From daniel.karrenberg at ripe.net Thu Jul 10 09:11:19 2003 From: daniel.karrenberg at ripe.net (Daniel Karrenberg) Date: Thu, 10 Jul 2003 09:11:19 +0200 Subject: [dns-wg] EOF, Amsterdam, September - Call for Presentations Message-ID: <20030710071119.GA3593@reifa.local.> [apologies for duplicates, hint: they have the same message-id] Hi Network Operations Folk, the holiday period is starting! A good time to consider preparing a presentation at the European Operators Forum (EOF) to be held during the 46th RIPE meeting in Amsterdam on September 1st and 2nd. We would like to have as many practical, hands-on presentations as possible this time. Remember: They do not have to be long. We prefer an stand-up interesting 10 minute presentation over a well prepared 90 minutes explanation of something not so interesting to operators. Find some information about presenting below and think about all those experiences this year that might be interesting to other operators. For the EOF "Coordination Group". Daniel Karrenberg -------------------------------------------------------------------------- The EOF The European Operators Forum (EOF) exists for the exchange of Internet operations experience. It has evolved from the "information exchange" part of the early RIPE meetings to provide an open forum outside of the work programme of the working groups and the RIPE plenary. The EOF aims to attract presentations relevant to network operators, practical "hands-on" reports, outlines of future developments and small tutorials. Product marketing presentations are not appropriate, user experience reports are. The EOF programme is assembled by an informal coordination group that is always looking for new people who are able to help by attracting interesting presentations and supporting presenters. Contact: Daniel Karrenberg Presenting at the EOF The EOF wants to attract practical hands-on experience reports. We aim to make turning interesting experience into a presentation as easy as possible. Consider the following: - presentations do not have to be long Something interesting can be said in as little as 10 minutes. This limits the time spent to prepare material and often is a good way to start for first-timers. - support is available We will do our best to support you in preparing your presentation. If you want, we can help structuring your material, help to polish language and arrange for a test-run of your presentation. We can also try to arrange for someone from the same country or region to support you if that is helpful. We can also help you find someone else to present your material in case you cannot make it to the meeting. In short: If you have something intersting to say, we will help you do it! Contact Daniel Karrenberg for more information. - no product marketing presentations The EOF is *not* an appropriate forum for product marketing presentations. User experience reports which are presented by users are definitely relevant. In-depth technical presentations or tutorials are also possible. We expect to finalise the program in early August. We will get back to you then with scheduling details. In the meantime please provide the information below. We place special emphasis on the abstract which should contain references to related material already available if possible. Please send this to eof-coord at-sign ripe.net. - Author(s) - Speaker - (Working) Title - Abstract - Draft Presentation (if available) - Relation to other known work and/or presentations if known - Time Requested It would be helpful if the abstract was written such that potential attenders will learn what to expect from the presentation, i.e. "The presentation will describe our experiences with the Red Packet Washer (http://www.netdet.net/RPW/). We have been using the device for half a year now. It helps us deliver more hygienic datagrams to our customers and peers. We will discuss problems with packet discolouring as well as increased throughput to our upstreams due to decreased clogging by dirty micrograms. We will compare performance with the hand-scrubbing of packets which we used previously. Currently we are optimising device management and getting bugs resolved. We will strive to include the latest experiences in our report." is much better than "The presentation will describe the Red Packet Washer made by Network Detergents." More information about the meeting can be found at http://www.ripe.net/ripe/meetings/ripe-46/index.html Should you have questions, please do not hesitate to contact me by e-mail at any time. During July and August my response time may be slightly longer than usual due to the holiday period. Thanks Daniel From paf at cisco.com Thu Jul 10 09:59:04 2003 From: paf at cisco.com (=?ISO-8859-1?Q?Patrik_F=E4ltstr=F6m?=) Date: Thu, 10 Jul 2003 09:59:04 +0200 Subject: [dns-wg] DNS Meeting in Amsterdam in September Message-ID: <5FF45A60-B2AC-11D7-BE0E-000A959CF516@cisco.com> Being the person responsible for the agenda for the September meeting, I hereby ask for agenda items, and general input. As we all know, the DNS wg has been not as focused as would be expected by a wg at RIPE. The new chairs want to change that. As you can see on http://www.ripe.net/ripe/wg/dns/index.html, the charter is extremely limited, and on top of that wrong: > The Domain Name System working group discusses current BIND versions. > It is also concerned with potential pollution of the DNS and with > domain name related issues. The DNS working group has the last couple of meetings had two goals: - Discussion forum for "current DNS operational issues" - Presentations on status for various project/initiatives elsewhere, such as the DNS related topics in the IETF If it is the case this wg feel there is space for both of the above (something I personally hope), the next step is to focus each one of them a bit more. Especially the first one. The meta-discussion I would like to see in Amsterdam, with a conclusion at the end, is what current DNS operational issues include. The answer should be in the form of a list of potential deliverables, results from discussions on this mailing list and at the meetings. I want a designated individual responsible for each item, and further, a small group of dedicated people which has as main task of moving the discussion forward. The topics are to be synchronised with what happens in DNR Forum, and because of this, you see DN* on the agenda for the next RIPE meeting. The division of labour between the two groups (if we will still have two groups in the future) must be more clear. CENTR today exists as a separate organisation just like anyone else, so maybe the DNR activities should be rolled into the DNS wg (i.e. the two groups should be merged). One of the topics could of course be report from CENTR what is happening, just like other bodies can do it. Proposed agenda for the meeting is because of this: Part 1: Initial discussion about the charter of the DNS wg - What are we doing here? - If we should talk about "operational issues/experiences with DNS", what can be the deliverables? + Topic: Deliverable: Topic-master: Group-members: - What bodies are interesting to have reports by, part from the Topic-masters? Part 2: Reports from DNS-related organisations (2 minutes each): [This is only a list I create from the top of my head...no one has confirmed or even asked to be on the agenda] - IETF: DNSOP - IETF: DNS - Root-server operators - CENTR technical committee - ccTLD registries - Registrars Conclusion: - What is the new wording of the charter? Comments are appreciated. This is _your_ wg, and we are to work together to reach some goal which is of benefit for all of us. paf From amitchell at habeas.com Thu Jul 10 18:18:25 2003 From: amitchell at habeas.com (Anne P. Mitchell, Esq.) Date: Thu, 10 Jul 2003 09:18:25 -0700 Subject: [dns-wg] Re: EOF, Amsterdam, September - Call for Presentations In-Reply-To: <20030710071119.GA3593@reifa.local.> Message-ID: <3F0D2F61.20144.6D92A06@localhost> Hello Daniel! Would you like a presentation from Habeas? I'm not sure that we can get someone there from Habeas, but we may be able to give someone the material and present it on our behalf, as we do have partners and customers over there. Kind regards, Anne Anne P. Mitchell, Esq. CEO Habeas, Inc. > > [apologies for duplicates, hint: they have the same message-id] > > Hi Network Operations Folk, > > the holiday period is starting! A good time to consider preparing a > presentation at the European Operators Forum (EOF) to be held during > the 46th RIPE meeting in Amsterdam on September 1st and 2nd. > > We would like to have as many practical, hands-on presentations > as possible this time. Remember: They do not have to be long. > We prefer an stand-up interesting 10 minute presentation over > a well prepared 90 minutes explanation of something not so > interesting to operators. > > Find some information about presenting below and think about all > those experiences this year that might be interesting to > other operators. > > For the EOF "Coordination Group". > Daniel Karrenberg > > ---------------------------------------------------------------------- > ---- > > The EOF > > The European Operators Forum (EOF) exists for the exchange of Internet > operations experience. It has evolved from the "information exchange" > part of the early RIPE meetings to provide an open forum outside of > the work programme of the working groups and the RIPE plenary. The > EOF aims to attract presentations relevant to network operators, > practical "hands-on" reports, outlines of future developments and > small tutorials. Product marketing presentations are not appropriate, > user experience reports are. The EOF programme is assembled by an > informal coordination group that is always looking for new people who > are able to help by attracting interesting presentations and > supporting presenters. Contact: Daniel Karrenberg > > > > Presenting at the EOF > > The EOF wants to attract practical hands-on experience reports. > We aim to make turning interesting experience into a presentation as > easy as possible. Consider the following: > > - presentations do not have to be long > Something interesting can be said in as little as 10 minutes. > This limits the time spent to prepare material and often is a good > way to start for first-timers. > > - support is available > We will do our best to support you in preparing your presentation. > If you want, we can help structuring your material, help to polish > language and arrange for a test-run of your presentation. We can > also try to arrange for someone from the same country or region to > support you if that is helpful. We can also help you find someone > else to present your material in case you cannot make it to the > meeting. In short: If you have something intersting to say, we will > help you do it! Contact Daniel Karrenberg > for more information. > > - no product marketing presentations > The EOF is *not* an appropriate forum for product marketing > presentations. User experience reports which are presented by users > are definitely relevant. In-depth technical presentations or > tutorials are also possible. > > We expect to finalise the program in early August. We will get back > to you then with scheduling details. In the meantime please provide > the information below. We place special emphasis on the abstract > which should contain references to related material already available > if possible. Please send this to eof-coord at-sign ripe.net. > > - Author(s) > - Speaker > - (Working) Title > - Abstract > - Draft Presentation (if available) > - Relation to other known work and/or presentations if known - > Time Requested > > It would be helpful if the abstract was written such that potential > attenders will learn what to expect from the presentation, i.e. > > "The presentation will describe our experiences with the > Red Packet Washer (http://www.netdet.net/RPW/). We have been using > the device for half a year now. It helps us deliver more hygienic > datagrams to our customers and peers. We will discuss problems with > packet discolouring as well as increased throughput to our upstreams > due to decreased clogging by dirty micrograms. We will compare > performance with the hand-scrubbing of packets which we used > previously. Currently we are optimising device management and getting > bugs resolved. We will strive to include the latest experiences in > our report." > > is much better than > > "The presentation will describe the Red Packet Washer made by > Network Detergents." > > More information about the meeting can be found at > http://www.ripe.net/ripe/meetings/ripe-46/index.html > > Should you have questions, please do not hesitate to contact me by > e-mail at any time. During July and August my response time may be > slightly longer than usual due to the holiday period. > > Thanks > > Daniel > From amitchell at habeas.com Mon Jul 14 10:08:05 2003 From: amitchell at habeas.com (Anne P. Mitchell, Esq.) Date: Mon, 14 Jul 2003 01:08:05 -0700 Subject: [dns-wg] Re: http://www.ripe.net/ripe/mail-archives/dns-wg/2003/msg00115.html In-Reply-To: <07f701c349de$0a4dbce0$8e00a8c0@IPV16> Message-ID: <3F120275.2065.1DE64F0@localhost> > http://www.ripe.net/ripe/mail-archives/dns-wg/2003/msg00115.html > "Would you like a presentation from Habeas?" > === > > Not really... Heh. Ok, fair enough. I thought that the group might find something on building out an ISP-to-ISP DNSWL interesting. Regards, Anne Anne P. Mitchell, Esq. CEO Habeas, Inc. From jeroen at unfix.org Mon Jul 14 12:17:09 2003 From: jeroen at unfix.org (Jeroen Massar) Date: Mon, 14 Jul 2003 12:17:09 +0200 Subject: [dns-wg] Re: http://www.ripe.net/ripe/mail-archives/dns-wg/2003/msg00115.html In-Reply-To: <3F120275.2065.1DE64F0@localhost> Message-ID: <006b01c349f1$16ac9160$210d640a@unfix.org> Anne P. Mitchell, Esq. wrote: > > http://www.ripe.net/ripe/mail-archives/dns-wg/2003/msg00115.html > > "Would you like a presentation from Habeas?" > > === > > > > Not really... > > Heh. Ok, fair enough. I thought that the group might find > something on building out an ISP-to-ISP DNSWL interesting. Anne, you should *NEVER* take anything serious coming from the "Jim Fleming" person, google on his name and find out what 'positive' things he has contributed. He wasn't banned from a couple of mailinglists (ietf/ripe etc) for nothing. The only persons who probably will be able to 'reject' your offer are the chair people of this working group or ofcourse the majority... Greets, Jeroen From saleh at mailhost.nic.ir Tue Jul 15 16:24:58 2003 From: saleh at mailhost.nic.ir (alireza saleh) Date: Tue, 15 Jul 2003 18:54:58 +0430 Subject: [dns-wg] Ripe 46 Meeting Message-ID: Dear Friends, I'm new in this mailing list, I'm technical person of IR cctld, We would like to start registration through resellers,I would like to know if there is a software available to perform the automatic registration. I'll be grateful if you would give me any idea about reselling , besides , I would like to register for ripe 46 meeting, and would like to know if any discussion about DNS will be held ? Kind regards Alireza. From jmbrown at chagres.net Tue Jul 15 17:10:25 2003 From: jmbrown at chagres.net (John Brown) Date: Tue, 15 Jul 2003 09:10:25 -0600 Subject: [dns-wg] Ripe 46 Meeting In-Reply-To: ; from saleh@mailhost.nic.ir on Tue, Jul 15, 2003 at 06:54:58PM +0430 References: Message-ID: <20030715091025.A17518@alderaan.chagres.net> It sounds like you are looking for Registry software so that you can have registrars sell names and insert them into your dns. I'd suggest that you look a the fine work ISC (The BIND People) has done with OpenReg, a Open Software based registry system. http://www.isc.org should get you pointed in the right direction. If you need any help with back up secondaries, or such, we have space and bandwidth available in Albuquerque, NM john brown, ceo chagres technologies, inc On Tue, Jul 15, 2003 at 06:54:58PM +0430, alireza saleh wrote: > Dear Friends, > > I'm new in this mailing list, I'm technical person of IR cctld, We would > like to start registration through resellers,I would like to know if > there is a software available to perform the automatic registration. > I'll be grateful if you would give me any idea about reselling , > besides , I would like to register for ripe 46 meeting, and would like > to know if any discussion about DNS will be held ? > > Kind regards > Alireza. > From bortzmeyer at nic.fr Thu Jul 17 11:37:37 2003 From: bortzmeyer at nic.fr (Stephane Bortzmeyer) Date: Thu, 17 Jul 2003 11:37:37 +0200 Subject: [dns-wg] DNS registry sofwtare (Was: Ripe 46 Meeting In-Reply-To: References: Message-ID: <20030717093737.GA23749@nic.fr> On Tue, Jul 15, 2003 at 06:54:58PM +0430, alireza saleh wrote a message of 11 lines which said: > like to start registration through resellers,I would like to know if > there is a software available to perform the automatic > registration. Besides the excellent advice from John Brown, do note that OpenReg, as its documentation says, was made for "ICANN registries", which means for large gTLD with large registrars, having enough money and time to develop their part of the registration system (the EPP client, for instance). OpenReg has only one interface, the EPP one. So, all of your resellers will have to develop EPP knowledge, which may be too much for them. If you wish to go the EPP way (a moving target!), you can point your resellers toward existing free software for the EPP client: * IRI (http://open.gandi.net) * EPP-RTK (http://epp-rtk.sourceforge.net) On the server side (yours), and if you already have a lot of nice CGI to manage the registry, mod_epp may interest you: http://sourceforge.net/projects/aepps/ > besides , I would like to register for ripe 46 meeting, and would like > to know if any discussion about DNS will be held ? Also, I believe that your question would be more appropriate on the CENTR mailing lists, since you are a member of CENTR. From bortzmeyer at nic.fr Thu Jul 17 12:08:35 2003 From: bortzmeyer at nic.fr (Stephane Bortzmeyer) Date: Thu, 17 Jul 2003 12:08:35 +0200 Subject: [dns-wg] DNS registry sofwtare (Was: Ripe 46 Meeting In-Reply-To: <200307170957.h6H9vnL4073509@bartok.sidn.nl> References: <20030717093737.GA23749@nic.fr> <200307170957.h6H9vnL4073509@bartok.sidn.nl> Message-ID: <20030717100835.GA24519@nic.fr> On Thu, Jul 17, 2003 at 11:57:49AM +0200, Jaap Akkerhuis wrote a message of 11 lines which said: > EPP is not a moving target. The specs are in the rfc-editor queue. > When they are published as RFC (proposed Draft) then EPP will be > offical. > > People having done implementations on earlier drafts created what > seems to be a moving target. Most big EPP registries do *not* use the current version (the one in the RFC Editor queue). Most free EPP software do *not* use the current version (and hence do not interoperate, for instance Gandi's IRI, which works with ".biz" and ".info" registries does not work with OpenReg). From edlewis at arin.net Thu Jul 17 13:58:40 2003 From: edlewis at arin.net (Edward Lewis) Date: Thu, 17 Jul 2003 13:58:40 +0200 Subject: [dns-wg] DNS registry sofwtare (Was: Ripe 46 Meeting In-Reply-To: <20030717100835.GA24519@nic.fr> References: <20030717093737.GA23749@nic.fr> <200307170957.h6H9vnL4073509@bartok.sidn.nl> <20030717100835.GA24519@nic.fr> Message-ID: I highly encourage folks who are using any IETF reviewed document to be sure to read and understand this document before making a judgement on the status of any development within the IETF: RFC 2026: http://ietf.org/rfc/rfc2026.txt As far as EPP is concerned, Jaap's words are correct (as would be expected of a co-chair). It is true that earlier versions of EPP are running around, but keep in mind that EPP as described in the documents in the RFC editor queue have these advantages over the earlier versions: 1) The RFC Editor-Queued documents reflect more and more public review of the work, hence a more broadly acceptable proposal than earlier documents. This is of course relative to those who actively participated in the effort. 2) The Queued documents have been reviewed by the IESG process representing a broader range of expertise to make sure EPP is more in line with the internet protocols previously defined. 3) The Queued documents will be archived "permanently" unlike the documents that describe the earlier versions. The currently Queued documents represent a Proposed Standard in IETF language, which promises higher quality than an internet draft, but lacks sufficient operational testing to be considered a Standard fit for full blown production. On one hand, the Queued documents represent a stable and qualified document definition. On the other hand, there may be unknown issues that will need tweaking before we are satisfied that EPP is solid. There's no (guaranteed) free lunch. The IETF consists of folks volunteering (perhaps because their employer pays them to do so) to make a protocol definition. The IETF does not provide free software (although participants may do so), nor sell software (ditto), nor does it require the use of any protocol or software in the network. The IETF is just a group of engineers trying to make protocols possible. Operators (registries too) will need invest to benefit from the IETF definitions. At 12:08 +0200 7/17/03, Stephane Bortzmeyer wrote: >Most big EPP registries do *not* use the current version (the one in >the RFC Editor queue). > >Most free EPP software do *not* use the current version (and hence do >not interoperate, for instance Gandi's IRI, which works with ".biz" >and ".info" registries does not work with OpenReg). Remember that "you get what you pay for" - I'm not saying that the free software is of poor quality - but if the software base isn't conformant to the Queued documents (better yet the resulting RFCs), I'd be wary to count on it for my operations. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-703-227-9854 ARIN Research Engineer ...as graceful as a blindfolded bull in a china shop... From bortzmeyer at nic.fr Thu Jul 17 14:10:11 2003 From: bortzmeyer at nic.fr (Stephane Bortzmeyer) Date: Thu, 17 Jul 2003 14:10:11 +0200 Subject: [dns-wg] DNS registry sofwtare (Was: Ripe 46 Meeting In-Reply-To: References: <20030717093737.GA23749@nic.fr> <200307170957.h6H9vnL4073509@bartok.sidn.nl> <20030717100835.GA24519@nic.fr> Message-ID: <20030717121011.GA25448@nic.fr> On Thu, Jul 17, 2003 at 01:58:40PM +0200, Edward Lewis wrote a message of 60 lines which said: > It is true that earlier versions of EPP are running around, "Running around" is a nice word for something in use in ".biz" and ".info". > if the software base isn't conformant to the Queued documents > (better yet the resulting RFCs), I'd be wary to count on it for my > operations. This is a very strange argument. Gandi's IRI works with the EPP actually used in the registries. This makes sense, from an user's point of view. From daniel.karrenberg at ripe.net Thu Jul 17 15:01:28 2003 From: daniel.karrenberg at ripe.net (Daniel Karrenberg) Date: Thu, 17 Jul 2003 15:01:28 +0200 Subject: [dns-wg] DNS Meeting in Amsterdam in September In-Reply-To: <5FF45A60-B2AC-11D7-BE0E-000A959CF516@cisco.com> References: <5FF45A60-B2AC-11D7-BE0E-000A959CF516@cisco.com> Message-ID: <20030717130127.GB1740@reifa.local.> Patrick, I would like to have approx 30 minutes to present the pages at dnsmon.ripe.net which will by then be in beta test moving to production. Daniel From edlewis at arin.net Thu Jul 17 15:11:17 2003 From: edlewis at arin.net (Edward Lewis) Date: Thu, 17 Jul 2003 15:11:17 +0200 Subject: [dns-wg] DNS registry sofwtare (Was: Ripe 46 Meeting In-Reply-To: <20030717121011.GA25448@nic.fr> References: <20030717093737.GA23749@nic.fr> <200307170957.h6H9vnL4073509@bartok.sidn.nl> <20030717100835.GA24519@nic.fr> <20030717121011.GA25448@nic.fr> Message-ID: At 14:10 +0200 7/17/03, Stephane Bortzmeyer wrote: >> if the software base isn't conformant to the Queued documents >> (better yet the resulting RFCs), I'd be wary to count on it for my >> operations. > >This is a very strange argument. Gandi's IRI works with the EPP >actually used in the registries. This makes sense, from an user's >point of view. Well, yes, it is strange - I would even by wary of it's use in operations at the point mentioned. Wary doesn't mean don't - wary means that I am careful. It's like when a car mechanic tells you that your car is running fine, but be wary of the brakes. Yes, normally the car runs fine and that is good for the user. But at some time a hard stop is needed, and if that overloads the brakes, the users had better be wary (seatbelt!). -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-703-227-9854 ARIN Research Engineer ...as graceful as a blindfolded bull in a china shop... From pat+ripe-dns-wg at patoche.org Thu Jul 17 15:42:54 2003 From: pat+ripe-dns-wg at patoche.org (Patrick) Date: Thu, 17 Jul 2003 15:42:54 +0200 Subject: [dns-wg] DNS registry sofwtare (Was: Ripe 46 Meeting In-Reply-To: References: <20030717093737.GA23749@nic.fr> <200307170957.h6H9vnL4073509@bartok.sidn.nl> <20030717100835.GA24519@nic.fr> <20030717121011.GA25448@nic.fr> Message-ID: <20030717134254.GT13957@nohope.patoche.org> On Thu, Jul 17, 2003 at 03:11:17PM +0200, Edward Lewis took time to write: > At 14:10 +0200 7/17/03, Stephane Bortzmeyer wrote: > >> if the software base isn't conformant to the Queued documents > >> (better yet the resulting RFCs), I'd be wary to count on it for my > >> operations. > > > >This is a very strange argument. Gandi's IRI works with the EPP > >actually used in the registries. This makes sense, from an user's > >point of view. > > Well, yes, it is strange - I would even by wary of it's use in > operations at the point mentioned. I'm beginning to loose understanding of this thread... Gandi's IRI does not implement the EPP standard, since this standard does not exist right now. What does exist is few EPP drafts, and Gandi IRI supports three distinct versions of them, as used by .INFO .BIZ & .NAME registries right now. It is never implied that it handles all drafts, nor that it is updated in real time per latest drafts to handle all new bangs & whistles. It works, until Registries will change their implementation and use the EPP standard, when it comes out as such from the IETF. Right now, if you are a Registrar, you do not need a client speaking the latest EPP drafts, since no Registries use it. You will need it when Registries use them (kind of an egg and chicken problem, but many Registries will wait before EPP becomes an IETF Proposed standard before starting to use it, and some of those already using it have said to be commited to switch to the ``standard'' one as soon as possible after it appears). You may regret that Registries do not use the latest versions of EPP drafts (or that they started the EPP way far too early), but judging the quality of a client that really works (otherwise Gandi would not handle hundred of thousand of domain names, for example) by the degree in which it complies with latest drafts, seems strange to me, since the software does exactly what it says (which is not complying with all and latest EPP drafts). And BTW, since I am the author of it, but no more at Gandi, I would by happy to updrade it to the latest EPP drafts as soon as I find a job that permits me to do so, and as I may be able to do tests with servers speaking same versions (all help welcomed in this regard). Regards, and sorry for the interruption. -- Patrick. ``The difference between genius and stupidity is that genius has its limits.'' From edlewis at arin.net Thu Jul 17 19:42:21 2003 From: edlewis at arin.net (Edward Lewis) Date: Thu, 17 Jul 2003 19:42:21 +0200 Subject: [dns-wg] DNS registry sofwtare (Was: Ripe 46 Meeting In-Reply-To: <20030717134254.GT13957@nohope.patoche.org> References: <20030717093737.GA23749@nic.fr> <200307170957.h6H9vnL4073509@bartok.sidn.nl> <20030717100835.GA24519@nic.fr> <20030717121011.GA25448@nic.fr> <20030717134254.GT13957@nohope.patoche.org> Message-ID: At 15:42 +0200 7/17/03, Patrick wrote: >I'm beginning to loose understanding of this thread... I agree with your response... >You may regret that Registries do not use the latest versions of EPP If this refers to me, regret isn't the right word. For my part, I am just hoping to make sure folks understand what the IETF produces. >And BTW, since I am the author of it, but no more at Gandi, I would >by happy to upgrade it to the latest EPP drafts as soon as I find a >job that permits me to do so, and as I may be able to do tests with >servers speaking same versions (all help welcomed in this regard). When I mentioned that "you get what you pay for" I was not referring to quality or your work, but was referring to the point you illustrate above... -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-703-227-9854 ARIN Research Engineer ...as graceful as a blindfolded bull in a china shop... From paf at cisco.com Thu Jul 17 21:02:05 2003 From: paf at cisco.com (=?ISO-8859-1?Q?Patrik_F=E4ltstr=F6m?=) Date: Thu, 17 Jul 2003 21:02:05 +0200 Subject: [dns-wg] DNS Meeting in Amsterdam in September In-Reply-To: <20030717130127.GB1740@reifa.local.> Message-ID: <2853872D-B889-11D7-B509-000A959CF516@cisco.com> On torsdag, jul 17, 2003, at 15:01 Europe/Stockholm, Daniel Karrenberg wrote: > I would like to have approx 30 minutes to present the pages > at dnsmon.ripe.net which will by then be in beta test moving to > production. Ack. Do you have any proposal what "deliverables" this can lead to? What can the conclusions be? Recommendations on how/where to build DNS servers, or a document on "trying to measure quality in these ways does NOT reflect real world"? I.e. can we turn this recurrent presentation into some more general task for the wg? paf From edlewis at arin.net Thu Jul 17 21:22:49 2003 From: edlewis at arin.net (Edward Lewis) Date: Thu, 17 Jul 2003 21:22:49 +0200 Subject: [dns-wg] DNS Meeting in Amsterdam in September In-Reply-To: <5FF45A60-B2AC-11D7-BE0E-000A959CF516@cisco.com> References: <5FF45A60-B2AC-11D7-BE0E-000A959CF516@cisco.com> Message-ID: At 9:59 +0200 7/10/03, Patrik F?ltstr?m wrote: >Being the person responsible for the agenda for the September meeting, I >hereby ask for agenda items, and general input. Please catagorize this under "general input." ;) At the last meeting, DNS lameness was a topic. Unfortunately I have not dedicated enough time on my end to make significant progress on my part, but I am wondering if there has been some in other areas. (It's still 6 weeks off, so maybe I can do something.) Recommending an approach to stamping out lame delegations is a high goal, and I think finding a "grand unified approach" that satisfies all is too big of a first step. Two smaller steps that I think are attainable are: 1) Defining what is meant by the word "lame" in the operational context - given that "lame delegations" are used in IETF RFCs to describe a state that is a subset of the operational problem. 2) Defining a way to measure the extent of the problem. I.e., Given a zone: How many delegations, NS RR's, and servers are present? What % of zones cannot be contacted at a given a moment? What % of servers ... the same. What % of NS RR's are a problem... Note that #1 really is needed before #2 - because, what is a "problem?" ;) One comment on this is that I think we can answer steps 1 and 2 given different registry policies. E.g., some registries are happy simply if you can get an answer from a delegation. On the other hand, some registries won't be happy unless the responsible person answer mail and that the MX RR does not refer to an open relay. I'm suggesting that this might be a seed of an agenda item (but I can't now promise to deliver an agenda item). PS - Ordinarily, being policy neutral is a goal of any engineering effort. Perhaps though, it would be good to go the other way - try and describe various policies so that we each have a broader view. Shrug. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-703-227-9854 ARIN Research Engineer ...as graceful as a blindfolded bull in a china shop... From paf at cisco.com Thu Jul 17 23:42:22 2003 From: paf at cisco.com (=?ISO-8859-1?Q?Patrik_F=E4ltstr=F6m?=) Date: Thu, 17 Jul 2003 23:42:22 +0200 Subject: [dns-wg] DNS Meeting in Amsterdam in September In-Reply-To: <2853872D-B889-11D7-B509-000A959CF516@cisco.com> Message-ID: <8C760466-B89F-11D7-B509-000A959CF516@cisco.com> On torsdag, jul 17, 2003, at 21:02 Europe/Stockholm, Patrik F?ltstr?m wrote: > On torsdag, jul 17, 2003, at 15:01 Europe/Stockholm, Daniel Karrenberg > wrote: > >> I would like to have approx 30 minutes to present the pages >> at dnsmon.ripe.net which will by then be in beta test moving to >> production. > > Ack. > > Do you have any proposal what "deliverables" this can lead to? What > can the conclusions be? Recommendations on how/where to build DNS > servers, or a document on "trying to measure quality in these ways > does NOT reflect real world"? > > I.e. can we turn this recurrent presentation into some more general > task for the wg? He he he...at last I managed to stir up some dust. Let me clarify something in the text above. Just like Daniel has pointed out several times in all of his presentations, what Daniel tests is still only the quality of each one of the servers as viewed from the measuring points. It is extremely unclear what conclusions can be made (if any) about the DNS *SERVICE* which the servers deliver together to a random user on the Internet. So, a proposed task might be for this wg is to look at the tool created, and many many other reports (including maybe the report Richard delivered at the last EOF about full service resolver behaviour), and deliver a paper which says _how_ to evaluate where DNS servers should be located. People argue all the time what is "the best" location of servers. Could this not be a good discussion? (It seems to be a good discussion point... ;-) Any takers on being token holder for this "task"? paf From jaap at sidn.nl Thu Jul 17 11:57:49 2003 From: jaap at sidn.nl (Jaap Akkerhuis) Date: Thu, 17 Jul 2003 11:57:49 +0200 Subject: [dns-wg] DNS registry sofwtare (Was: Ripe 46 Meeting In-Reply-To: Your message of Thu, 17 Jul 2003 11:37:37 +0200. <20030717093737.GA23749@nic.fr> Message-ID: <200307170957.h6H9vnL4073509@bartok.sidn.nl> If you wish to go the EPP way (a moving target!). EPP is not a moving target. The specs are in the rfc-editor queue. When they are published as RFC (proposed Draft) then EPP will be offical. People having done implementations on earlier drafts created what seems to be a moving target. jaap From daniel.karrenberg at ripe.net Fri Jul 18 13:43:43 2003 From: daniel.karrenberg at ripe.net (Daniel Karrenberg) Date: Fri, 18 Jul 2003 13:43:43 +0200 Subject: [dns-wg] DNS Meeting in Amsterdam in September In-Reply-To: <2853872D-B889-11D7-B509-000A959CF516@cisco.com> References: <20030717130127.GB1740@reifa.local.> <2853872D-B889-11D7-B509-000A959CF516@cisco.com> Message-ID: <20030718114343.GD3591@reifa-wave.karrenberg.net> On 17.07 21:02, Patrik F?ltstr?m wrote: > On torsdag, jul 17, 2003, at 15:01 Europe/Stockholm, Daniel Karrenberg > wrote: > > >I would like to have approx 30 minutes to present the pages > >at dnsmon.ripe.net which will by then be in beta test moving to > >production. > > Ack. > > Do you have any proposal what "deliverables" this can lead to? What can > the conclusions be? Recommendations on how/where to build DNS servers, > or a document on "trying to measure quality in these ways does NOT > reflect real world"? > > I.e. can we turn this recurrent presentation into some more general > task for the wg? 1) Recommendations for measures DNS serv*ice* quality 2) Recommendations how to summarise the results for consumption by the non-technical public. From paf at cisco.com Fri Jul 18 15:11:37 2003 From: paf at cisco.com (=?ISO-8859-1?Q?Patrik_F=E4ltstr=F6m?=) Date: Fri, 18 Jul 2003 15:11:37 +0200 Subject: [dns-wg] DNS Meeting in Amsterdam in September In-Reply-To: <20030718114343.GD3591@reifa-wave.karrenberg.net> Message-ID: <5CB02432-B921-11D7-84A0-000A959CF516@cisco.com> On fredag, jul 18, 2003, at 13:43 Europe/Stockholm, Daniel Karrenberg wrote: > 1) Recommendations for measures DNS serv*ice* quality > > 2) Recommendations how to summarise the results for consumption by the > non-technical > public. Thanks! paf From edlewis at arin.net Thu Jul 24 15:22:34 2003 From: edlewis at arin.net (Edward Lewis) Date: Thu, 24 Jul 2003 09:22:34 -0400 Subject: [dns-wg] looking for a tool Message-ID: Although I don't have my requirements completely mapped out yet, I want to see if there's a tool available to do what I think I want. I want to give a DNS zone name and an network address to the tool and have the tool tell me if what's at port 53 of that address returns an authoritative answer for the SOA RR. By "network address" I mean IP, v4 now and later, v6 now *and/or* later. By "give" - the format is negotiable, but I will be starting from a list that associates not only my notion of the authoritative servers and a registration record I have. By "authoritative answer" I expect to see the RCODE=0, AA flag=1, and in the answer section (one SOA, no CNAME please) I want the tool to make a decent effort at UDP congestion handling, i.e., a few retries if there is no answer. I want to be able to call the tool repeatedly and possibly in parallel. I want the tool to return the result in a way I can easily parse with something as stupid as a computer. ;) I mention this because I want a simplified result for use in my testing, as opposed to the next request. I want the tool to return me all header fields and answer section so I can feed this to a diagnosis tool and a stat collector - returned in a way I can send to a different analysis procedure. There are a lot of things I don't want the tool to do. I don't care about the contents of the SOA record's RDATA. no responsible party testing, timing parameters no serial number test I don't care about any other record type. no NS consistency test I don't care about any other aspect of network operations no smtp probing Well, I care, but they are beyond my current mission scope. PS - Comments on my "I wants" and I don't wants" are welcome. ;) -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-703-227-9854 ARIN Research Engineer ...as graceful as a blindfolded bull in a china shop... From Stephane.DAlu at nic.fr Thu Jul 24 15:51:21 2003 From: Stephane.DAlu at nic.fr (Stephane D'Alu) Date: Thu, 24 Jul 2003 15:51:21 +0200 Subject: [dns-wg] looking for a tool In-Reply-To: References: Message-ID: <20030724135121.GA35660@nic.fr> On Thu, Jul 24, 2003 at 09:22:34AM -0400, Edward Lewis wrote: > Although I don't have my requirements completely mapped out yet, I > want to see if there's a tool available to do what I think I want. > > I want to give a DNS zone name and an network address to the tool and > have the tool tell me if what's at port 53 of that address returns an > authoritative answer for the SOA RR. > > By "network address" I mean IP, v4 now and later, v6 now *and/or* later. > By "give" - the format is negotiable, but I will be starting from a list > that associates not only my notion of the authoritative > servers > and a registration record I have. > By "authoritative answer" I expect to see the RCODE=0, AA flag=1, and > in the answer section (one SOA, no CNAME please) > > I want the tool to make a decent effort at UDP congestion handling, > i.e., a few retries if there is no answer. > > I want to be able to call the tool repeatedly and possibly in parallel. > > I want the tool to return the result in a way I can easily parse with > something as stupid as a computer. ;) I mention this because I want > a simplified result for use in my testing, as opposed to the next > request. > > I want the tool to return me all header fields and answer section so > I can feed this to a diagnosis tool and a stat collector - returned > in a way I can send to a different analysis procedure. > > There are a lot of things I don't want the tool to do. > I don't care about the contents of the SOA record's RDATA. > no responsible party testing, timing parameters > no serial number test > I don't care about any other record type. > no NS consistency test > I don't care about any other aspect of network operations > no smtp probing > Well, I care, but they are beyond my current mission scope. > I think so far 'dig' IS THE TOOL you want you will just need to use a very simple shell script too ensure that in case of timeout (detected by the dig exit code) you will retry the request once or twice. On the other side perhaps you could describe the tests that you are planning to perform, so they can be included in a more sophisticated too like ZoneCheck (http://www.zonecheck.fr/) for example. Sincerly -- Stephane D'Alu ZoneCheck: the zone checking tool http://www.zonecheck.fr/ From saleh at mailhost.nic.ir Fri Jul 25 00:35:22 2003 From: saleh at mailhost.nic.ir (alireza saleh) Date: Fri, 25 Jul 2003 03:05:22 +0430 Subject: [dns-wg] Remote registration, Message-ID: Dear Friends, Thank you about a software that supports reseller, I think due to special laws in my country,a software have to be developed by the team and I, besides the technology to do the payment by credit card or the same is not available in my country, the only available way to pay is bank transfer. Do we have any program for editing and appending Bind Zone files ?,in the other word a CGI program that gives the name sever, ip address and the domain name as input ,then it modifies or add this entry ? would you also please give me a suggestion about the DNS server program to be use instead of bind ? it should be Secure, Reliable and fast, I always use Bind , but I heard it has many bugs eventhough I haven't seen any. Thank you in advance, Kind regards Alireza Saleh. From daniel.karrenberg at ripe.net Fri Jul 25 09:48:23 2003 From: daniel.karrenberg at ripe.net (Daniel Karrenberg) Date: Fri, 25 Jul 2003 09:48:23 +0200 Subject: [dns-wg] looking for a tool In-Reply-To: References: Message-ID: <20030725074822.GA2498@reifa-wave.karrenberg.net> On 24.07 09:22, Edward Lewis wrote: > I want to give a DNS zone name and an network address to the tool and > have the tool tell me if what's at port 53 of that address returns an > authoritative answer for the SOA RR. > ... ftp://ftp.ripe.net/tools/dns/host.tar.Z From bortzmeyer at nic.fr Fri Jul 25 10:09:30 2003 From: bortzmeyer at nic.fr (Stephane Bortzmeyer) Date: Fri, 25 Jul 2003 10:09:30 +0200 Subject: [dns-wg] Managing the database of a registry (Was: Remote registration, In-Reply-To: References: Message-ID: <20030725080930.GA355@nic.fr> On Fri, Jul 25, 2003 at 03:05:22AM +0430, alireza saleh wrote a message of 18 lines which said: > Thank you about a software that supports reseller, I think due to special > laws in my country,a software have to be developed by the team It is quite difficult to write a software that will work for every NIC in the world (even with a lot of options in the configuration file). Unless everybody chooses Verisign's model of a registry, of course. But if you want to follow your own way, you'll have to do some coding. > Do we have any program for editing and appending Bind Zone files ?,in > the other word a CGI program that gives the name sever, ip address and > the domain name as input ,then it modifies or add this entry ? I would suggest another way: put the information (domain names, contacts, name servers - not always with the IP address, only when it's necessary, reseller, etc) in some sort of database (a RDBMS, for instance) and have the zone file be generated from the database. 1) Your CGI will then edit the database (easier than parsing BIND zone file), every "database-backed Web site" works that way. See for a PHP example (but you can do it in Perl, Python, whatever). 2) To extract info from the database, use something like Perl DBI (a ten-line script is sufficient) or a shell command as simple as (for PostgreSQL): #!/bin/sh psql -q --no-align --tuples-only registry \ -c "SELECT address, hosts.name as host, domains.name as domain\ FROM Hosts,Domains,Nameservers\ WHERE nameservers.domain = domains.id AND \ nameservers.nameserver = hosts.id" |\ awk -F \| '{ print $3". IN NS "$2"."; if ($1) {print $2". IN A "$1"" } }' 3) You will have all the power of the database at your disposal. For instance, you'll be able to develop new applications with SQL quite easily. A whois server becomes very simple to create, for instance. This is more work than just managing the BIND zone file but it's worth it, IMHO. From bortzmeyer at nic.fr Fri Jul 25 10:14:31 2003 From: bortzmeyer at nic.fr (Stephane Bortzmeyer) Date: Fri, 25 Jul 2003 10:14:31 +0200 Subject: [dns-wg] Remote registration, In-Reply-To: References: Message-ID: <20030725081431.GA838@nic.fr> On Fri, Jul 25, 2003 at 03:05:22AM +0430, alireza saleh wrote a message of 18 lines which said: > would you also please give me a suggestion about the DNS > server program to be use instead of bind ? it should be Secure, Reliable > and fast, I always use Bind , but I heard it has many bugs eventhough I > haven't seen any. BIND is the Apache of DNS servers: it does a lot of things and it is heavily configurable. If you do not need all its features, the best choice (I only consider free software) is, IMHO, nsd , which is much smaller (and therefore probably more secure) and much faster (although you may not see it on a lightly loaded name server). You may consider PowerDNS also: . It has an interesting feature, you can use various backends (and even write your own) to manage the actual data store. From brad.knowles at skynet.be Fri Jul 25 19:20:33 2003 From: brad.knowles at skynet.be (Brad Knowles) Date: Fri, 25 Jul 2003 19:20:33 +0200 Subject: [dns-wg] Remote registration, In-Reply-To: <20030725081431.GA838@nic.fr> References: <20030725081431.GA838@nic.fr> Message-ID: At 10:14 AM +0200 2003/07/25, Stephane Bortzmeyer wrote: > BIND is the Apache of DNS servers: it does a lot of things and it is > heavily configurable. If you do not need all its features, the best > choice (I only consider free software) is, IMHO, nsd > , which is much smaller > (and therefore probably more secure) and much faster (although you may > not see it on a lightly loaded name server). Keep in mind that nsd was written for the exclusive task of serving DNS for TLD nameservers, and leaves out a lot of features that are present in BIND. It's also not as user/admin-friendly as BIND -- the authors assume that you know what you're doing and can work with minimal documentation. This may or may not be an issue in this case, but you should at least be aware of these limitations. Also note that nsd pre-calculates all possible supported queries and all possible answers, and then builds the results into a hash table which is only updated when you re-run the parsing/compilation routines to rebuild the hash table. This means that the answers it provides may be formatted somewhat differently than others might expect from a nameserver. Note that nsd is very, very fast, but it's a lot like a top fuel nitro-burning unlimited dragster -- if you want to run it, you had probably better be the equivalent of "Big Daddy" Don Garlits, or you may well find that you have backed yourselves into a corner that you can't get out of (without blowing up everything in a quarter-mile radius). Contrariwise, BIND is a more general-purpose vehicle that is widely understood by most of the people in the business, and is by far the best-documented software in the field. > You may consider PowerDNS also: . It has > an interesting feature, you can use various backends (and even write > your own) to manage the actual data store. BIND can also support SQL backends, and there are plenty of commercial high-end products based on it. See . Contrariwise, PowerDNS has had more than a few problems with the caching/recursor and certain other parts of the system, and is very sensitive to the back-end database being used. The documentation is somewhat lacking in this regard -- if you want to use this software, you should subscribe to the mailing list to obtain the current best wisdom regarding system setup and configuration, etc.... If you're willing to consider commercial alternatives, I can highly recommend the software from Nominum. Both ANS (Authoritative Name Service) and CNS (Caching Name Service) are ultra-high performance packages, with a broad array of supported back-ends, well documented, with good quality commercial support available from the vendor. See for more info. If you want to see a comparison/contrast that I did regarding the various pieces of software, check out , and especially the RIPE44 version of this presentation. Note that while I could get quite respectable performance on my test system from nsd and the Nominum software, I never got anything better than single-digit performance from PowerDNS. I remain convinced that this was a configuration problem which I could not get resolved in time, despite the help that I was soliciting from the mailing list. -- Brad Knowles, "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++) From adulau at foo.be Fri Jul 25 23:23:35 2003 From: adulau at foo.be (Alexandre Dulaunoy) Date: Fri, 25 Jul 2003 23:23:35 +0200 (CEST) Subject: [dns-wg] Remote registration, In-Reply-To: Message-ID: On Fri, 25 Jul 2003, Brad Knowles wrote: > At 10:14 AM +0200 2003/07/25, Stephane Bortzmeyer wrote: > > > BIND is the Apache of DNS servers: it does a lot of things and it is > > heavily configurable. If you do not need all its features, the best > > choice (I only consider free software) is, IMHO, nsd > > , which is much smaller > > (and therefore probably more secure) and much faster (although you may > > not see it on a lightly loaded name server). > > Note that nsd is very, very fast, but it's a lot like a top fuel > nitro-burning unlimited dragster -- if you want to run it, you had > probably better be the equivalent of "Big Daddy" Don Garlits, or you > may well find that you have backed yourselves into a corner that you > can't get out of (without blowing up everything in a quarter-mile > radius). > > Contrariwise, BIND is a more general-purpose vehicle that is > widely understood by most of the people in the business, and is by > far the best-documented software in the field. But complexity for software, tend to generate various issue... nsd is good but as you said, it concentrates on one task. Regarding nsd, the major lack is the logging... I was wondering of a 'dnstop' like that can handle a large volume of nameserver query/reply logging. Is there any user on this list of a "pcap" like capture logging method for a high volume nameserver ? > > If you're willing to consider commercial alternatives, I can > highly recommend the software from Nominum. Both ANS (Authoritative > Name Service) and CNS (Caching Name Service) are ultra-high > performance packages, with a broad array of supported back-ends, well > documented, with good quality commercial support available from the > vendor. > s/commercial/proprietary/g ;-) adulau -- -- Alexandre Dulaunoy (adulau) -- http://www.foo.be/ -- http://pgp.ael.be:11371/pks/lookup?op=get&search=0x44E6CBCD -- "Knowledge can create problems, it is not through ignorance -- that we can solve them" Isaac Asimov From brad.knowles at skynet.be Sat Jul 26 00:14:46 2003 From: brad.knowles at skynet.be (Brad Knowles) Date: Sat, 26 Jul 2003 00:14:46 +0200 Subject: [dns-wg] Remote registration, In-Reply-To: References: Message-ID: At 11:23 PM +0200 2003/07/25, Alexandre Dulaunoy wrote: > But complexity for software, tend to generate various issue... If you want a fully compliant nameserver, there's not much choice. > nsd is > good but as you said, it concentrates on one task. Regarding nsd, the > major lack is the logging... Not true. It doesn't support UPDATE. IIRC, it doesn't support any of the DNSSEC stuff. It doesn't even support round-robin. It throws almost all of the protocol out the window. There are cases where the very limited feature set it provides are sufficient, but they are few and far between. > I was wondering of a 'dnstop' like that > can handle a large volume of nameserver query/reply logging. Is there > any user on this list of a "pcap" like capture logging method for a > high volume nameserver ? I've heard of some tools to do this sort of thing, yes. However, they are not well known, and certainly have not been publicly released. There might be one or two other people on the list I can think of who might have also heard of them. >>... broad array of supported back-ends, well >> documented, with good quality commercial support available from the >> vendor. > > s/commercial/proprietary/g ;-) Proprietary implementation, yes. However, it does fully implement all of the protocols and features (as well as or better than BIND), and as far as people who are outside are concerned, the interfaces and the protocol support are all that matter. Of course, it's all based on good quality code, much of which is open source. For example, one of the primary database formats supported is Berkeley db. The folks at Nominum have made a point of not re-inventing any wheels that don't need to be re-invented. It's good quality code, supports a good variety of hardware and OS platforms, better than any of the commercial stuff based on BIND (and I believe quite a bit cheaper as well). The support staff are excellent, and the company is willing to work closely with folks to find a solution that works best for them. The thing that surprised me the most is not the individual products they have (each of which is best in its field, IMO), but the integration. When you tie all that together the way they have, you get an unstoppable combination. Of course, the person on this list who could argue for it the best is hamstrung by his position within this group. I'm sure he wouldn't want to be seen as abusing the trust placed in him. -- Brad Knowles, "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++) From bortzmeyer at nic.fr Mon Jul 28 10:56:19 2003 From: bortzmeyer at nic.fr (Stephane Bortzmeyer) Date: Mon, 28 Jul 2003 10:56:19 +0200 Subject: [dns-wg] Remote registration, In-Reply-To: References: Message-ID: <20030728085619.GA32149@nic.fr> On Fri, Jul 25, 2003 at 11:23:35PM +0200, Alexandre Dulaunoy wrote a message of 49 lines which said: > Regarding nsd, the major lack is the logging... nsd logs statistics (unlike BIND 9) but does not log individual queries, if this is what you want. For a typical TLD, it would be too much work but the main reason, I suspect, is the desire to keep the code small. As you said, the proper place to record DNS queries is outside of the name server. From bortzmeyer at nic.fr Mon Jul 28 11:00:45 2003 From: bortzmeyer at nic.fr (Stephane Bortzmeyer) Date: Mon, 28 Jul 2003 11:00:45 +0200 Subject: [dns-wg] Remote registration, In-Reply-To: References: Message-ID: <20030728090045.GB32149@nic.fr> On Sat, Jul 26, 2003 at 12:14:46AM +0200, Brad Knowles wrote a message of 68 lines which said: > IIRC, it doesn't support any of the DNSSEC stuff. Expected "soon". The current version, 1.2.1, already contains many internal things useful for DNSsec. > The support staff are excellent, and the company is willing to work > closely with folks to find a solution that works best for them. Even in Iran, which was the original question? One of the problems with proprietary code is that you depend on the relations between your governement and the US governement. For instance, users of MS-Windows server OS in India were denied updates of their software after the nuclear tests (desktop OS were not concerned but server OS were on a black list). From bortzmeyer at nic.fr Mon Jul 28 11:05:19 2003 From: bortzmeyer at nic.fr (Stephane Bortzmeyer) Date: Mon, 28 Jul 2003 11:05:19 +0200 Subject: [dns-wg] Remote registration, In-Reply-To: References: Message-ID: <20030728090519.GA32344@nic.fr> On Sat, Jul 26, 2003 at 12:14:46AM +0200, Brad Knowles wrote a message of 68 lines which said: > > But complexity for software, tend to generate various issue... > > If you want a fully compliant nameserver, there's not much choice. Fully compliant with every RFC ever published about the DNS? Come on, most TLDs use only a very small fraction of it (is there a TLD which authorizes UPDATE?) and they typically shut down, at compile time or configuration time, most of the features of BIND. PS: BTW, I regret that a question about "remote registration" turns into a discussion on the best nameserver software. Most of the problems of a TLD do not come from the nameserver (some even outsources it like ".info") but from the registration system, which was the original question, and a much more difficult one. From shane at ripe.net Mon Jul 28 12:14:21 2003 From: shane at ripe.net (Shane Kerr) Date: Mon, 28 Jul 2003 12:14:21 +0200 Subject: [dns-wg] Remote registration, In-Reply-To: <20030728085619.GA32149@nic.fr> References: <20030728085619.GA32149@nic.fr> Message-ID: <3F24F77D.1020002@ripe.net> Stephane Bortzmeyer wrote: > On Fri, Jul 25, 2003 at 11:23:35PM +0200, > Alexandre Dulaunoy wrote > a message of 49 lines which said: > > >>Regarding nsd, the major lack is the logging... > > > nsd logs statistics (unlike BIND 9) but does not log individual > queries, if this is what you want. For a typical TLD, it would be too > much work but the main reason, I suspect, is the desire to keep the > code small. As you said, the proper place to record DNS queries is > outside of the name server. One disadvantage of this is that you don't know how the server interpreted the query. -- Shane Kerr RIPE NCC From pk at TechFak.Uni-Bielefeld.DE Mon Jul 28 12:24:45 2003 From: pk at TechFak.Uni-Bielefeld.DE (Peter Koch) Date: Mon, 28 Jul 2003 12:24:45 +0200 Subject: [dns-wg] Remote registration, In-Reply-To: Your message of "Mon, 28 Jul 2003 12:14:21 +0200." <3F24F77D.1020002@ripe.net> Message-ID: <200307281024.h6SAOjc09461@grimsvotn.TechFak.Uni-Bielefeld.DE> Shane Kerr wrote: > One disadvantage of this is that you don't know how the server > interpreted the query. what part of this interpretation do you expect to learn from *query* logging? -Peter From jim at rfc1035.com Mon Jul 28 17:15:48 2003 From: jim at rfc1035.com (Jim Reid) Date: Mon, 28 Jul 2003 16:15:48 +0100 Subject: [dns-wg] Remote registration, In-Reply-To: Your message of "Mon, 28 Jul 2003 11:00:45 +0200." <20030728090045.GB32149@nic.fr> Message-ID: <11006.1059405348@gromit.rfc1035.com> >>>>> "Stephane" == Stephane Bortzmeyer writes: Stephane> Even in Iran, which was the original question? One of Stephane> the problems with proprietary code is that you depend on Stephane> the relations between your governement and the US Stephane> governement. It's not even that simple unfortunately. The US International Emergency Economic Powers Act applies to *anyone anywhere* who does business with a state that the President considers to be a "rogue state". The penalties include large fines and jail. [IIUC the definition of "doing business" is very broad and could well include providing Open Source to those states. The current US regime is unlikely to interpret those rules liberally.] You might recall some people choosing not to stay at the conference hotel for the RIPE meeting in Prague because the hotel was owned by the Libyans. This subject is way off topic for this list. Any further discussion of the politics should go somewhere other than dns-wg at ripe.net. From shane at ripe.net Mon Jul 28 17:59:28 2003 From: shane at ripe.net (Shane Kerr) Date: Mon, 28 Jul 2003 17:59:28 +0200 Subject: [dns-wg] Remote registration, In-Reply-To: <200307281024.h6SAOjc09461@grimsvotn.TechFak.Uni-Bielefeld.DE> References: <200307281024.h6SAOjc09461@grimsvotn.TechFak.Uni-Bielefeld.DE> Message-ID: <3F254860.9030108@ripe.net> Peter Koch wrote: > Shane Kerr wrote: > > >>One disadvantage of this is that you don't know how the server >>interpreted the query. > > what part of this interpretation do you expect to learn from *query* logging? For instance, if the server does not recognise a class/type, then the server log can record this information. Otherwise someone doing log analysis will have to read the query log, and then parse the query, and then know (somehow) what class/types the server supports. Even if the script/program doing this analysis knows exactly what the server is doing, it will have to be updated when the server is updated. And if you want to look at historical data, you have to know exactly how the server interpreted queries in the past. -- Shane Kerr RIPE NCC From edlewis at arin.net Thu Jul 31 04:28:12 2003 From: edlewis at arin.net (Edward Lewis) Date: Wed, 30 Jul 2003 22:28:12 -0400 Subject: [dns-wg] Remote registration, In-Reply-To: <20030728090519.GA32344@nic.fr> References: <20030728090519.GA32344@nic.fr> Message-ID: At 11:05 +0200 7/28/03, Stephane Bortzmeyer wrote: >On Sat, Jul 26, 2003 at 12:14:46AM +0200, > Brad Knowles wrote >> If you want a fully compliant nameserver, there's not much choice. > >Fully compliant with every RFC ever published about the DNS? Come on, Before even wading into that argument - the RFCs on DNS are so loosely written, being "fully compliant" is impossible. For instance, there is code in RFC 1876 which is buggy. (Yes, yes, it's an experimental RFC...but...) -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-703-227-9854 ARIN Research Engineer ...as graceful as a blindfolded bull in a china shop... From CHahn at telekom.de Thu Jul 31 09:01:05 2003 From: CHahn at telekom.de (Chahn) Date: Thu, 31 Jul 2003 09:01:05 +0200 Subject: AW: [dns-wg] Remote registration, Message-ID: <6DE73C75B580554A89DF022AD45545F901F5BB3B@G8DNX.krf01.telekom.de> Please deleate my e-Mail account out of your mailing-list. I am no longer interested in these information! Best regards C. Hahn -----Ursprungliche Nachricht----- Von: Edward Lewis [mailto:edlewis at arin.net] Gesendet: Donnerstag, 31. Juli 2003 04:28 An: Stephane Bortzmeyer Cc: dns-wg at ripe.net Betreff: Re: [dns-wg] Remote registration, At 11:05 +0200 7/28/03, Stephane Bortzmeyer wrote: >On Sat, Jul 26, 2003 at 12:14:46AM +0200, > Brad Knowles wrote >> If you want a fully compliant nameserver, there's not much choice. > >Fully compliant with every RFC ever published about the DNS? Come on, Before even wading into that argument - the RFCs on DNS are so loosely written, being "fully compliant" is impossible. For instance, there is code in RFC 1876 which is buggy. (Yes, yes, it's an experimental RFC...but...) -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-703-227-9854 ARIN Research Engineer ...as graceful as a blindfolded bull in a china shop... From mally at ripe.net Thu Jul 31 09:06:04 2003 From: mally at ripe.net (Mally Mclane) Date: Thu, 31 Jul 2003 09:06:04 +0200 Subject: AW: [dns-wg] Remote registration, In-Reply-To: <6DE73C75B580554A89DF022AD45545F901F5BB3B@G8DNX.krf01.telekom.de> References: <6DE73C75B580554A89DF022AD45545F901F5BB3B@G8DNX.krf01.telekom.de > Message-ID: <2147483647.1059642364@ginger.ripe.net> Dear Chahn and Colleagues, --On Thursday, July 31, 2003 9:01 AM +0200 Chahn wrote: > Please deleate my e-Mail account out of your mailing-list. I am no longer > interested in these information! You can unsubscribe or change other subcription options at anytime through each list's individual configuration page, which are all linked from: If you have further questions, please contact . Regards, Mally Mclane RIPE NCC - Operations > Best regards > C. Hahn > > -----Ursprungliche Nachricht----- > Von: Edward Lewis [mailto:edlewis at arin.net] > Gesendet: Donnerstag, 31. Juli 2003 04:28 > An: Stephane Bortzmeyer > Cc: dns-wg at ripe.net > Betreff: Re: [dns-wg] Remote registration, > > > At 11:05 +0200 7/28/03, Stephane Bortzmeyer wrote: >> On Sat, Jul 26, 2003 at 12:14:46AM +0200, >> Brad Knowles wrote >>> If you want a fully compliant nameserver, there's not much choice. >> >> Fully compliant with every RFC ever published about the DNS? Come on, > > Before even wading into that argument - the RFCs on DNS are so > loosely written, being "fully compliant" is impossible. For > instance, there is code in RFC 1876 which is buggy. (Yes, yes, it's > an experimental RFC...but...) > > -- > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > Edward Lewis +1-703-227-9854 > ARIN Research Engineer > > ...as graceful as a blindfolded bull in a china shop... From bortzmeyer at nic.fr Thu Jul 31 16:41:10 2003 From: bortzmeyer at nic.fr (Stephane Bortzmeyer) Date: Thu, 31 Jul 2003 16:41:10 +0200 Subject: [dns-wg] Remote registration, In-Reply-To: References: Message-ID: <20030731144110.GA21431@nic.fr> On Fri, Jul 25, 2003 at 03:05:22AM +0430, alireza saleh wrote a message of 18 lines which said: > Do we have any program for editing and appending Bind Zone files ?,in > the other word a CGI program that gives the name sever, ip address and > the domain name as input ,then it modifies or add this entry ? I maintain my opinion that a "real" database would be a better solution but I notice that the excellent Webmin program has a BIND module that does exactly that.