nothing =
> 
> > responds there.  Until policy allows registration without =
> 
> > delegation, you will see lame delegations.
> > =
> 
> > Patrik
> 
> - -- =
> 
> Dr. Eberhard W. Lisse  \        / Obstetrician & Gynaecologist (Saar)
> el@lisse.NA            / *     |   Telephone: +264 81 124 6733 (cell)
> PO Box 8421             \     /
> Bachbrecht, Namibia     ;____/
> -----BEGIN PGP SIGNATURE-----
> Comment: GPGTools - http://gpgtools.org
> 
> iQIVAwUBVkLqMZcFHaN5RT+rAQIzlw//SkiY/urbpw/KT0CmqBUKcrmY8R0rChut
> 05SaKNCjdvxgbu2I2ZP7e59xBKgyBJfWY+Dc2VKtl9q9aqygUXLKHPyV0kL5LTzJ
> TwZWE8y8ePJcneHbU0SyeU8TEMMDDcpX8VR4NoLbCmkZ+gKrAvtB4vrh4CQTLKAd
> gUiUmeuw8q8uZVW2pOWoCx4vcc+hcrXLAUC0OVoP7uud22h4fBcl4sRmgLlD79E9
> q7TvM3eXmPIBydW6YvzEc6mx+Jd449ASCBCDXjKqzPE2vGvu8fWui7qFYwrpKMIU
> OZDMGKCT6oM1g88BOctB2e+8hP0GVSCjYg6HGUTiKWiFsXjP5986AlkpWmX+mV2F
> rgN9B6dqxK5omMEQf/inQBAA8Irzrm8HrPy2+Uru7QYq9v7M0xBb05k+vljM5Qhr
> CbGZGbd67CqYROoqC8UvmSXRz8W5IbcHlG3rujB2g18q/LQGIosgXPKE56OWCZIz
> LanWM+n85pUocmUnQEnqG61nPx/+AadxY5Hp/BoWY7VvRzoI3ohsZPcMRp/uObzf
> f81D9RvhWARcmB3qyoT/RAhkx2dFIoz7iWUbgGlnPyyHthP8SL8W0YFKzSfcJAmO
> XAEAk/1At4t8jD4ZJpVEWruVsbL+7h9+E9ZS8xBnaT37XtjXkmV2eCx9PIRdR8rM
> Ih1jXfMw8KM=3D
> =3DKyjz
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

v2.29.0 | Report a Bug | By Email | System Status