Minutes from RIPE 38
| RIPE Meeting: 38 |
|
| Working Group: DNS |
|
| Status: |
1st Draft |
| Revision Number: |
1 |
RIPE 38
DNS Working Group
25th January, 2001, 9am
Chair: Rudiger Volk
Scribe: Lee Wilmot
1. Minutes from Previous Meeting
No comments, minutes accepted
2. Report from IETF dnsop WG
Lars-Johan Liman
- there were two DNSSEC workshops between IETFs
- general conclusion: DNSSEC not ready for deployment yet.
- administration is the major problem - very complicated key handling
- child-parent interaction and signature of child key expiry roll-over
issues
- changing key in an emergency e.g. due to compromised key
- child changes key but doesn't ask for resign
- etc
Drafts:
- draft-ietf-dnsop-keyhand-03.txt (Ed Lewis)
- Ed will do complete rewrite to include experiences thus far.
- draft-ietf-dnsop-hardie-shared-root-server-02.txt (T. Hardie)
- draft-ietf-dnsop-ohta-shared-root-server-00.txt (M. Ohta)
- both expired, need to resubmit if want to go forward.
- draft-senie-inaddr-required-00.txt (Daniel Senie)
- BCP. Document requirements on those who control
address blocks for setting up of reverse DNS.
- Lars-Johann doesnt see firm reasons (e.g. of the 'otherwise X will
break' variety) to enforce setting up the reverse
- root server/v6 issue
- consensus: testing in isolated networks necessary to determine
effect of mixing 4/6 with old and odd versions of DNS servers.
- last word not said
- bitstring/A6 doesn't work well with BIND up till and including 9.0
- possibly better in 9.1.0
3. DNS Today - Are We Overloading the Saddlebags of an Old Horse ?
Presentation by Randy Bush
Randy presented a series of examples demonstrating that many of the
newer DNS capabilities (e.g. A6, DNSSEC) are extremely complicated.
- argues for architectural restraint
- too many clever extensions
- scale question
- support from Patrik Faeltstroem
- states that up to 25% of delegations under .se TLD are erronous
- if current simple 'vanilla' delegation is not maintained correctly,
how will the complicated new features be handled ?
- also mentioned a web-accessible delegation checking
tool he had written
- http://paf.se/domain
- emphasis on delegation being correct rather than zone contents
- other issues arising from this discussion:
- TLD admins are often checking setup at delegation but not retesting later
- a further zone checker was mentioned at http://www.nic.fr/zonecheck/
[ This presentation should be available on the RIPE NCC website
once it is received from the author
http://www.ripe.net/ripe/meetings/index.html ]
4. Watching Query Type Distribution
Presentation by Peter Koch
- are/will new RRtypes A6 etc leading/lead to new query patterns ?
- statistics heavily dependent on 'type' of server
- TLD, end-user, 'resolver', reverse mapping etc
- Peter suggests using the BIND summary stats (XSTATS/NSTATS)
- who will collect ?
- general response 'seems like a good idea but...'
- Randy mentioned an upcoming paper analysing DNS traffic over a major
link rather than on a particular server.
[ This presentation should be available on the RIPE NCC website once it
is received from the author
http://www.ripe.net/ripe/meetings/index.html ]
5. Directory Layers
Patrik Faeltstroem
- need to differentiate between protocol elements and what's
presented to the user
- leakage of URLs up layers. Why arent we using URNs etc ?
- forcing users to use domain names, means lawyers go after DNS people
- what we can point at as an alternative ?
- two IETF initiatives.
- URN WG. Looking for globally unique identifiers with
very long lifetime.
- also 'real names' type system (scribe: CNRP ?)
- but nothing widely deployed
6. RIPE DNS WG Documents
Peter Koch
- historical background:
- 3 docs
- short (RIPE203)
- long (RIPE192)
- very long
- The 'very long' is
- RIPE DNS WG Guide To Setting Up a DNS Server
- draft-koch-ripe-dns-setup-guide-01.txt
- 16 pages currently in 5 chapters
- todo:
- review the short and long documents
- finish the very long.
- finishing easy enough
- getting feedback more difficult: needs exposure
- nic.fr folks will try out in their training courses
- Cricket Liu was happy to review document
7. IPv6 DNS On Root Servers
Francis Dupont
Lot's of recent list discussion about v6 DNS and the roots. Currently
no support higher in the tree.
- what effects on the IPv4 world ?
- politics of getting changes made to the root zone
- BIND 9 performance problems
Randy wants to see...
- exactly what needs to be done
- a path to getting these things done safely without
causing problems with the IPv4 world.
Local experimentation: can entail not just the consequences to your
local subtree, but also to people outside that subtree.
8. Software - BIND 9
Jim Reid, Nominum
- in general, Nominum *strongly* recommend upgrading to BIND 9.0.1
from all previous version of BIND (also prior to BIND 9.0)
- despite the reduced answer performance
- exception: people running with huge numbers of secondary zones on
their server (50000 was mentioned) should be aware of a problem with
regard to refresh not being done for some zones.
- more feedback is desired on BIND 9. Deployment estimated at 5%.
- note on upgrading from BIND 8: watch out for changed logging
system
9. I/O With Other WG's
10. Suggestions for RIPE 39 (Bologna)
11. AOB
Please mail
comments/suggestions on:
|
 |
| RELATED TOPICS |
|
|
|
|
