Tech-invite3GPPspaceIETFspace
96959493929190898887868584838281807978777675747372717069686766656463626160595857565554535251504948474645444342414039383736353433323130292827262524232221201918171615141312111009080706050403020100
in Index   Prev   Next

RFC 8483

Yeti DNS Testbed

Pages: 39
Informational
Part 3 of 3 – Pages 33 to 39
First   Prev   None

Top   ToC   RFC8483 - Page 33   prevText

Appendix A. Yeti-Root Hints File

The following hints file (complete and accurate at the time of writing) causes a DNS resolver to use the Yeti DNS testbed in place of the production Root Server system and hence participate in experiments running on the testbed. Note that some lines have been wrapped in the text that follows in order to fit within the production constraints of this document. Wrapped lines are indicated with a blackslash character ("\"), following common convention. . 3600000 IN NS bii.dns-lab.net bii.dns-lab.net 3600000 IN AAAA 240c:f:1:22::6 . 3600000 IN NS yeti-ns.tisf.net yeti-ns.tisf.net 3600000 IN AAAA 2001:559:8000::6 . 3600000 IN NS yeti-ns.wide.ad.jp yeti-ns.wide.ad.jp 3600000 IN AAAA 2001:200:1d9::35 . 3600000 IN NS yeti-ns.as59715.net yeti-ns.as59715.net 3600000 IN AAAA \ 2a02:cdc5:9715:0:185:5:203:53 . 3600000 IN NS dahu1.yeti.eu.org dahu1.yeti.eu.org 3600000 IN AAAA \ 2001:4b98:dc2:45:216:3eff:fe4b:8c5b . 3600000 IN NS ns-yeti.bondis.org ns-yeti.bondis.org 3600000 IN AAAA 2a02:2810:0:405::250 . 3600000 IN NS yeti-ns.ix.ru yeti-ns.ix.ru 3600000 IN AAAA 2001:6d0:6d06::53 . 3600000 IN NS yeti.bofh.priv.at yeti.bofh.priv.at 3600000 IN AAAA 2a01:4f8:161:6106:1::10 . 3600000 IN NS yeti.ipv6.ernet.in yeti.ipv6.ernet.in 3600000 IN AAAA 2001:e30:1c1e:1::333 . 3600000 IN NS yeti-dns01.dnsworkshop.org yeti-dns01.dnsworkshop.org \ 3600000 IN AAAA 2001:1608:10:167:32e::53 . 3600000 IN NS yeti-ns.conit.co yeti-ns.conit.co 3600000 IN AAAA \ 2604:6600:2000:11::4854:a010 . 3600000 IN NS dahu2.yeti.eu.org dahu2.yeti.eu.org 3600000 IN AAAA 2001:67c:217c:6::2 . 3600000 IN NS yeti.aquaray.com yeti.aquaray.com 3600000 IN AAAA 2a02:ec0:200::1 . 3600000 IN NS yeti-ns.switch.ch yeti-ns.switch.ch 3600000 IN AAAA 2001:620:0:ff::29 . 3600000 IN NS yeti-ns.lab.nic.cl yeti-ns.lab.nic.cl 3600000 IN AAAA 2001:1398:1:21::8001 . 3600000 IN NS yeti-ns1.dns-lab.net
Top   ToC   RFC8483 - Page 34
   yeti-ns1.dns-lab.net  3600000  IN   AAAA   2001:da8:a3:a027::6
   .                     3600000  IN   NS     yeti-ns2.dns-lab.net
   yeti-ns2.dns-lab.net  3600000  IN   AAAA   2001:da8:268:4200::6
   .                     3600000  IN   NS     yeti-ns3.dns-lab.net
   yeti-ns3.dns-lab.net  3600000  IN   AAAA   2400:a980:30ff::6
   .                     3600000  IN   NS     \
                           ca978112ca1bbdcafac231b39a23dc.yeti-dns.net
   ca978112ca1bbdcafac231b39a23dc.yeti-dns.net \
                         3600000  IN   AAAA   2c0f:f530::6
   .                     3600000  IN   NS     \
                           3e23e8160039594a33894f6564e1b1.yeti-dns.net
   3e23e8160039594a33894f6564e1b1.yeti-dns.net \
                         3600000  IN   AAAA   2803:80:1004:63::1
   .                     3600000  IN   NS     \
                           3f79bb7b435b05321651daefd374cd.yeti-dns.net
   3f79bb7b435b05321651daefd374cd.yeti-dns.net \
                         3600000  IN   AAAA   2401:c900:1401:3b:c::6
   .                     3600000  IN   NS     \
                           xn--r2bi1c.xn--h2bv6c0a.xn--h2brj9c
   xn--r2bi1c.xn--h2bv6c0a.xn--h2brj9c \
                         3600000  IN   AAAA   2001:e30:1c1e:10::333
   .                     3600000  IN   NS     yeti1.ipv6.ernet.in
   yeti1.ipv6.ernet.in   3600000  IN   AAAA   2001:e30:187d::333
   .                     3600000  IN   NS     yeti-dns02.dnsworkshop.org
   yeti-dns02.dnsworkshop.org \
                         3600000  IN   AAAA   2001:19f0:0:1133::53
   .                     3600000  IN   NS     yeti.mind-dns.nl
   yeti.mind-dns.nl      3600000  IN   AAAA   2a02:990:100:b01::53:0

Appendix B. Yeti-Root Server Priming Response

Here is the reply of a Yeti root name server to a priming request. The authoritative server runs NSD. ... ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62391 ;; flags: qr aa rd; QUERY: 1, ANSWER: 26, AUTHORITY: 0, ADDITIONAL: 7 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 1460 ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 86400 IN NS bii.dns-lab.net. . 86400 IN NS yeti.bofh.priv.at.
Top   ToC   RFC8483 - Page 35
   .            86400 IN NS yeti.ipv6.ernet.in.
   .            86400 IN NS yeti.aquaray.com.
   .            86400 IN NS yeti.jhcloos.net.
   .            86400 IN NS yeti.mind-dns.nl.
   .            86400 IN NS dahu1.yeti.eu.org.
   .            86400 IN NS dahu2.yeti.eu.org.
   .            86400 IN NS yeti1.ipv6.ernet.in.
   .            86400 IN NS ns-yeti.bondis.org.
   .            86400 IN NS yeti-ns.ix.ru.
   .            86400 IN NS yeti-ns.lab.nic.cl.
   .            86400 IN NS yeti-ns.tisf.net.
   .            86400 IN NS yeti-ns.wide.ad.jp.
   .            86400 IN NS yeti-ns.datev.net.
   .            86400 IN NS yeti-ns.switch.ch.
   .            86400 IN NS yeti-ns.as59715.net.
   .            86400 IN NS yeti-ns1.dns-lab.net.
   .            86400 IN NS yeti-ns2.dns-lab.net.
   .            86400 IN NS yeti-ns3.dns-lab.net.
   .            86400 IN NS xn--r2bi1c.xn--h2bv6c0a.xn--h2brj9c.
   .            86400 IN NS yeti-dns01.dnsworkshop.org.
   .            86400 IN NS yeti-dns02.dnsworkshop.org.
   .            86400 IN NS 3f79bb7b435b05321651daefd374cd.yeti-dns.net.
   .            86400 IN NS ca978112ca1bbdcafac231b39a23dc.yeti-dns.net.
   .            86400 IN RRSIG NS 8 0 86400 (
                            20171121050105 20171114050105 26253 .
                            FUvezvZgKtlLzQx2WKyg+D6dw/pITcbuZhzStZfg+LNa
                            DjLJ9oGIBTU1BuqTujKHdxQn0DcdFh9QE68EPs+93bZr
                            VlplkmObj8f0B7zTQgGWBkI/K4Tn6bZ1I7QJ0Zwnk1mS
                            BmEPkWmvo0kkaTQbcID+tMTodL6wPAgW1AdwQUInfy21
                            p+31GGm3+SU6SJsgeHOzPUQW+dUVWmdj6uvWCnUkzW9p
                            +5en4+85jBfEOf+qiyvaQwUUe98xZ1TOiSwYvk5s/qiv
                            AMjG6nY+xndwJUwhcJAXBVmGgrtbiR8GiGZfGqt748VX
                            4esLNtD8vdypucffem6n0T0eV1c+7j/eIA== )

   ;; ADDITIONAL SECTION:
   bii.dns-lab.net.        86400 IN AAAA 240c:f:1:22::6
   yeti.bofh.priv.at.      86400 IN AAAA 2a01:4f8:161:6106:1::10
   yeti.ipv6.ernet.in.     86400 IN AAAA 2001:e30:1c1e:1::333
   yeti.aquaray.com.       86400 IN AAAA 2a02:ec0:200::1
   yeti.jhcloos.net.       86400 IN AAAA 2001:19f0:5401:1c3::53
   yeti.mind-dns.nl.       86400 IN AAAA 2a02:990:100:b01::53:0

   ;; Query time: 163 msec
   ;; SERVER: 2001:4b98:dc2:45:216:3eff:fe4b:8c5b#53
   ;; WHEN: Tue Nov 14 16:45:37 +08 2017
   ;; MSG SIZE  rcvd: 1222
Top   ToC   RFC8483 - Page 36

Appendix C. Active IPv6 Prefixes in Yeti DNS Testbed

The following table shows the prefixes that were active during 2017. +----------------------+---------------------------------+----------+ | Prefix | Originator | Location | +----------------------+---------------------------------+----------+ | 240c::/28 | BII | CN | | 2001:6d0:6d06::/48 | MSK-IX | RU | | 2001:1488::/32 | CZ.NIC | CZ | | 2001:620::/32 | SWITCH | CH | | 2001:470::/32 | Hurricane Electric, Inc. | US | | 2001:0DA8:0202::/48 | BUPT6-CERNET2 | CN | | 2001:19f0:6c00::/38 | Choopa, LLC | US | | 2001:da8:205::/48 | BJTU6-CERNET2 | CN | | 2001:62a::/31 | Vienna University Computer | AT | | | Center | | | 2001:67c:217c::/48 | AFNIC | FR | | 2a02:2478::/32 | Profitbricks GmbH | DE | | 2001:1398:1::/48 | NIC Chile | CL | | 2001:4490:dc4c::/46 | NIB (National Internet | IN | | | Backbone) | | | 2001:4b98::/32 | Gandi | FR | | 2a02:aa8:0:2000::/52 | T-Systems-Eltec | ES | | 2a03:b240::/32 | Netskin GmbH | CH | | 2801:1a0::/42 | Universidad de Ibague | CO | | 2a00:1cc8::/40 | ICT Valle Umbra s.r.l. | IT | | 2a02:cdc0::/29 | ORG-CdSB1-RIPE | IT | +----------------------+---------------------------------+----------+

Appendix D. Tools Developed for Yeti DNS Testbed

Various tools were developed to support the Yeti DNS testbed, a selection of which are described briefly below. YmmV ("Yeti Many Mirror Verifier") is designed to make it easy and safe for a DNS administrator to capture traffic sent from a resolver to the Root Server system and to replay it towards Yeti-Root servers. Responses from both systems are recorded and compared, and differences are logged. See <https://github.com/BII-Lab/ymmv>. PcapParser is a module used by YmmV which reassembles fragmented IPv6 datagrams and TCP segments from a PCAP archive and extracts DNS messages contained within them. See <https://github.com/RunxiaWan/ PcapParser>.
Top   ToC   RFC8483 - Page 37
   DNS-layer-fragmentation implements DNS proxies that perform
   application-level fragmentation of DNS messages, based on
   [FRAGMENTS].  The idea with these proxies is to explore splitting DNS
   messages in the protocol itself, so they will not by fragmented by
   the IP layer.  See <https://github.com/BII-Lab/DNS-layer-
   Fragmentation>.

   DNS_ATR is an implementation of DNS Additional Truncated Response
   (ATR), as described in [ATR] and [HOW_ATR_WORKS].  DNS_ATR acts as a
   proxy between resolver and authoritative servers, forwarding queries
   and responses as a silent and transparent listener.  Responses that
   are larger than a nominated threshold (1280 octets by default)
   trigger additional truncated responses to be sent immediately
   following the large response.  See <https://github.com/songlinjian/
   DNS_ATR>.

Appendix E. Controversy

The Yeti DNS Project, its infrastructure and the various experiments that have been carried out using that infrastructure, have been described by people involved in the project in many public meetings at technical venues since its inception. The mailing lists using which the operation of the infrastructure has been coordinated are open to join, and their archives are public. The project as a whole has been the subject of robust public discussion. Some commentators have expressed concern that the Yeti DNS Project is, in effect, operating an alternate root, challenging the IAB's comments published in [RFC2826]. Other such alternate roots are considered to have caused end-user confusion and instability in the namespace of the DNS by the introduction of new top-level labels or the different use of top-level labels present in the Root Server system. The coordinators of the Yeti DNS Project do not consider the Yeti DNS Project to be an alternate root in this sense, since by design the namespace enabled by the Yeti-Root zone is identical to that of the Root Zone. Some commentators have expressed concern that the Yeti DNS Project seeks to influence or subvert administrative policy relating to the Root Server system, in particular in the use of DNSSEC trust anchors not published by the IANA and the use of Yeti-Root servers in regions where governments or other organizations have expressed interest in operating a Root Server. The coordinators of the Yeti-Root project observe that their mandate is entirely technical and has no ambition to influence policy directly; they do hope, however, that technical findings from the Yeti DNS Project might act as a useful resource for the wider technical community.
Top   ToC   RFC8483 - Page 38

Acknowledgments

Firstly, the authors would like to acknowledge the contributions from the people who were involved in the implementation and operation of the Yeti DNS by donating their time and resources. They are: Tomohiro Ishihara, Antonio Prado, Stephane Bortzmeyer, Mickael Jouanne, Pierre Beyssac, Joao Damas, Pavel Khramtsov, Dmitry Burkov, Dima Burkov, Kovalenko Dmitry, Otmar Lendl, Praveen Misra, Carsten Strotmann, Edwin Gomez, Daniel Stirnimann, Andreas Schulze, Remi Gacogne, Guillaume de Lafond, Yves Bovard, Hugo Salgado, Kees Monshouwer, Li Zhen, Daobiao Gong, Andreas Schulze, James Cloos, and Runxia Wan. Thanks to all people who gave important advice and comments to Yeti, either in face-to-face meetings or virtually via phone or mailing list. Some of the individuals are as follows: Wu Hequan, Zhou Hongren, Cheng Yunqing, Xia Chongfeng, Tang Xiongyan, Li Yuxiao, Feng Ming, Zhang Tongxu, Duan Xiaodong, Wang Yang, Wang JiYe, Wang Lei, Zhao Zhifeng, Chen Wei, Wang Wei, Wang Jilong, Du Yuejing, Tan XiaoSheng, Chen Shangyi, Huang Chenqing, Ma Yan, Li Xing, Cui Yong, Bi Jun, Duan Haixing, Marc Blanchet, Andrew Sullivan, Suzanne Wolf, Terry Manderson, Geoff Huston, Jaap Akkerhuis, Kaveh Ranjbar, Jun Murai, Paul Wilson, and Kilnam Chonm. The authors also acknowledge the assistance of the Independent Submissions Editorial Board, and of the following reviewers whose opinions helped improve the clarity of this document: Joe Abley, Paul Mockapetris, and Subramanian Moonesamy.
Top   ToC   RFC8483 - Page 39

Authors' Addresses

Linjian Song (editor) Beijing Internet Institute 2nd Floor, Building 5, No.58 Jing Hai Wu Lu, BDA Beijing 100176 China Email: songlinjian@gmail.com URI: http://www.biigroup.com/ Dong Liu Beijing Internet Institute 2nd Floor, Building 5, No.58 Jing Hai Wu Lu, BDA Beijing 100176 China Email: dliu@biigroup.com URI: http://www.biigroup.com/ Paul Vixie TISF 11400 La Honda Road Woodside, California 94062 United States of America Email: vixie@tisf.net URI: http://www.redbarn.org/ Akira Kato Keio University/WIDE Project Graduate School of Media Design, 4-1-1 Hiyoshi, Kohoku Yokohama 223-8526 Japan Email: kato@wide.ad.jp URI: http://www.kmd.keio.ac.jp/ Shane Kerr Antoon Coolenlaan 41 Uithoorn 1422 GN The Netherlands Email: shane@time-travellers.org