Autonomic DNS

1
Autonomic DNS

• Experiment Architecture, Symptom and Fault
  Identification

2
Experiment Architecture

• Physical system setup
• Three Dell workstations running Redhat Linux 9.0,
  configured on an isolated network via IP Tables.
• The network resides on the Computer Science
  Research network
• Logical Domain Name System
• Two Root servers controlling two top level
  domains
• .example
• .test
• Six sub-domains
• red.test, yellow.test, green.test
• white.example, orange.example, black.example

3
Experiment Architecture

• All instances of the DNS will consist of Bind
  9.2.3
• Each domain will consist of one master DNS.
• Each domain will have 0 to 5 slave DNS.
• Master (red) ns.red.test
• Slave (red) ns.yellow.test, ns.green.test,
  ns.white.example, ns.orange.example,
  ns.black.example
• Master (yellow) ns.yellow.test
• Slave (yellow) ns.green.test, ns.white.example,
  ns.orange.example, ns.black.example
• From the examples above, each zone will have n-1
  slave
• name servers assigned to it. The last name
  server will be
• without a slave.

4
Experiment Architecture

• Having a varied number of slave name servers
  associated with the master name servers will
  allow us to test issues ranging from server
  performance on various levels to multiple user
  issues.
• The experiments conducted will consist of the
  symptoms identified on the following slides

5
DNS Symptoms

• Loss of Network Connectivity
• Response from unexpected source
• Recursion Bugs
• Client unsure on handling of NS record in
  authority section
• No answer to query
• Client calls on server too many times
• Name server is infected with bogus cache data

6
DNS Symptoms

• A server refers to itself in the authority
  section
• Cache leaks
• Remote names cant be looked up
• Name error bugs
• Lookups take a long time
• Wrong or Inconsistent Answer
• Slave name server data does not change when
  master server zone data changes
• Is invalid proceeding anyway

7
DNS Symptoms

• Slave server cant load zone data
• Internet services refused
• Host fails authentication checks
• Inconsistant or missing bad data
• Lame server reported
• Name server fails to load
• Name server reports Too many open files

8
DNS Faults

• Forgot to increment serial number
• Forgot to reload primary master server after
  changes are made
• Corrupt server cache
• Ignored referral
• To many referrals
• Malicious server
• Zero answer
• Added name to db file, but forgot to add PTR
  record

9
DNS Faults

• Name server cache set too small
• Server does not do negative caching
• Syntax error in zone data file on master
• Incorrect IP address for master on slave zone
  data file
• Syntax error in configuration file or zone data
  file
• Missing dot at end of a domain name in zone data
  file

10
DNS Faults

• Missing root.hints/db.cache data file
• Missing subdomain delegation
• TTL exceeded
• Syntax error in resolv.conf
• Incorrect labels in DNS name
• Incorrect SOA format
• Incorrect Glue records
• Retry interval is set too low in SOA

11
DNS Faults

• Incorrect address in query list allow-query
  address_match_list
• Incorrect configuration named.conf listen-on
  ip_address
• PTR record points to CNAME
• Expire time exceeded
• Loss of network connectivity

12
Symptom/Fault Matrix