RIPE 50

RIPE Meeting: 50
Working Group: DNS
Status: Final
Revision Number: 1

RIPE 50 Meeting
Stockholm Sweden
DNS Working Group
Thursday, 11:00 - 12:30

A. Administrative Matters
Because of scheduling conflicts and logistical problems, there are
some changes from the published agenda. Items E (Olaf Kolkman) and H
(Masato Minda) will be swapped on the agenda. So will items F (Joao
Damas) and D (Jakob Schlyter). Apologies for these last-minute
changes and hope the WG will understand.
-------------

B. Review of Action Points from RIPE 48 & 49:

48.1 Dealing with Large Scale Lameness - Peter Koch, DENIC
No Qs

48.2 AXFR Integrity Checks - Mans Nilsson
Q: Joao Damas: Will these tools and checks be on-line?
A: We will integrate them, so that you don't get large manual overload.

48.4 AAAA Resolution Issues: Dave Wilson, HEAnet (Replacing Dave
Malone, Trinity College)
http://www.ripe.net/ripe/meetings/ripe-50/presentations/ripe50-dns-aaaa.pdf
Jim Reid WG Chair: Can the Working Group take over the work to
produce a RIPE document out of this? The WG decided to incorporate
this suggestion into the onging Action Point 48.4.

49.1 Hostcount Requirements - Peter Koch, DenNIC
http://www.ripe.net/ripe/meetings/ripe-50/presentations/ripe50-dns-49-1.pdf
Still no input or suggestions from WG. Peter asked for further
guidance from the WG on how to progress this AP.


49.2 DNS Migration document - Fernando Garcia, Eurocommercial
http://www.ripe.net/ripe/meetings/ripe-50/presentations/ripe50-dns-froot-bind.pdf
Reid: Should this become a RIPE doc?
Damas: ISC Supports that
Schlyter: Needs to be polished further
Mohsen Souissi, nic.fr : useful for registries. Wait to help validating
until next RIPE meeting
Rob Blockzijl: RIPE: Small editing committee for a few weeks to
polish wording. Not content, that's OK.
Reid: there is a mailing list49-3. .. It is not active
Peter Koch: Document only arrived 8 hours ago.
Rob Blockzijl: Publish it on the wg mailing list

49.3 Sitefinder Update - Jaap Akkerhuis, NLnetLabs
http://www.ripe.net/ripe/meetings/ripe-50/presentations/ripe50-dns-delegation-bind.pdf
Not possible to get more info because it was hard to find sufficient
resolving servers to probe and get meaningful data. Should consider
this AP closed or done.

49.? Anycast Placement for K - Andrei Robachevski, RIPE NCC

Jim Reid explained that this was a mix-up from RIPE 49. This item
wasn't clearly identified as an AP, so this is being done now.

AP 50.1 RIPE NCC to produce statistics on
Anycast placement for K and hostcount for the next RIPE Meeting.

-------------
C. IETF Update

DNSEXT - Olaf Kolkman, RIPE NCC
http://www.ripe.net/ripe/meetings/ripe-50/presentations/ripe50-dns-dnsext-2.pdf

DNSSEC Specifications have been published. [Cheering.]

DNSOP - Lars-Johan Liman, Autonomica
http://www.ripe.net/ripe/meetings/ripe-50/presentations/ripe50-dns-ietf-dnsop.pdf

David Kessens (Area Director IETF): draft-hollenbeck-epp-secdns
document has reached his desk
Stig Venaas, Uninett : There should be an informational RFC. Can
we work on it here as well.
Peter Koch: recommends LIRs to look at the draft document
draft-ietf-dnsop-inaddr-required-06 Information doc (best practice)
and comment on it.

-------------
F. BIND News - Joao Damas, ISC
http://www.ripe.net/ripe/meetings/ripe-50/presentations/ripe50-dns-froot-bind.pdf
Jim Reid Q: Do you recommend people stop using BIND 8 and use BIND
9.3.1 instead for security reasons?
A: Yes

K-root Status Update
ttp://www.ripe.net/ripe/meetings/ripe-50/presentations/ripe50-dns-k-root-status.pdf

-------------
G. LDAP Back-End for BIND9 - Stig Venaas, Uninett
http://www.ripe.net/ripe/meetings/ripe-50/presentations/ripe50-dns-ldap-bind9.pdf

Q: Ed Lewis, NeuStar: Do you support different (ie new) RRtypes?
A: Sort of. It requires updates and/or additions to the schemas

Q: Are dynamic Updates possible?
A: Underlying sdb interface doesn't allow dynamic updates.
A: Joao: Dynamic updates via sdb will be possible in a future BIND9
release

Sam Weiler, Sparta: For unknown RRtypes please don't use anything
that will require manual intervention.
A: Whenever new types are invented manual intervention is unavoidable
but easy.


------------------------------------------------------------------------
----------


Friday 6 May 2005

[Items E and D swapped around to accommodate scheduling conflict.]

E. Changes to Reverse DNS - Olaf Kolkman, RIPE NCC
http://www.ripe.net/ripe/meetings/ripe-50/presentations/ripe50-dns-rdns.pdf

Peter Koch: Doing dynamic updates makes more sense lower down the
reverse tree.
Lars-Johan Liman, Autonomica: Disagrees. World goes more towards dynamic
environment for all parts of the reverse tree.
Olaf Kolkman, RIPE NCC: we can discuss whether the score should be
changed from SOA score 20 or not if there is disagreement about it.

Q: Liman: Delegation checker changes supported.
ns.ripe.net why do do you keep giving service to thousands of customers.
A: (Olaf): Stability
Q: Liman: How much revenue does it bring?
A: Olaf: None. The NCC does this as a public service
Q: Liman: You dump market of secondary DNS service providers
Daniel Karrenberg: NCC responds to what is asked. This was asked for
stability reasons. If the perception has changed, then we will have a
discussion in WG if this service is still necessary
Jim Reid to Liman: Keep Q to tech issues. If you want a discussion
on the policy aspects, bring up a policy proposal for debate at
next meeting.
Q: Liman: For virtual servers a better technical solution is needed.
A: Olaf: We cannot answer at this moment
Q: Bruce Campbell, RIPE NCC: We cannot change glue in ns.ripe.net
A: Jaap Akkerhuis new ICANN rule: name servers in the root zone
cannot have multiple names. (multiple names for the same IP address
are not allowed). This new policy hasn't been published or discussed.
Jim Reid: Should WG create an AP to produce document to explain
this problem and propose a solution? Discuss this at RIPE51?
A: Mohsen Souissi, AFNIC: No. This can't wait until October.
Daniel Karrenberg: Time frame very quickly. Tomorrow! (It's a no
brainer problem relatively easy to solve) Get a small group of
interested parties to prepare a letter and send to ICANN.

-------------

D. DNSSSEC and .se - Jakob Schlyter, rfc.se
http://www.ripe.net/ripe/meetings/ripe-50/presentations/ripe50-dns-dnssec-se.pdf

Q: Jim Reid: Do you plan procedure to detect when keys are about
to expire and notify zone owner?
A: : Not task of .se
A: Jaap: Not responsibility of domain
Q: Jim Reid: But high failure rate of DNSSEC due to expiring keys
will effect
the perception of DNSSEC by the public.
A: Liman: Business opportunity!

-------------

H. Using In-Bailwick Nameservers in .ARPA: Improving reverse DNS lookup
performance - Masato Minda, JPRS
http://www.ripe.net/ripe/meetings/ripe-50/presentations/ripe50-dns-in-bailiwick.pdf

Q: Ed Lewis, Neustar: In page 15, you say it's slower, did you
measure it?
A: No.
Ed: It's good to have it in next step.

Q: Peter Koch: Avoid in-bailiwick term.
Its all not about glue. It's about easy access to info.
You create more and more names. Concern: Nameserver object in DNS.
Q: Liman: Do you have any problems with a records that looks like
that? Are there any caching server that cannot handle that, hopefully
not.

Q: Koch: Thanks, it's not glue. Maintaining more glue would be
nightmare. In addition to this, creating more and more names, bind
8 should not be used so much and that problem will go away.

Q: Liman. Do you see in any problems with AAAA records?
A: Masato: No

-------------

I. Metrics for DNS Infrastructure - Suzanne Woolf, ISC
http://www.ripe.net/ripe/meetings/ripe-50/presentations/ripe50-dns-research.pdf

No questions or discussion


Jay Daley's presentation held over to RIPE51 because of lack of time.
http://www.ripe.net/ripe/meetings/ripe-50/presentations/ripe50-dns-dynzone.pdf

------------------------------------------------------------------------
------------------------------------------------

New action points:


50.1 RIPE NCC to produce statistics on Anycast placement for K
Owner: Andrei Robachevsky

50.2: Send letter to ICANN on the name server naming issues in the
root zone.
Owner: Jim Reid