 Good morning everybody. My name is Sandesh Balakrishnan and I work with the French Network Information Centre. I'm an R&D engineer there. It doesn't work, it seems. So today I'm going to talk about a tool called ZoneMaster, which is a tool used for DNS validation. So this project has been working with AFNIC, the French Registry and the Swedish Registry IS. We started it like three years ago and we are planning to maintain for another two years. Both the companies have agreed to work on this project for the next two years also. So to set it as a preamble, I always start with the slide which I took it from the NHS. Our body, even though we have a lot of issues, we are alive. But lots of research has put into saying that different parts of the body has different medical tests and we have to do it to make sure that our body is fit. So I call that as a comprehensive health check. So similarly for DNS, we have different parts for the DNS zone where we have to test. Even though your website works, sometimes you will have issues. So we need a tool to have a comprehensive test for the DNS. What do we do? Let's take an example. I did a test with RMLL, it's a Logical Libre in France. It's like the first term in France. So I did a test with a tool that we always use, DIG. So what happens when I do a DIG, the site works. But when I do the same test using ZoneMaster, a comprehensive test, I use the ZoneMaster CLI. I'm not sure whether it is clear. We have issues here that are one warning and two notices. So there is one name server that is not properly working. So that is why we need to have a comprehensive tool for validating DNS zone. But there are a number of tools in there, open source, paid and everything, and why ZoneMaster is different. The ZoneMaster targets different types of people. If you are just a user, you want to check your website. You go to the SAS, the public GUI, ZoneMaster.net, enter your domain name and have the results to see whether your zone for a website or domain name is healthy. Then for advanced users, you can install the engine, which is the pull library, which does the comprehensive test and use the command line interface. You should also install that and you can do various customizations to see how your zone of a domain is working. Then if you are a guy, if you are a registry or registrar or somebody who has a portfolio of domain names like 100,000 domain names, you want to test all the domain names in a batch and then you want to store them in somewhere in a database, see the history, whether it has worked in 2015, now it is working, what was the difference. You can also do that by installing the backend and the GUI. You can have your own interface. And then you can also use call the ZoneMaster pull library from your own application. So these are the different target users that we planned with the ZoneMaster. So this is an example of rml.info, which we test using the graphical user interface, the website, and you see there is an issue, the yellow color. Now, how do you test from the CLI? So you install the CLI in your own system, computer, and then you use ZoneMaster iPhone CLI and run your domain. Then there are different, it's not clear, you can see that. You have different levels of customization. For example, if you want to test only with IPv4, if you want to test certain tests and not others, if you want to change the level of the debug, you can have debug 1, 2, 3. There are different prospects with ZoneMaster, so you can use that with the CLI. You can also use, there is also JSON RPC interface, there's an API where you can call from your application to run and then get results. So the first one shows that you have started a test and you got an ID and the second here shows that with this ID you get the results. So this is the result in JSON. How do you run a batch test? When I call a batch test, you run like 5, 10, 100,000 domains. So similarly, you call the JSON RPC, you put the number of domains, you add a batch job, you call the method AddBadJob and you have an API and user key, and then you run the test, you get a response with an ID and you can use this ID to get the number of results. So this is for example where I'm showing is that there are about 200 tests, there are 5 tests that have been finished and 19 different tests are running. So there is an API documentation in G-Tab which is being updated, there have been some feedbacks that it is not properly documented, so we are updating that. Then you can also call from your application, from your own software, you call the library, you can use commands like this, I know you are more expert than me, so you can use this to get the results. Now this is how the top one is a local implementation by the Swedish registry where they are using ZoneMaster and the second one is used by a company called Pingdom where they are testing all the government sites in Sweden to show whether it is properly using DNSSEC or not. So they are using ZoneMaster. So these are the two examples. If you see ZoneMaster in brief, it is an open source project and all the code is in BSD2 license. It has been vastly documented. That is one of the main differences between other tools and ZoneMaster. I will go deep into that afterwards. So all the documentation is used using the Creative Commons license. So what our objective was that, when I say our objective both the Swedish registry and the French registry to create ZoneMaster as a tool that should be used by everybody to test the zone validity for the DNS zone. You can use it for delegated and non-delegated zones. When I say non-delegated zones, it is not already there in the DNS. You can test them. There are three types of interfaces, CLI, web and API. We can have different levels of output. You can have high, medium and low levels of output. You can have the output in web, HTML, text and JSON. Now we are supporting four languages, English, French, Swedish and Danish and you can also customize it according to your needs. I will also go deep into that. As of now we are supporting four OS, Debian, CentOS, FreeBSD and Ubuntu. It might not be all the versions have been supported but we are trying to keep it updated. So I told you earlier about the documentation. So when we started before both IAS, the Swedish registry and AFNIC, the French registry, we had our own validation tool, DNS zone validation tool. AFNIC was using zone check and IAS was using DNS check. So both of them, when they wanted to update it, we thought that we will create a new tool. So the first thing that we said was that there was not enough documentation. So we had to have that enough documentation. So what we did was we took all the requirements from these tools, existing tools. We removed the tests that were obsolete. We added some of the new tests and every time there was a new requirement we have a review and saying that this is the test that should be updated. We update it like requirements and then we put them under eight different categories. So as of now we have like 84 tests classified into eight different categories and all these tests are documented like this. For example, take this first test, we say that why do we do this test and which BCP or RFC says that this test should be done, then how this test should be done. So everything is documented. So once it is documented, that's why it is getting delayed. We write the source code only when the complete documentation is done and reviewed. So in case tomorrow if you want to develop your own tool you can just go into this documentation and use your own, develop your own tool for a zone validation, dns zone validation. So what do we have as implementation? We have pull and JavaScript. Most of the code is returned in pull. Only the GUI part we have some JavaScript. So there were being some feedbacks about the GUI that is not perfect. So we are developing a new GUI and it is being a prospectively it should be up in the May of 2018 and we have an LUNS resolver that we use for using the net LUNS in a net labs library. So there are such, how do we have the locks? The locks we can have a human readable form. You can have in for with the tags which you could use it in your own application in draw format. Then you can have it in JSON format. And also you can configure the results depending upon what you would like to have. We have different levels of configurations, info, notice, warning, error and critical. So that you can modify depending upon your requirements. So this is an example of how we have the severity of the different tests. Tomorrow you say the dns check as of now is info or notice. You say it should be clear warning or error. You can modify that. Then you can also decide on which test to run. For example, in syntax we have 8 tests. You say that I don't want to run syntax 0, 6. So you can put it as 0 and that test will not be running. You can also go into the configurations of how the resolver should work. Whether you want to test only with IPv6 or IPv4 that also could be done. And for fine graining the test we can say for example if you have a domain and you know that one of the name service is not working and you don't want to have an error on that you can just put it as a warning. So these are the different configuration levels that you can do in ZoneMaster to adapt to yourself. And we have decided to make currently these are different files. So we will have only one file in the future which is called the profile file. So you can just change it and use ZoneMaster CLI dash profile and then you can run your domain based upon your configurations. So we have configurative features in the GUI where we have like for example here the YANA profile but currently it is obsolete so the new GUI will update that. Then regarding standardization efforts we try to standardize it in the ITF. It didn't go well. There were a lot of positive as well as negative feedbacks. So currently we are planning to push it as a best practice document at RIPE. So it is in a to do thing. So who are all using ZoneMaster? IS has its own implementation. The Canadian registry is using it. DK hostmaster has their own implementation. As I showed Pingdom has that. RIPE NCC is using it. And ICANN has recently confirmed that it will be using ZoneMaster for PDT and registrars like GoDaddy and OVH. In their websites are linking back to ZoneMaster. Center, the council of European national top level domains is planning to use ZoneMaster for statistics purpose. And you all to test ZoneMaster give us feedback and contributions. So this is the different references we have. Everything is in JITEP. If you want to give feedback we have this mailing list. Did I go fast? No, you have got 7 minutes to do the questions. So that's it. I try to go fast. Questions? I have two questions. Number one is whether you store the database in the packet to store all the results for the history? For example if you use ZoneMaster.net everything is stored in our own system. All this information. Second question, is it possible to have multiple engines or at least multiple worldwide distributed probes? Because if you use any Kastion S it may work from one side of the world but it may be broken on the other side of the world. I think you can launch multiple engines, yeah. I have not done that but I think you can do that. For any plans to support ED2519? What is that? To support ED2519. Electrical, cool. I think you can start an issue in JITEP and then we will decide, the team will decide whether we need it or not. Then we will update the test case. Any other questions? Maybe I have a general question because at least this is a rather small community. I guess I know half of the people here in the room but only by name not by faces. I would be interested in having a short introduction round where everybody faces each other's name and the software. If there is no more questions from those, right now we have five minutes. What is the justification for the minimum values? Where does the minimum values come from? The minimum value came from the RS3 or it's the right PCP, I'm not sure. You have something? It doesn't say on the website where it came from. You said that everything has a definition that comes from an RC or something. But it doesn't say on the website where it came from. Where it came from? I don't know that point. Thank you.