About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
DNS Working Group
search  
     
Next Sectionyou are here: RIPE -> RIPE Working Groups -> DNS
RIPE Navigation Ends
RIPE Meeting Minutes
RIPE Meeting Presentations
Action List
RIPE NCC Navigation Ends
Next Section

DNS Working Group

Minutes from RIPE 35

RIPE Meeting: 35
Working Group: DNS
Status: 1st Draft
Revision Number: 1 

February 23rd, 2000

Chair: Rudiger Volk
Scribe: Lee Wilmot

AGENDA

Documents
 SOA
 Dummy Guide
 Extended BCP
 Anything else?
Reports
 DNSSec workshop
 hostcount
 Anything else?
 TLD/CENTR

DOCUMENTS

1) SOA Doc
Issued as ripe-203 (tick)

Q: Does this deal with the negative cache time interpretation of minTTL?
A: (Peter Koch) yes, recommends 1hr for minTTL, intention to update document
as situation changes

2) Dummy Guide
Lars-Johan: still stuck (and worried about finding document source).
Chair urged to put it out this evening.

3) Extended BCP 
Peter suggest making another Internet Draft out of it
(no comparable mechanism within RIPE), will expose to
review. Chair thinks this a good idea.

Chair: any other documents need to be worked on?
No suggestions.

REPORTS

4) Lars-Johan on DNSSEC workshop from previous day
Ed Lewis (ISC) gave introduction to DNSSEC.

Participants experimented with setting up and signing zones etc
Some problems found:
  - where crypted keys used for signing should be stored?
	  - not well specified
	    - parent bad idea, not auth for the data
     - NXT record to secure non-existent domain names...
     - very confusing
     - generate lots of data, zone can grow by factor 10
  - impossible to sign root zone
     - bug in named, won't handle labels length zero!

Lars-Johan wants to know about other experiments with DNSSEC.
Different problems will be encountered with different approaches.

5) Hostcount

Peter discussed hostcount. Scaling problems increasingly bad
for larger TLD's. 16 days, 2GB of data to run count for de.
Algorithm will be reviewed and probably revised.
DNR forum: aparently hostcount was discussed here.
Access to zonefiles for statistical purposes, will RIPE NCC
continue with the hostcount, CENTR?

6) Anything else
IETF DNSOP doc about to be published. Unique root doc published to dnsop
mailing list.

7) ccTLD/CENTR

Kevin Maynall (tech officer at CENTR).

CENTR has now replaced TLD WG. 
Had technical workshop Mon/Tue. Issues...
   - moving domain objects from RIPE DB
   - BCP for DNS servers. Kevin went round ccTLD's, docuemented nameserver     
      setup, delegation practices (check servers before delegation ?), SOA     
       values, etc.
   - de zone transfer problems to secondaries: plan to compress, send (FTP?),  
      uncompress
	   Lars-Johan mentions initiative from ISC on compressed zone transfers
	   Kevin not sure about that.
   - DOS attacks. Conclusion: not pressing issue for ccTLD's. There are 
	 mechanisms for notification of attacks amongst the ccTLDs.
   - DNSSEC: all want it, no-one knows when will happen. Trials indicate it's
	 not scalable. Lars-Johan: why do they want it? Unknown to Kevin.
   - inconsistencies between TLD registrars statistics and RIPE Hostcount.
	 Again, should CENTR take on hostcount?
	 Question: what's value of hostcount? 
         Historical interest and tracking down bugs were cited.
   - thoughts on having a dummies guide to setting up nameserver (for ccTLD 	  
   operators)

Chair: any new Activity Plan points ?
None forthcoming.

AFTERMATH

Peter: Nameserver DOS exploit: attacker sends DNS queries for e.g. MX of
aol.com with forged source. Ongoing, hard to defend against.

Please mail comments/suggestions on:
RELATED TOPICS
RIPE DATABASE SEARCH


 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | © RIPE Community. All rights reserved.
RIPE.NET Homepage LIR Portal RIPE Community