RIPE 48

RIPE Meeting: 48
Working Group: DNS
Status: Final
Revision Number: 1


RIPE Meeting: 48
Working Group: DNS Working Group
Status: 2nd Draft
Revision Number: 3

* content to the Chair of the working group.
* format to webmaster@localhost.

DNS Working Group, Session 1 (DRAFT)

RIPE 48 Amsterdam
Date: Tuesday, 4 May 2004
Time: 16:00 - 17:30
Location: Grand Ballroom

Chair: Jim Reid
Scribe: Timur Bakeyev, RIPE NCC

- Administrivia.

Introduction

Session is going to be Web casted as well as reflected in Jabber.
Request to participants to hold their question till the end of
presentation.

Thanks to Nominet, who sponsored the chair of this group.

Swap of the presentations:

Instead of "DNSSEC forum" by Suzanne Woolf -> "DNS an MCI, another type
of large DNS server" by Andre Koopal.


- "Proposed new charter", Peter Koch

http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-charter.pdf

The DNS Working Group discusses current DNS related issues in technology
and operations. The WG encourages deployment of DNS and DNS-related
protocol components by collecting experience and documenting current
practice and recommendations. It therefore provides a mechanism for
exchanging practical and operational experience with organizations like
CENTR and the IETF.

The WG discusses DNS software implementations, especially security and
scalability aspects as well as performance and interoperability
considerations. DNS quality and other factors that may affect the
stability of the DNS system are also discussed by the WG. The DNS WG
provides a forum for the Registry and Registrar community. It discusses
the technical and operational issues arising from registration policies
with a specific focus on the deployment of new and emerging features.

Charter was approved by the meeting.


- "CENTR news", Kim Davies; CENTR

http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-centr.pdf


- "Implementation of the BACK ORDER service", Andrzej
Bartosiewicz; NASK

http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-backorder.pdf

This will be launched on 1st June, 2004.

System of options - similar to stock exchange options.


- "EPP implementation", Patrycja Wegrzynowicz; NASK

http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-backorder.pdf

XML based Extensive Provision Protocol

Q: Can you explain the slide: Registrar buys option for the Registrant.
What are the terms used?
A: Registrar is the agent of Registrant.

Q: (Jim) What is the reaction of the customers on the new schema and
how Registrars like it?
A: As for Registrants, they hardly even notice the change. It's more
attractive to the Registrars. They are quite happy :)


- "Deploying IDNs in the .no domain", Jarle Greipsland; NorID.

http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-idns-no.pdf

Q: (Jaap) What do you exactly register in your forms - UNICODE, Punycode
or just US encoding?
A: When register you have to fill out both in the forms. On update you
can supply any of them.

Q: And what is your Whois server accepts?
A: It is either US-ASCII, ISO-Latin1 or UTF8.

Q: And the input for the request?
A: US-ASCII or Latin1 by default, but you can supply switch to use UTF8.

Q: (Carsten) Speaking about legal terms - what is registration contract
about? Is it about IDN in UTF8 or in Punycode?
A: Both versions are on contract.

Q: So, the contract actually is about bundle of two names?
A: Yes, both names are defined there(Get two for the price of one:)


- "IDN deployment in Germany", Marcos Sanz; DENIC

http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-idn-de.pdf

Q: (Peter) That binary queries, you talked about - did you take a look onto
second level labels or all the labels?
A: All the labels(of course in .de)

Q: And for those queries your DNS server received - did you try to
cross check whether that binary, UTF, Latin1 names, what ever you found
there - were that names actually registered within .de?
A: I didn't do it systematically, but yes, most of them there registered?

Q: Question remains, what names where queried before they have chance to
be registered?
A: Random words, general terms... In the last week we saw, that people
mostly tried to reach that MAY exist on their opinion.

- ".info support for German script", Desiree Miloshevic; Afilias

http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-idn-launch.pdf

Q: There have been reports, that there is a project to make IDN
available without software upgrade?
A: That was misinterpretation of our announces in the press.
C: (Jaap) Charset names, used for IDNs should be standardized, possibly
through the IANA or other Internet official bodies...


- "DNS at MCI", Andre Koopal; MCI

http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-mci.pdf

Q: (Peter) You are acting as a secondary for customers. What happens
when primary(at your customer) disappears? That should lead to the lame
delegations and query storms...
A: We do remove them from the configs after certain amount of time. No
special actions are taken against query storms, though.
C: (Jaap) You've said, that you don't use Bind 9 for NL TLD, because it's
too picky about the standards. But that's the goal - to enforce
standards for those lame delegations!

Q: (Olaf) Are you sure that Bind 9 doesn't accept '/' in the domain
names?
A: Not really, maybe some other quite popular symbol, but the problem
exists..

Q: (Jim) Are you making efforts to move to Bind 9?
A: Not right now, at least.
C: (Peter) there is clearly problem with disappearing customers for DNS
integrity. Registrars refuse to remove them on ISPs requests. What can
be done in such situation? What is the common practice? Would it be OK
to make it an action point for WG?
R: (Jim) That's a good idea! Peter, you've just volunteered to bring in
to the DNS WG :)

[ACTION 48.1] on Peter Koch: Collect experience with lameness problems,
initiate BCP style document and wishlist for support by TLD registries.

========================================================

DNS Working Group, Session 2 (DRAFT)

RIPE 48 Amsterdam
Date: Thursday, 6 May 2004
Time: 9:00 - 12:30,
Location: St. Johns II

Chair: Peter Koch (09:00 - 10:30), Jim Reid (11:00 - 12:30)
Scribe: Alessandro Bassi, RIPE NCC

- "IETF Reports", Sam Weiler; TIS Labs

http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-ietf.pdf


Last IETF was held in Seoul, apparently was quite "boring". Next
meeting in August, in San Diego.


DNS discovery for IPv6: a summary comparing the alternatives must be
done before august, otherwise the item will be removed.

DNSOP: business as usual, several drafts in progress, several ones
stopped or in stand by.

DNSEXT: 9 open drafts

DNSSEC: No recent problems. It has to be noted that there are no major
protocol issues in the last year

DNSEXT: most milestones are advanced to draft standards.

There is an RFC 3597 interoprability testing coordinated by Jakob Schlyter
Mailing list: https://www.rfc.se/mailman/listinfo/interop3597 or
interop3597-request@localhost

- "K-Root operations update", Dave Knight; RIPE NCC

http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-kroot-update.pdf

Status: Global instances are in London and A'dam. Recently two more
secondary have been installed in Frankfurt and Athens. Web site has
been renewed completely, and a stats page has been added. More stats
will come in the near future. The current query load is 7000
queries/second. Of these, the great majority is directed to London and
Amsterdam.

Future plans:
- to have 4 more instances of primary servers, two in the US and two in Asia.
- to deploy IPv6.


Q: (Jim) Has any traffic analysis been done? Are the Greeks using
the Athens server?
A: Those kind of stats will be available in a couple of months.

- "Reverse DNS status report", Olaf Kolkman; RIPE NCC

http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-rdns-update.pdf

New reverse DNS, for more fine-grain control, multiple interfaces, and
simplification of policies. Today, because of the current policies,
there might be inconsistencies and confusion. Policies will change
drastically.

Status: the cleanup (prerequisite) was made the first week of
April. April 26, the new interface and new policy were put
live. Marvin will die the 1st of July. the DNSSEC implementation has
been deferred.

In the new policy, there is no need for assignment (as before), and
anybody authorized can do the Rev DNS. Another change is mnt-by, which
becomes mandatory. When submitting the request, points will be added
for warnings and errors; over a certain limit, the request will be
rejected.

Q: (Jim) Any plans to introduce TSIG ...
A: No plans
Q: Do people care about it? Why not?
A: (Peter): Zone transfer restrictions are useless anyway for most
zones. Restrictions can be IP based.

[ACTION 48.2] An action item was created on Mans Nilsson to write up a proposal
for the use of TSIG for zone transfers, when ns.ripe.net acts as a secondary.

[ACTION 48.3] Olaf Kolkman was kindly asked to send to the list a pointer to
the predelegation checks currently applied and to initiate review of those
checks and, if necessary, propose changes.

- "DNS-MODA", Jim Reid
http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-moda.pdf

There is a growing frustration with the IETF process, something
different is needed. Something similar to what W3C is, so a W3C for
DNS, no profit, impartial. MODA will not be a standards-making body,
or introduce proprietary solutions, but will work with IETF to improve
the current procedures.

Q: (Geoff Huston) This is alien to what IETF does. IETF also hates
Intellectual Rights problems, and being considered like a rubber
stamp to somebody else's solution, especially if it's half-baked
ideas. IETF must discuss things.
A: The idea is to speed things up, not to have IETF as rubber stamp
body. The work that comes out of MODA will be well-thought out and
shouldn't be half-baked.
Q: (Geoff Huston) IETF has a bad record in working with
industry. IETF task is to work on new things; the risk is
exacerbating problems and making alliances outside.
Q: (Patrik) W3C is not a good example. For instance, let's take
HTTP (IETF) and XML (W3C), there were lots of problems not to make
the same thing twice and work on the same issues. Also, what is the
decision making process of MODA? It is not clear at the moment.
A: True enough: those processes will be determined by the membership.
Q: (Rob Blokzijl) I agree in what Patrick just said, In IETF there's an open,
unconditional participation. MODA is more like a closed Club. MODA
is needed, but it's a bad idea to throw out the free participation. some
re-thinking is needed.
Q: (Patrik Faltstrom) If there is a need for MODA, then IETF does not
work. You have to say it clearly.
A: we are trying to to be collaborative and cooperative, not seeking
confrontation. .
Q: (Rob Blokzijl) There is no logo yet? And, what is the IETF reaction to this idea?
A: The important thing was to announce MODA at this meeting and so
start the efforts to recruit members. The web site and logo will
come later. Discussions have been held with the IETF about MODA for
some time. While there's been no formal response yet, the signs are
good. Though both parties will need to see how things work out in
practice.

- "DNS AAAA measurements: How many sites have problems with IPv6",David Malone; CNRI

http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-malone.pdf

Q: (Jim) Delegation -> capture the info and document it. Write a
document about how to avoid config problems.

[ACTION 48.4]: David agreed to write a document about this for
the WG to consider.

- "6over4 reverse Delegation",Geoff Huston; ICANN

http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-sixxto4.pdf

Individual draft submitted. Keith Moore submitted also some work in
the past, with ideas ranging from reasonable to bizarre.

Q: (Bernard Tuy) which kind of draft did you submit?
A: Individual submission. Not against all the work that has already
been done, but there has been a request to the reverse delegation
community to do some more work on it.

- "Reverse delegation in ip6.int", Andrei Robachevsky; RIPE NCCC

http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-reverse-ipv6.pdf

Q: (Peter) You suggested to remove ip6.int delegation. What is the
current load?
A: around 3 queries per minute.

== BREAK ==

- "ISC News", Joao Damas; ISC

http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-isc.pdf

Advancement on Bind 9.3

Q: (Bernard Tuy) What does OARC mean?
A: Operation Analysis Research Centre.
Q: (Jim) What is the timescale for the release of 9.3? Does it depend on
IETF work on DNSSEC?
A: No, it does not. It will probably be next week.

NLNet update

- "DNSSEC forum",Suzanne Woolf; ISC

http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-dnssec-roadmap.pdf

DNSSEC specs are done, but deployment is less formal and less well
documented. There are problems in deployment. Privacy issues also still
have to be tackled.

Q: (Peter Koch) You mentioned a discussion of zone walking, which may be
considered a deployment obstacle. Any solutions?
A: Not yet. We are identifying issues but we don't know how serious
they are and what needs to be done.
A: (Olaf Kolkman) A protocol change at this point would mean that we'll be
back to the drawing board. Changing the protocol would mean a delay
of one year. There is no obvious solution in sight.

- "Query load variation on ccTLD servers during delegation phases",
Mans Nilsson; KTH

http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-f2f.pdf

Problems, delay introduced because of IANA.

Q: (Doug Barton) First, some good news, we are working on v6; the board
meeting in May will discuss it. About the delay, when was the request submitted?
A: Well, not yet submitted
Q: Then I accept your apologies for not blaming IANA to be late when no request have
been submitted. Normally it takes 2 days.

- "DNS Survey",Peter Koch; Universitaet Bielefeld

http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-survey.pdf

Looking into the .de; Bind 8 by number has only 30%, but 60% by
delegation, and 72% by weighted delegation.

Q: (Jim) Why lots of people are still running Bind 8?
A: Not really lots. Some of them are very large providers. There is
a concern about load. Also, Bind until version 9.2 has a protocol
problem, fixed with 9.3; so maybe, in the near future figures will
change.

- AOB

Patrik Faltstrom is standing down as DNS WG co-chair. He will probably
have some role in the ENUM WG that is expected to be formed. Jim
thanked Patrik for his efforts in the DNS WG. He said that since this
created a vacancy for a co-chair, he invited anyone who was interested
in becoming a co-chair to get in touch.