Skip to main content

You're viewing an archived page. It is no longer being updated.

DNS Working Group Minutes - RIPE 82

Date: 19 May 2021 14:00 - 15:00 (UTC+2)
WG Co-Chairs: João Damas; Shane Kerr; David Knight
Scribe: Boris Duval
Status: Final

A. Administrivia

Shane Kerr mentioned that the DNS Working Group is running remote online sessions in parallel to the RIPE Meetings sessions. Shane also mentioned that the working group will stop running those sessions until at least after the summer. More information will be provided in September 2021 if there is a change of plans.

B. Resolver Centrality

João Damas, Geoff Huston (APNIC)

Presentation available at:

Michael Richardson (Sandelman) asked if the presenters meant that the ISP is providing "" or "" to the user via PPP or DHCP configuration, or if the ISP is providing an ISP IP and then proxying the query to a public resolver.

Geoff Huston explained that their assumption was that the ISPs were simply forwarding queries to Google Public DNS as default. He also mentioned that one provider in Iran was sending its queries to multiples public DNS resolvers at once.

Christian Bretterhofer (Independent) asked what could be done to hinder further centralisation.

Geoff answered that the problem was not centralisation per se but that ISPs are getting larger and some are forwarding queries by default to Google Public DNS. He explained that the second issue was at the application level where Android and Chrome have 80% of the market share and that could be worrying if they take all the users with them.

Andrew Campling (419 Consulting) thanked the presenters and pointed out that regarding centralization there is a small point of potential exploitation of personal data, as well as the move of that personal data under US jurisdiction (a combination of the Cloud Act and FISA 702) rather than for example GDPR.

C. RIPE NCC Update

Anand Buddhdev (RIPE NCC)

Presentation available at:

Moritz Müller (SIDN) asked if the RIPE NCC upgraded from 1G to 10G at the root because of increased demand or only to have additional capacity.

Anand said that the RIPE NCC upgraded to ensure sufficient capacity. Firstly because DNS query volumes keep rising gradually, and secondly to have enough capacity when there are spikes in traffic.

Carsten Schiefner (All Things Internet. And Internet of Things.) asked if there were any complaints about the RIPE NCC offering a service that other commercial entities, including members, could offer.

Anand said that the RIPE NCC used to provide secondary DNS for several ccTLDs. He added that there was a discussion about this topic several meetings ago, and that the RIPE NCC gradually phased out this service for most of the larger and well-provisioned ccTLDs. He further explained that the RIPE NCC is now only providing this service for the smaller and developing ccTLDs. Anand also said that the RIPE NCC is not providing service to any other commercial entities, and that they were not aware of any complaints.

Carsten asked where the RIPE NCC drew the line between "larger and well-provisioned" and "smaller and developing" ccTLDs and if this would mean that the RIPE NCC would kick out ccTLDs once they have transitioned from one camp to the other.

Anand said that the RIPE 663 (Secondary DNS Service for ccTLD Operators) document defines these criteria and that the RIPE NCC is following the policy.

D. Deployment of CDS/CDNSKEY

Ondřej Caletka (RIPE NCC)

Presentation available at:

There were no questions due to time constraints.

E. Dear EU: Please Don't Ruin the Root at RIPE 82

Bert Hubert (PowerDNS)

Presentation available at:

There were no questions due to time constraints.