Gilles Massen wrote: Hello Gilles,
I was wondering if there is a detailed description of what and how is tested in order to check the lameness of a server (i.e. how are the names resolved, timeouts and retransmits of the queries, checks made,....)? Any pointer would be welcome.
This is currently not documented. However, I can provide a quick explanation here. The first phase of the lameness checks involves generating a canonical list of name servers for a zone. The process gathers all the name servers, and queries each name once for A and AAAA records, with a 3-second timeout. Once it has a complete list of zone and nameserver address pairs, it queries each address for a SOA record for the zone, with a 3-second timeout. If a particular address yields no response, it is queued, and queried up to 4 more times at varying intervals.
The background is that I got notifications ("Unable to resolve nameserver ") which are most probably wrong, unless the resolving algorithm is very delicate...
We are aware that around 1% of the servers we have in our list did not resolve to addresses, which resulted in these false positives. We are taking steps to ensure that we eliminate as many of these as possible in future probes. -- Anand Buddhdev DNS Services Manager, RIPE NCC