From wnagele at ripe.net Fri Mar 4 13:40:11 2011 From: wnagele at ripe.net (Wolfgang Nagele) Date: Fri, 04 Mar 2011 13:40:11 +0100 Subject: [enum-wg] Re: DNSSEC outage in e164.arpa In-Reply-To: <4D5AAA0B.1040805@ripe.net> References: <4D5AAA0B.1040805@ripe.net> Message-ID: <4D70DDAB.2000401@ripe.net> Dear colleagues, Together with our vendor, we have analysed the DNSSEC outage that occurred in e164.arpa on 15 February 2011 and have come to the conclusion that it was caused by an unknown bug in the signer system. The publication of the new DS record for e164.arpa (key tag 33067) occurred on the same day that we began rolling out our new DNS provisioning system. During that migration we had to change our serial timestamp format from YYYYMMDDNN serial number to Unix timestamp format. To do this, we had to increment serials in all of our zones twice to roll to the new values (e.g. 2011021500 -> 1297728000). This excessive re-transfer behaviour seemed to cause the system that verifies the publication of new DS records to skip this signature. As this re-transfer behavior doesn't occur during normal operations, we do not foresee this becoming an reoccurring problem in the future. However, we have decided that there is a need to increase the sanity checks performed before a zone gets published. We are now in contact with NLNetLabs and are investigating the possibility of having a zone transfer proxy that can be configured to validate a zone that comes in on one end and is only sent out on the other end if it validates against a given set of trust anchors. For more information: https://lists.dns-oarc.net/pipermail/dns-operations/2011-March/006926.html We believe this type of sanity check would benefit the community by reducing the occurrence of DNSSEC-related incidents. We would appreciate your input on what requirements should be included in a sanity checker. You can share your input with me by email, or in person at the DNS-OARC meeting in San Francisco (13-14 March). Regards, Wolfgang Nagele RIPE NCC DNS Group Manager On 2/15/11 17:30, Wolfgang Nagele wrote: > Dear colleagues, > > Our DNSSEC signer system produced a e164.arpa zone that was missing a > signature for the current KSK at approximately 13:00 UTC today. > > We resolved the error at approximately 16:30 UTC by producing a new zone > (serial 1297787668). > > We apologise for the outage and will provide more details after we've > analysed the incident. > > Regards, > > Wolfgang Nagele > RIPE NCC DNS Group Manager From enumvoipsip.cs at schiefner.de Thu Mar 10 22:19:38 2011 From: enumvoipsip.cs at schiefner.de (Carsten Schiefner) Date: Thu, 10 Mar 2011 22:19:38 +0100 Subject: [enum-wg] First call for RIPE 62 ENUM WG agenda Message-ID: <4D79406A.6000007@schiefner.de> Dear ENUM WG colleagues, we are just a little more than seven weeks away from RIPE 62 (2-6 May in Amsterdam, http://www.ripe.net/ripe/meetings/ripe-meetings/ripe-62/ ) - and time flies, as always. Niall O'Reilly and I are looking for input from you all for the agenda of the ENUM WG for this meeting: offers to give presentations, suggestions for presentations from others, and warnings of topics to avoid for lack of interest. As always, to begin with, here is a list of 'regular' topics we usually cover during an ENUM WG session: - Updates from countries with 'significant' developments - ENUM in production: operations, uptake, strategy Best regards - and we look forward to seeing many of you in lovely Amsterdam in lovely May: Carsten Schiefner Co-Chair, RIPE ENUM Working Group From Niall.oReilly at ucd.ie Wed Mar 23 12:35:31 2011 From: Niall.oReilly at ucd.ie (Niall O'Reilly) Date: Wed, 23 Mar 2011 11:35:31 +0000 Subject: [enum-wg] Draft ENUM WG Minutes from RIPE 61 available Message-ID: Dear ENUM-WG Colleagues, Thanks to the RIPE-NCC, draft minutes of the ENUM WG session at RIPE 61 (Rome) are now available at https://www.ripe.net/ripe/groups/wg/enum/minutes/ripe-61. Please let us know of any errors or omissions. I look forward to seeing you again at RIPE 62 in Amsterdam in just over 5 weeks. Best regards, Niall O'Reilly From enumvoipsip.cs at schiefner.de Wed Mar 23 13:55:12 2011 From: enumvoipsip.cs at schiefner.de (Carsten Schiefner) Date: Wed, 23 Mar 2011 13:55:12 +0100 Subject: [enum-wg] Second call for RIPE 62 ENUM WG agenda Message-ID: <4D89EDB0.5060008@schiefner.de> Dear ENUM WG colleagues, we are just a little more than five weeks away from RIPE 62 (2-6 May in Amsterdam, http://www.ripe.net/ripe/meetings/ripe-meetings/ripe-62/ ) - and time flies even more. Niall O'Reilly and I are still looking for input from you all for the agenda of the ENUM WG for this meeting: offers to give presentations, suggestions for presentations from others, and warnings of topics to avoid for lack of interest. As always, to begin with, here is a list of 'regular' topics we usually cover during an ENUM WG session: - Updates from countries with 'significant' developments - ENUM in production: operations, uptake, strategy Best regards - and we look forward to seeing many of you in lovely Amsterdam in lovely May: Carsten Schiefner Co-Chair, RIPE ENUM Working Group From Niall.oReilly at ucd.ie Fri Mar 25 21:01:18 2011 From: Niall.oReilly at ucd.ie (Niall O'Reilly) Date: Fri, 25 Mar 2011 20:01:18 +0000 Subject: [enum-wg] DRAFT Minutes of ENUM-WG session at RIPE 60 are available In-Reply-To: <4CC143C7.30708@schiefner.de> References: <4CC06133.2070704@schiefner.de> <20101021174647.GD592@unknown.office.denic.de> <4CC143C7.30708@schiefner.de> Message-ID: <4D8CF48E.4000306@ucd.ie> Following up (at last) on ACTION ITEM: ENUM-AP-61.1 - Niall O'Reilly, Carsten Schiefner, Peter Koch - Clarify point from RIPE 60 minutes. On 22/10/10 08:56, Carsten Schiefner wrote: > Peter, all - > > Peter Koch wrote: >>> We would appreciate if you could set some time aside to review and >>> comment on the draft and, if necessary, post objections or >>> corrections on this list no later than 12:00 UTC on Monday, 15 November. >> >> reads OK to me except I don't understand he second of these two lines >> and also >> unfortunately don't remember the wording: >> >>> Bill asked what is considered large. >> >>> Bernie said that anything K is large in DNS but that Jim Reid might >>> have an opinion on this. > > be invited to check this against the audio archives and the transcript > of the session available at: As I hear the audio, Bernie said, "anything that's a K is large ...". I understand this to mean that any DNS response of the order of 1K octets (or more) counts as large. Peter, will s/anything K/anything that's a K/ be sufficiently clear? If so, I'll ask for the authoritative copy to be amended thus. Best regards, Niall From enumvoipsip.cs at schiefner.de Tue Mar 29 11:43:24 2011 From: enumvoipsip.cs at schiefner.de (Carsten Schiefner) Date: Tue, 29 Mar 2011 11:43:24 +0200 Subject: [enum-wg] RIPE 62: Draft agenda for ENUM WG session Message-ID: <4D91A9BC.8010906@schiefner.de> Dear ENUM WG colleagues and RIPE NCC Meeting Team, I am happy to send you a first draft agenda for the ENUM WG session at RIPE 62. Although Niall and I believe that interesting agenda topics have come together already, we think we still have scope for additional material. Don't be shy! Best regards, Carsten Schiefner Co-Chair, RIPE ENUM WG DRAFT -- DRAFT -- DRAFT -- DRAFT -- DRAFT -- DRAFT -- DRAFT Draft Agenda, ENUM WG at RIPE-62 14:00 Thursday, 5 May 2011, NH Grand Hotel Krasnapolsky, Amsterdam, Netherlands A: Administrivia (5 min) Welcome, Scribe, Jabberwok, Microphone etiquette, Agenda B: Finalize Minutes of ENUM-WG at RIPE 61, Rome (2 min) https://www.ripe.net/ripe/groups/wg/enum/minutes/ripe-61 C: Review Action List (3 min) ENUM-AP-61.1 - Niall O'Rielly, Carsten Schiefner and Peter Koch to clarify point from RIPE 60 minutes. ENUM-AP-61.2 - Carsten Schiefner to get more information on NRENUM. ENUM-AP-61.3 - Denesh Bhabuta to organise a panel. D: Main presentations (45 min) D1: [NRENUM] (Peter Szegedi, 20 min) D2: [ENUM and +1800] (Pavel Tuma, 15 min) D3: [tba.] (tba., 10 min) ... E: ENUM Operations E1: Tier-0 Report (Anand Buddhev, 15 min) ... F: Short News F1: enumdata.org update (Niall O'Reilly, 5 min) F2: [.cz ENUM] (Pavel Tuma, 10 min) G: Discussion on Plenary presentation: [Placeholder for 'G': nothing planned this time] X: Interaction with other working groups Y: AOB Z: Close (5 min) Summary of action items -- 15:30 Coffee -- From Niall.oReilly at ucd.ie Tue Mar 29 12:52:08 2011 From: Niall.oReilly at ucd.ie (Niall O'Reilly) Date: Tue, 29 Mar 2011 11:52:08 +0100 Subject: [enum-wg] Information site Message-ID: <603B970C-9C0D-4DE5-809E-CA8B0D71D79C@ucd.ie> I'm happy to remind everyone on the list that the information site is still graciously hosted by Kim Davies at http://enumdata.org/. I'm always glad to have updates. Best regards Niall O'Reilly