Extended DNS Errors: Unlocking the Full Potential of DNS Troubleshooting
Résumé
The Domain Name System (DNS) relies on response codes to confirm successful transactions or indicate anomalies. Yet, the codes are not sufficiently fine-grained to pinpoint the root causes of resolution failures. RFC 8914 (Extended DNS Errors or EDE) addresses the problem by defining a new extensible registry of error codes to be served inside the OPT resource record. In this paper, we show that four major DNS resolver vendors and three large public DNS resolvers support this standard and correctly narrow down the cause of underlying problems. Yet, they do not agree in 94% of our test cases in terms of the returned EDE codes. We reveal that Cloudflare DNS is the most precise in indicating various DNS misconfigurations via the EDE mechanism, so we use it to perform a large-scale analysis of more than 303M registered domain names. We show that 17.7M of them trigger EDE codes. Lame delegations and DNSSEC validation failures are the most common problems encountered.
Domaines
Informatique [cs]
Fichier principal
IMC_2023__Extended_DNS_Errors__Unlocking_the_Full_Potential_of_DNS_Troubleshooting.pdf (502.77 Ko)
Télécharger le fichier
Origine | Fichiers produits par l'(les) auteur(s) |
---|