Re: [DNSOP] [Ext] Lameness terminology (was: Status of draft-ietf-dnsop-terminology-bis)

Amreesh Phokeer <> Thu, 03 May 2018 06:13 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C73DA12E893 for <>; Wed, 2 May 2018 23:13:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id jIwIqXS2rkRV for <>; Wed, 2 May 2018 23:13:23 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4001:c0b::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C0BA0126B6E for <>; Wed, 2 May 2018 23:13:23 -0700 (PDT)
Received: by with SMTP id t7-v6so1133539itf.0 for <>; Wed, 02 May 2018 23:13:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=p4FFDCTy1f5Pi0hPzkq+WYwer/nXboyac/hrpk5q/0k=; b=gmovlwj4CZ3+W37oyiDQaV1Vb8YtKUzCqep5xLwcLmDR2S1Gzrz0ktb2AOuGW7cY5O QHIa8BIiazn4OmQGzVyjOHdhB1uWOAb5xnUU4QNnXs73StZbJJ/Fzp67ma6tifhhtjH9 oEqkBt/iyywUwFGLZEm0RL3uHfRoPFeQ/vpbeNaLl/QubSuTUrzI3X69mi/yldMl/uXA iY+ZD+VLomwnVaGfZkG9oT+BxrzEJSrsAB0zjkx6ZGx4ImQYgMNOOWGCerlpZjbmWnUW T/cs5Pd6FGdA0rdPlGAiepp919P1RJp8tWc034L+6oqFKTznbIXkQ+96k0QF0vzX5xAt lB+Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=p4FFDCTy1f5Pi0hPzkq+WYwer/nXboyac/hrpk5q/0k=; b=iV+qAsTeZ50WthS1Xuxzgeb/z1bWmBKFrJ0Q02w3IHxtTbF2x5LXVG5BQICckSYRvc 6mMVKXAmYMrtx3spk5s/plW57gFsjj3TOxKhprMbKxinyO/ZEHvyoM7B1dqxi2A9pyXp qsEuEYaoN+tANSSMhP2aq5OVuezGB5GRyhJ93DtYnC+J4Qg/bj/4fuXDLSks7/KeK5h4 8LTSKSkdYcFsNFJzy1FN3hsyTBwY4yfRnDjn6g0dNpQbuMrpQ/dhP9OyL4y4/FEB6OB2 oHYSDBuaPtUkuwf9XGi53URzGSbaGLG7t2CPx/mAR3CyLFHeLIr53+G3ySKQ6V22FAKu Hbvg==
X-Gm-Message-State: ALQs6tDxQTPreitBPaS2jQhp9myHMEIlWnnh9209CH1evh+BRmozL/Lb K9+uvb04YE/2mhtfHaHjQtkC1cTu1XJ4cKG4wG0=
X-Google-Smtp-Source: AB8JxZpoQj/B0bAymiGFz3Cj0MW8/MtPgUXg2MA4fkSDvrhI+ZCu8v0STzKlnKDt/uAoinNt6+VB+F4NPC4mmVf8FyY=
X-Received: by 2002:a24:b915:: with SMTP id w21-v6mr23422630ite.53.1525328002952; Wed, 02 May 2018 23:13:22 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a4f:9d90:0:0:0:0:0 with HTTP; Wed, 2 May 2018 23:12:42 -0700 (PDT)
In-Reply-To: <>
References: <> <> <>
From: Amreesh Phokeer <>
Date: Thu, 3 May 2018 10:12:42 +0400
Message-ID: <>
To: Edward Lewis <>
Cc: Shane Kerr <>, "" <>
Content-Type: multipart/alternative; boundary="000000000000c83a77056b4719fa"
Archived-At: <>
Subject: Re: [DNSOP] [Ext] Lameness terminology (was: Status of draft-ietf-dnsop-terminology-bis)
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 03 May 2018 06:13:26 -0000

On Wed, May 2, 2018 at 11:47 PM, Edward Lewis <>
> If I can't find the text soon, I'll try to recreate the list of references
> at least.

We are in process of implementing a "Lame delegations" policy at AFRINIC

We consider "lame" any NS which is either:
- Not responding at all.
- Responding in some way, but not for the specific domain queried.
- Responding for the correct domain, but without the authority bit set.

We used the definition in RFC1713:

A lame delegation is a serious error in DNS configurations, yet a
   (too) common one.  It happens when a name server is listed in the NS
   records for some domain and in fact it is not a server for that
   domain.  Queries are thus sent to the wrong servers, who don't know
   nothing (at least not as expected) about the queried domain.
   Furthermore, sometimes these hosts (if they exist!) don't even run
   name servers.  As a result, queries are timed out and resent, only to
   fail, thus creating (more) unnecessary traffic.