Technical Checks Used for DNS Root Zone Changes
In my humble opinion, these improvements should be considered: #2, Maximum number of name servers: Besides checking the number, you should check if the list of NS RR and the necessary glue fits on a 512-bytes UDP packet. This check is particularly important now, with the deployment of IPv6. #4, Name server reachability: UDP and TCP should be used for every NS listed. #5, Name server authority: The AA bit check should be conducted using UDP and TCP. We've seen some cases (specially with some DNS appliances) the server answers with authority using UDP but not using TCP. #6, Name server coherency: The NS list at child should be get using UDP and TCP. We've seen inconsistencies between protocols (some NS RR listed when queried by UDP, but not listed when the same procedure was testes using TCP). #10, Minimum Network Diversity: Using a BGP peer you could check if a subset of NS RR share the same origin AS. In that case, you should warn about potential issues with that. In the case of anycast deployment, you should check if any subset of NS RR share the same AS-Path. With these two test, you can make a deeper network diversity check. Not included on the document. It would be advisable to have regular reachability checks on the NS asociated to a TLD. Following the same line but apart of technical checks, do some "contact reachability tests" would be a excellent practice, to know if a administrative/technical contact for any TLD is still on charge and, with this, verify if the contact information is still valid and accurate (In the Latin American region we detected a problem with one of the TLD's and the contact information coming from IANA was expired). Supporting Mark Andrews, some checks about right handling of EDNS support would be advisable, specially considering the future use of DNSSEC and IPv6 glue records. Kind Regards -- Sebastian E. Castro Avila sebastian@xxxxxx Administrador de DNS, NIC Chile Miraflores 222, Piso 14 Santiago, Chile Cod. Postal 832-0198 Phone: +56-2-9407705 Fax : +56-2-9407701 |