RFC 8483
Yeti DNS Testbed
Pages: 39
Informational
Informational
Part 3 of 3 – Pages 33 to 39
Appendix A. Yeti-Root Hints File
The following hints file (complete and accurate at the time of writing) causes a DNS resolver to use the Yeti DNS testbed in place of the production Root Server system and hence participate in experiments running on the testbed. Note that some lines have been wrapped in the text that follows in order to fit within the production constraints of this document. Wrapped lines are indicated with a blackslash character ("\"), following common convention. . 3600000 IN NS bii.dns-lab.net bii.dns-lab.net 3600000 IN AAAA 240c:f:1:22::6 . 3600000 IN NS yeti-ns.tisf.net yeti-ns.tisf.net 3600000 IN AAAA 2001:559:8000::6 . 3600000 IN NS yeti-ns.wide.ad.jp yeti-ns.wide.ad.jp 3600000 IN AAAA 2001:200:1d9::35 . 3600000 IN NS yeti-ns.as59715.net yeti-ns.as59715.net 3600000 IN AAAA \ 2a02:cdc5:9715:0:185:5:203:53 . 3600000 IN NS dahu1.yeti.eu.org dahu1.yeti.eu.org 3600000 IN AAAA \ 2001:4b98:dc2:45:216:3eff:fe4b:8c5b . 3600000 IN NS ns-yeti.bondis.org ns-yeti.bondis.org 3600000 IN AAAA 2a02:2810:0:405::250 . 3600000 IN NS yeti-ns.ix.ru yeti-ns.ix.ru 3600000 IN AAAA 2001:6d0:6d06::53 . 3600000 IN NS yeti.bofh.priv.at yeti.bofh.priv.at 3600000 IN AAAA 2a01:4f8:161:6106:1::10 . 3600000 IN NS yeti.ipv6.ernet.in yeti.ipv6.ernet.in 3600000 IN AAAA 2001:e30:1c1e:1::333 . 3600000 IN NS yeti-dns01.dnsworkshop.org yeti-dns01.dnsworkshop.org \ 3600000 IN AAAA 2001:1608:10:167:32e::53 . 3600000 IN NS yeti-ns.conit.co yeti-ns.conit.co 3600000 IN AAAA \ 2604:6600:2000:11::4854:a010 . 3600000 IN NS dahu2.yeti.eu.org dahu2.yeti.eu.org 3600000 IN AAAA 2001:67c:217c:6::2 . 3600000 IN NS yeti.aquaray.com yeti.aquaray.com 3600000 IN AAAA 2a02:ec0:200::1 . 3600000 IN NS yeti-ns.switch.ch yeti-ns.switch.ch 3600000 IN AAAA 2001:620:0:ff::29 . 3600000 IN NS yeti-ns.lab.nic.cl yeti-ns.lab.nic.cl 3600000 IN AAAA 2001:1398:1:21::8001 . 3600000 IN NS yeti-ns1.dns-lab.net
yeti-ns1.dns-lab.net 3600000 IN AAAA 2001:da8:a3:a027::6
. 3600000 IN NS yeti-ns2.dns-lab.net
yeti-ns2.dns-lab.net 3600000 IN AAAA 2001:da8:268:4200::6
. 3600000 IN NS yeti-ns3.dns-lab.net
yeti-ns3.dns-lab.net 3600000 IN AAAA 2400:a980:30ff::6
. 3600000 IN NS \
ca978112ca1bbdcafac231b39a23dc.yeti-dns.net
ca978112ca1bbdcafac231b39a23dc.yeti-dns.net \
3600000 IN AAAA 2c0f:f530::6
. 3600000 IN NS \
3e23e8160039594a33894f6564e1b1.yeti-dns.net
3e23e8160039594a33894f6564e1b1.yeti-dns.net \
3600000 IN AAAA 2803:80:1004:63::1
. 3600000 IN NS \
3f79bb7b435b05321651daefd374cd.yeti-dns.net
3f79bb7b435b05321651daefd374cd.yeti-dns.net \
3600000 IN AAAA 2401:c900:1401:3b:c::6
. 3600000 IN NS \
xn--r2bi1c.xn--h2bv6c0a.xn--h2brj9c
xn--r2bi1c.xn--h2bv6c0a.xn--h2brj9c \
3600000 IN AAAA 2001:e30:1c1e:10::333
. 3600000 IN NS yeti1.ipv6.ernet.in
yeti1.ipv6.ernet.in 3600000 IN AAAA 2001:e30:187d::333
. 3600000 IN NS yeti-dns02.dnsworkshop.org
yeti-dns02.dnsworkshop.org \
3600000 IN AAAA 2001:19f0:0:1133::53
. 3600000 IN NS yeti.mind-dns.nl
yeti.mind-dns.nl 3600000 IN AAAA 2a02:990:100:b01::53:0
Appendix B. Yeti-Root Server Priming Response
Here is the reply of a Yeti root name server to a priming request.
The authoritative server runs NSD.
...
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62391
;; flags: qr aa rd; QUERY: 1, ANSWER: 26, AUTHORITY: 0, ADDITIONAL: 7
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1460
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 86400 IN NS bii.dns-lab.net.
. 86400 IN NS yeti.bofh.priv.at.
. 86400 IN NS yeti.ipv6.ernet.in.
. 86400 IN NS yeti.aquaray.com.
. 86400 IN NS yeti.jhcloos.net.
. 86400 IN NS yeti.mind-dns.nl.
. 86400 IN NS dahu1.yeti.eu.org.
. 86400 IN NS dahu2.yeti.eu.org.
. 86400 IN NS yeti1.ipv6.ernet.in.
. 86400 IN NS ns-yeti.bondis.org.
. 86400 IN NS yeti-ns.ix.ru.
. 86400 IN NS yeti-ns.lab.nic.cl.
. 86400 IN NS yeti-ns.tisf.net.
. 86400 IN NS yeti-ns.wide.ad.jp.
. 86400 IN NS yeti-ns.datev.net.
. 86400 IN NS yeti-ns.switch.ch.
. 86400 IN NS yeti-ns.as59715.net.
. 86400 IN NS yeti-ns1.dns-lab.net.
. 86400 IN NS yeti-ns2.dns-lab.net.
. 86400 IN NS yeti-ns3.dns-lab.net.
. 86400 IN NS xn--r2bi1c.xn--h2bv6c0a.xn--h2brj9c.
. 86400 IN NS yeti-dns01.dnsworkshop.org.
. 86400 IN NS yeti-dns02.dnsworkshop.org.
. 86400 IN NS 3f79bb7b435b05321651daefd374cd.yeti-dns.net.
. 86400 IN NS ca978112ca1bbdcafac231b39a23dc.yeti-dns.net.
. 86400 IN RRSIG NS 8 0 86400 (
20171121050105 20171114050105 26253 .
FUvezvZgKtlLzQx2WKyg+D6dw/pITcbuZhzStZfg+LNa
DjLJ9oGIBTU1BuqTujKHdxQn0DcdFh9QE68EPs+93bZr
VlplkmObj8f0B7zTQgGWBkI/K4Tn6bZ1I7QJ0Zwnk1mS
BmEPkWmvo0kkaTQbcID+tMTodL6wPAgW1AdwQUInfy21
p+31GGm3+SU6SJsgeHOzPUQW+dUVWmdj6uvWCnUkzW9p
+5en4+85jBfEOf+qiyvaQwUUe98xZ1TOiSwYvk5s/qiv
AMjG6nY+xndwJUwhcJAXBVmGgrtbiR8GiGZfGqt748VX
4esLNtD8vdypucffem6n0T0eV1c+7j/eIA== )
;; ADDITIONAL SECTION:
bii.dns-lab.net. 86400 IN AAAA 240c:f:1:22::6
yeti.bofh.priv.at. 86400 IN AAAA 2a01:4f8:161:6106:1::10
yeti.ipv6.ernet.in. 86400 IN AAAA 2001:e30:1c1e:1::333
yeti.aquaray.com. 86400 IN AAAA 2a02:ec0:200::1
yeti.jhcloos.net. 86400 IN AAAA 2001:19f0:5401:1c3::53
yeti.mind-dns.nl. 86400 IN AAAA 2a02:990:100:b01::53:0
;; Query time: 163 msec
;; SERVER: 2001:4b98:dc2:45:216:3eff:fe4b:8c5b#53
;; WHEN: Tue Nov 14 16:45:37 +08 2017
;; MSG SIZE rcvd: 1222
Appendix C. Active IPv6 Prefixes in Yeti DNS Testbed
The following table shows the prefixes that were active during 2017. +----------------------+---------------------------------+----------+ | Prefix | Originator | Location | +----------------------+---------------------------------+----------+ | 240c::/28 | BII | CN | | 2001:6d0:6d06::/48 | MSK-IX | RU | | 2001:1488::/32 | CZ.NIC | CZ | | 2001:620::/32 | SWITCH | CH | | 2001:470::/32 | Hurricane Electric, Inc. | US | | 2001:0DA8:0202::/48 | BUPT6-CERNET2 | CN | | 2001:19f0:6c00::/38 | Choopa, LLC | US | | 2001:da8:205::/48 | BJTU6-CERNET2 | CN | | 2001:62a::/31 | Vienna University Computer | AT | | | Center | | | 2001:67c:217c::/48 | AFNIC | FR | | 2a02:2478::/32 | Profitbricks GmbH | DE | | 2001:1398:1::/48 | NIC Chile | CL | | 2001:4490:dc4c::/46 | NIB (National Internet | IN | | | Backbone) | | | 2001:4b98::/32 | Gandi | FR | | 2a02:aa8:0:2000::/52 | T-Systems-Eltec | ES | | 2a03:b240::/32 | Netskin GmbH | CH | | 2801:1a0::/42 | Universidad de Ibague | CO | | 2a00:1cc8::/40 | ICT Valle Umbra s.r.l. | IT | | 2a02:cdc0::/29 | ORG-CdSB1-RIPE | IT | +----------------------+---------------------------------+----------+Appendix D. Tools Developed for Yeti DNS Testbed
Various tools were developed to support the Yeti DNS testbed, a selection of which are described briefly below. YmmV ("Yeti Many Mirror Verifier") is designed to make it easy and safe for a DNS administrator to capture traffic sent from a resolver to the Root Server system and to replay it towards Yeti-Root servers. Responses from both systems are recorded and compared, and differences are logged. See <https://github.com/BII-Lab/ymmv>. PcapParser is a module used by YmmV which reassembles fragmented IPv6 datagrams and TCP segments from a PCAP archive and extracts DNS messages contained within them. See <https://github.com/RunxiaWan/ PcapParser>.
DNS-layer-fragmentation implements DNS proxies that perform application-level fragmentation of DNS messages, based on [FRAGMENTS]. The idea with these proxies is to explore splitting DNS messages in the protocol itself, so they will not by fragmented by the IP layer. See <https://github.com/BII-Lab/DNS-layer- Fragmentation>. DNS_ATR is an implementation of DNS Additional Truncated Response (ATR), as described in [ATR] and [HOW_ATR_WORKS]. DNS_ATR acts as a proxy between resolver and authoritative servers, forwarding queries and responses as a silent and transparent listener. Responses that are larger than a nominated threshold (1280 octets by default) trigger additional truncated responses to be sent immediately following the large response. See <https://github.com/songlinjian/ DNS_ATR>.Appendix E. Controversy
The Yeti DNS Project, its infrastructure and the various experiments that have been carried out using that infrastructure, have been described by people involved in the project in many public meetings at technical venues since its inception. The mailing lists using which the operation of the infrastructure has been coordinated are open to join, and their archives are public. The project as a whole has been the subject of robust public discussion. Some commentators have expressed concern that the Yeti DNS Project is, in effect, operating an alternate root, challenging the IAB's comments published in [RFC2826]. Other such alternate roots are considered to have caused end-user confusion and instability in the namespace of the DNS by the introduction of new top-level labels or the different use of top-level labels present in the Root Server system. The coordinators of the Yeti DNS Project do not consider the Yeti DNS Project to be an alternate root in this sense, since by design the namespace enabled by the Yeti-Root zone is identical to that of the Root Zone. Some commentators have expressed concern that the Yeti DNS Project seeks to influence or subvert administrative policy relating to the Root Server system, in particular in the use of DNSSEC trust anchors not published by the IANA and the use of Yeti-Root servers in regions where governments or other organizations have expressed interest in operating a Root Server. The coordinators of the Yeti-Root project observe that their mandate is entirely technical and has no ambition to influence policy directly; they do hope, however, that technical findings from the Yeti DNS Project might act as a useful resource for the wider technical community.
Acknowledgments
Firstly, the authors would like to acknowledge the contributions from the people who were involved in the implementation and operation of the Yeti DNS by donating their time and resources. They are: Tomohiro Ishihara, Antonio Prado, Stephane Bortzmeyer, Mickael Jouanne, Pierre Beyssac, Joao Damas, Pavel Khramtsov, Dmitry Burkov, Dima Burkov, Kovalenko Dmitry, Otmar Lendl, Praveen Misra, Carsten Strotmann, Edwin Gomez, Daniel Stirnimann, Andreas Schulze, Remi Gacogne, Guillaume de Lafond, Yves Bovard, Hugo Salgado, Kees Monshouwer, Li Zhen, Daobiao Gong, Andreas Schulze, James Cloos, and Runxia Wan. Thanks to all people who gave important advice and comments to Yeti, either in face-to-face meetings or virtually via phone or mailing list. Some of the individuals are as follows: Wu Hequan, Zhou Hongren, Cheng Yunqing, Xia Chongfeng, Tang Xiongyan, Li Yuxiao, Feng Ming, Zhang Tongxu, Duan Xiaodong, Wang Yang, Wang JiYe, Wang Lei, Zhao Zhifeng, Chen Wei, Wang Wei, Wang Jilong, Du Yuejing, Tan XiaoSheng, Chen Shangyi, Huang Chenqing, Ma Yan, Li Xing, Cui Yong, Bi Jun, Duan Haixing, Marc Blanchet, Andrew Sullivan, Suzanne Wolf, Terry Manderson, Geoff Huston, Jaap Akkerhuis, Kaveh Ranjbar, Jun Murai, Paul Wilson, and Kilnam Chonm. The authors also acknowledge the assistance of the Independent Submissions Editorial Board, and of the following reviewers whose opinions helped improve the clarity of this document: Joe Abley, Paul Mockapetris, and Subramanian Moonesamy.
Authors' Addresses
Linjian Song (editor) Beijing Internet Institute 2nd Floor, Building 5, No.58 Jing Hai Wu Lu, BDA Beijing 100176 China Email: songlinjian@gmail.com URI: http://www.biigroup.com/ Dong Liu Beijing Internet Institute 2nd Floor, Building 5, No.58 Jing Hai Wu Lu, BDA Beijing 100176 China Email: dliu@biigroup.com URI: http://www.biigroup.com/ Paul Vixie TISF 11400 La Honda Road Woodside, California 94062 United States of America Email: vixie@tisf.net URI: http://www.redbarn.org/ Akira Kato Keio University/WIDE Project Graduate School of Media Design, 4-1-1 Hiyoshi, Kohoku Yokohama 223-8526 Japan Email: kato@wide.ad.jp URI: http://www.kmd.keio.ac.jp/ Shane Kerr Antoon Coolenlaan 41 Uithoorn 1422 GN The Netherlands Email: shane@time-travellers.org