Discuss mailing list

[Jeff Taylor <shdwdrgn AT sourpuss.net>]

By the way, there's another new test page in the works at 
http://report.opennicproject.org/srvtest/

Sorry the format is crude, I just threw it together real quick to 
visualize the massive amount of data being generated.  I am working on 
completely new code for testing servers.  A few major improvements over 
the old code... First it allows me to use the same piece of code for 
performing both the overall testing and individual server testing (there 
are inconsistencies between tests in the old method).  Second, it allows 
me a simple method of setting a more extensive lists of tests to be 
performed on every server.  And last, the testing happens MUCH more 
rapidly by using better methods of interleaving the tests being run on 
each server.

This page lets you click on the server names and individual tests to see 
the full results of everything being checked.  Hovering your mouse over 
some of the red results will show what values were expected.  The other 
red lines indicate something returned that wasn't supposed to be.  
Eventually I will incorporate this into the reports page so that you 
have more detailed information as to why your server failed testing.

One server in particular (ns1.md.es)  can be seen failing the new tests 
while it passes the old testing.  This server does not support DNSSEC, 
but more importantly it is carrying a root zone that is over 6 months 
old!  If this is your server, please fix it to properly slave the root 
zone so you receive regular updates... the root zone sees changes 
several times each day as new TLDs are created and NS records are 
updated for the existing zones.

So as you can see, I'm not only checking that each server replies to 
queries for key zones, but I'm also checking that the information is up 
to date.  I can mark each test to generate a warning, a failure, or an 
informational note.  For example, the replySize and portRand tests are 
useful information but they are not a reason to fail a server.  I also 
have a much larger pool of ICANN addresses to test now, which are 
randomly chosen during each run.  This is to prevent the unlikely chance 
that someone could set up a public server which appeared to pass all 
testing, but then redirected other queries through their own 
revenue-generating page. (No it hasn't happened, but it was discussed as 
a possibility we want to prevent).

Anyway, I thought some folks might be interested in what kind of things 
were being worked on.  This is one of those tools that has needed 
improvement for awhile now, and I think this will be a big step towards 
ensuring better reliability of OpenNIC in general.