How APNIC tests for lame delegations

APNIC has developed a system to test for lame DNS delegations within the in-addr.arpa and ipv6.arpa domains. A delegation in DNS is the assignment of a zone to a name server. The system queries name servers for the zones they are supposed to be delegated to according to registration information in the APNIC Whois Database.

A name server is tested by asking for data that has to be present in a zone. If the name server responds with a positive answer and claims to be authoritative, the name server is okay for that zone. Any other answer indicates that the name server is lame for the tested zone. If there is no correct answer, the test is repeated over a 15 day period and if there is persistently no correct answer, the name server is considered lame.

Example of a valid IN-ADDR.ARPA Delegation:

; <<>> DiG 9.2.1 <<>> 28.12.202.in-addr.arpa @cumin.apnic.net soa +norec

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17968

;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;28.12.202.in-addr.arpa.                IN      SOA

;; ANSWER SECTION:

28.12.202.in-addr.arpa. 3600    IN      SOA     cumin.apnic.net. dns-admin.apnic.net. 
2004010901 3600 1800 604800 3600

;; Query time: 1 msec

;; SERVER: 202.12.29.59#53(cumin.apnic.net)

;; WHEN: Wed Sep 29 11:26:23 2004

;; MSG SIZE  rcvd: 101

Note 1) "status: NOERROR", 2) "flags: qr aa", and 3) "ANSWER: 1".

Together these indicate that the delegation of 28.12.202.in-addr.arpa to cumin.apnic.net is healthy and not lame.

Common lame responses may include "status: REFUSED", or "status: SERVFAIL". Flags include "rd ra", which indicate that the server is performing recursion to find the answer and is not authoritative.