From pk at DENIC.DE Mon Oct 2 00:26:19 2006 From: pk at DENIC.DE (Peter Koch) Date: Mon, 2 Oct 2006 00:26:19 +0200 Subject: [dns-wg] FINAL DNS WG Agenda for RIPE 53 In-Reply-To: <20060929190409.GB7413@unknown.office.denic.de> References: <20060925125524.GB803@unknown.office.denic.de> <20060929190409.GB7413@unknown.office.denic.de> Message-ID: <20061001222619.GB20553@denics7.denic.de> On Fri, Sep 29, 2006 at 09:04:09PM +0200, Peter Koch wrote: > and here's an update, last draft. See you in Amsterdam! Finally, at the first day of the meeting week, here's the final agenda for the DNS working group: -Peter # $Id: RIPE53agenda,v 1.4 2006/10/01 22:12:12 pk Exp $ ############################################################################# DNS-related presentations in the EOF/plenary: 1) DNS infrastructure distribution - Steve Gibbard, PCH Tue morning slot I (2006-10-03 09:00 - 10:30) 2) What's wrong with the DNS? - Duane Wessels Tue morning slot I (2006-10-03 09:00 - 10:30) ############################################################################# 2006-10-04 1600 - 1700, DNS WG slot I [60 min] ############################################################################# 0) Administrivia [chairs][ 5 min] - scribe, jabber, minutes - agenda bashing 1) Status Reports [chairs][25 min] - IETF dnsext, dnsop and others [Olaf Kolkman][15 min] - ICANN/IANA [John Crain][ 5 min] - CENTR [Marcos Sanz][ 5min] 2) Action Item Review [chairs][30 min] [X] 48.1 Peter Koch (draft-koch-dns-unsolicited-queries-00.txt) [ ] 48.2 Mans Nilsson (status update) [ ] 48.4 David Malone (status update) [ ] 49.1 Peter Koch (DNS hostcount successor requirements) [X] 49.2 Jim Reid (Server Migration Document) [ ] 51.1 RIPE NCC K-Root Anycast measurement [ ] 51.3 Lars-Johan Liman (NCC Secondary Service Policy) [ ] 51.4 Peter Koch RIPE 203 Update [X] 52.1 Brett Carr Causes for extra DNSSEC network traffic [X] 52.2 Brett Carr report # of signed zones and delegations in reverse tree [X] 52.3 Brett Carr Lame delegation poroposal [X] 52.4 RIPE NCC automate and streamline ENUM delegation process [ ] 52.5 Carsten Schiefner proposal for regular lameness checks in e164.arpa ############################################################################# 2006-10-05 1100 - 1230, DNS WG slot II [90 min] ############################################################################# 3) Plenaries Followup [chairs][15 min] Discussion of details postponed from plenary presentations (see above), including identification of potential work for the WG 4) Software Update from ISC [Joao Damas][10 min] 5) PowerDNS Update (PowerDNS Recursor) [bert hubert][15 min] 6) OARC Update [Keith Mitchell][15 min] 7) CADR [Johan Ihren][20 min] X) I/O with other WGs [chairs][ 5 min] Y) A.O.B. [chairs][ 5 min] Z) Wrap-Up & Close [chairs][ 5 min] ############################################################################# From pk at DENIC.DE Wed Oct 11 21:20:36 2006 From: pk at DENIC.DE (Peter Koch) Date: Wed, 11 Oct 2006 21:20:36 +0200 Subject: [dns-wg] DRAFT RIPE 53 DNS WG minutes Message-ID: <20061011192036.GG1282@unknown.office.denic.de> Dear WG, please find below the draft minutes of last week's two DNS WG sessions. Thanks to Susannah for being the Jabber Proxy and to Adrian for the fast delivery of the minutes. All errors are still mine. There were no new action items generated for the DNS WG last week, but a couple of old ones made progress or were closed, in some cases pending mailing list approval. Please expect some 'last calls' soon. Please review the minutes, especially if you are quoted by name. The deadline for this first round is October, 30th. Thanks! -Peter ----------------------------------------------------------------------------- D R A F T [1] RIPE DNS WG minutes for RIPE 53, Amsterdam ----------------------------------------------------------------------------- WG: DNS Meeting: RIPE 53, Istanbul Date-1: Wednesday, 4 October 2006 Time-1: 16:00 - 17:00 (UTC +0200) Chair-1: Peter Koch Minutes-1: Adrian Bedford Jabber: xmpp:dns at conference.ripe.net J-Scribe-1: Susannah Gray J-Script-1: TBD Audio-1: TBD WG URL: http://www.ripe.net/ripe/wg/dns/ Material-1: http://www.ripe.net/ripe/meetings/ripe-53/presentations/wednesday.html Agenda: http://www.ripe.net/ripe/meetings/ripe-53/agendas/dns.html ----------------------------------------------------------------------------- A. Administrative Matters - Working Group Chairs Appointment of scribe -- Adrian Bedford (RIPE NCC) Jabber monitor -- Susannah Gray (RIPE NCC) Agenda bashing -- no changes ----------------------------------------------------------------------------- B. Status Reports - Working Group Chairs IETF, DNSEXT, DNSOP and others (Olaf Kolkman, NLNet Labs) Questions: Ole Jacobsen asked about the team set up to discuss operational aspects of DNS security. Although the aim of the team was to lead the rapid deployment of the technology, little has been heard since it inception almost two years ago. Olaf replied that the DNSSEC deployment initiative led by Steve Crocker is essentially a web-based forum. There is a move to involve more people. It certainly remains a good place to go to find information or help with the deployment of DNSSEC in any organisation. In terms of results, Olaf feels there is much going on behind the scenes. He clarified that there is no formal liaison between the forum and the IETF. ICANN/IANA Update (John Crain, ICANN) Questions: Rob Blokzijl asked why there was a move to retire old ccTLDs. He could see no technical reason to do this. John agreed that there was no compelling reason. He added that the question remained about whether this should be done. Rob pointed out that current guidelines preclude reuse of ISO3166 country codes for a period of five years. New guidelines will change this to 50 years. Carsten Schiefner commented that .cs was reused recently. Previously it was the code for Czechoslovakia; it was then used for Serbia and Montenegro. CENTR (Marcos Sanz, DENIC) Questions: Peter Koch asked if interested operators might be able to present at the normally closed CENTR meetings. Marco said that active participation in the meetings was encouraged, provided there was not a confidential matter under discussion. ----------------------------------------------------------------------------- C. Action Items Review (Working Group Chairs) The action list for the working group was reviewed. 48.1 Peter Koch has written this up in an Internet draft. [[Ongoing]] 48.2 Mans Nilsson -- TSIG/SIG(0) for ns.ripe.net [[Ongoing]] 48.4 David Malone -- AAAA misbehavior. Dave Wilson gave a short presentation on the issue on behalf of Dave Malone. The document has been written and circulated to the list. There is a question about whether this document would just repeat work done elsewhere in the Internet Protocol Journal. After a show of hands, it was decided to mark the item done and regard the IPJ article as the authoritative source. [[Done, pending mailing list approval]] 49.1 Peter Koch -- DNS Hostcount successor requirements Peter is to discuss this with RIPE NCC staff. [[Ongoing]] 49.2 Jim Reid -- Server Migration Document A document will go to the review panel after this meeting and be circulated through the working group mailing list. Hopefully, this can be marked as completed in time for RIPE 54. [[Ongoing]] 51.1 RIPE NCC -- K-Root anycast measurement The publication of the report from the RIPE NCC is nearing publication. After this happens, the working group will then need to decide whether to ask the RIPE NCC to look into other types of measurement. [[Ongoing, draft RIPE document to be last called]] 51.3 Lars-Johan Liman -- NCC Secondary Service Policy Lars commented that the RIPE NCC has announced it will limit involvement in provision of slave servers for TLDs. Lars suggested this be closed for now and marked as overtaken by events. The working group agreed. [[Done, pending mailing list approval]] 51.4 Peter Koch -- ripe-203 Update [[Ongoing]] Brett Carr gave an update on the various outstanding actions on the RIPE NCC 52.1 Report into the causes for extra DNSSEC network traffic. [[Ongoing]] 52.2 Report numbers of signed zones and delegations in reverse tree Jim suggested this be considered closed, but ask the RIPE NCC to give regular updates once or twice a year. As a result, this will remain a standing item on the working group agenda. [[Done]] Questions: Max Tulyev asked why there are so few DNSSEC delegations. Brett replied that the answer for this would lie with the community. He agreed with comments from Max that people need to understand the benefits and that implementation is easy. 52.3 Lame delegation proposal WG Last call to be issued, chairs to discuss and declare consensus [[Ongoing]] 52.4 Automate and streamline ENUM delegation process. [[Done]] 52.5 Carsten Schiefner -- Proposal for regular lameness checks in e164.arpa Carsten has reported on this in the ENUM working group. They will come up with a task force to take this work forward and report at RIPE 54. Carsten suggests that the DNS working group mark this action as closed. [[Done]] ----------------------------------------------------------------------------- ----------------------------------------------------------------------------- Date-2: Thursday, 5 October 2006 Time-2: 11:00 - 12:30 (UTC +0200) Chair-2: Jim Reid Minutes-2: Adrian Bedford J-Scribe-2: Susannah Gray WG URL: http://www.ripe.net/ripe/wg/dns/ Material-2: http://www.ripe.net/ripe/meetings/ripe-53/presentations/thursday.html J-Script-2: TBD Audio-2: TBD ----------------------------------------------------------------------------- D. Plenary Follow Up (Working Group Chairs) There was a discussion around the issues raised by Duane Wessels on problems with DNS and Steve Gibbard on DNS Infrastructure Distribution. Jim Reid commented that much of what Duane had said was reasonably valid and much was already good practice, such separating out authoritative and caching-only nameservers and issues surrounding lameness. Jim however did take exception to was the talk of using TCP-based DNS queries. He pointed out that most DNS clients will make a single DNS lookup before taking any action. Using TCP for this seemed somewhat inefficient, considering the small amounts of data that are being transferred. It would also add to latency. A high latency, low bandwidth network or one with a busy nameserver might find handling short-lived TCP connections painful. Olaf Kolkman mentioned that he had heard that under a DoS attack, an operator had first sent back a result with a TC-bit leading to a re-test on TCP, after this the UDP source was white listed. Duane confirmed that there is a company producing software that can create a white list in this way. Replying to Jim's concerns about using TCP on busy servers, he stated that there are applications that can handle large volumes of queries each second. He also agreed that maintaining state for TCP would be painful. Lars Liman asked Duane to clarify if he thought TCP should be a preferred transport. Duane said that he did suggest this. Lars voiced the general mood that high TCP loads would be painful for a server. Duane commented that it would still be preferable to a DDos attack. Lars clarified that he was not against using TCP, but felt unable to advocate using it as his preferred mode of transport. The first defence against a DDos attack would be to rate limit the traffic in his upstream router. Ed Lewis favoured the expansion of DNS beyond its use in root servers; it is a quick reacting database. Recommending using TCP as a default way of contacting DNS goes against its very nature. He also recognises that the way UDP uses DNS manifests considerable problems, which is perhaps why Duane sees TCP as the best way to go. Ed felt the group should first look at the UDP problem in terms of operational practices, buffers and the brakes put on its use. The working group might like to look into suggestions for time-outs and back-offs, maintaining statistics about efficient routing and so on. Jim concurred that this was a good point. There was a short discussion about whether the DNS Working Group is the right arena for such investigation. Jim suggested that it might be worth the working group gathering information about the work done by various parties and put them into a single document identifying key elements of operational best current practice. Lars asked if anyone had previously measured the difference between DNS over UDP and DNS locked down to TCP. It would appear that little specific work has been done already in this area. Peter Koch commented that creating a RIPE Document or bibliography style web page containing links to the various best common practices within DNS operation is not a bad idea. Lars pointed out that an operator facing a problem might not first think of looking at the RIPE Document Store for information about how to resolve his problems. Keith Mitchell commented that a project to address this was under way with ORAC. Lars Liman suggested that this might be well incorporated into a conventional book. ----------------------------------------------------------------------------- E. Software Update (Joao Damas, ISC) There was a short discussion after Peter Koch asked who in the room was already using BIND 9.4 and had found issues with how it handles zones. It was clear this needed some attention, introduction of checks on sibling glue seems to have caused some problems. Joao replied that there is no solution as yet. The change simply produces warnings, although it can produce many of these depending on the zone in question. He pointed out that it is possible to disable that check. Jim asks about the new resolver library. He wanted know if this now meant that the lightweight resolver library (LWRES) was to be phased out. He asked if anyone was using LWRES. Joao said it was impossible to say. ----------------------------------------------------------------------------- F. PowerDNS Update (PowerDNS Recursor) (Bert Hubert, PowerDNS/Netherlabs) Tomas Simonaitis asked if PowerDNS was scalable. Bert replied it can scale as each instance operates independently and does not communicate with another. They do not share a cache. There is a chance that in the future, PowerDNS will look at cache sharing. Roy Arends asked if dnsreplay, dnsstat and dnsscope are publicly available. Bert confirmed that they were all in the PowerDNS repository. Roy asked if the recursor also dealt with unknown records. Bert said that it did. ----------------------------------------------------------------------------- G. OARC Update (Keith Mitchell, ISC) Lars Liman commented that it was important to be aware of problems with protecting privacy laws when researching DNS data. There are some nations that impose far stricter rules on how such data can be used than others do. Keith replied that the OARC secretariat is aware of these rules and the various regulations around data protection. ----------------------------------------------------------------------------- H. CADR (Bill Manning) After the presentation, Bill did a demonstration using live data. There were no questions on the presentation. Geoff Huston asked if the web interface was necessary to do the work. Bill replied that this was necessary to ensure any updates were made correctly. Ed Lewis asked how do I find all the other delegations to change when changing glue records. Bill replied that it did not really matter as changes did not need to be synchronized between all of them. The child would change the list. Host records are equivalent in peering terms, to a registry or delegation. To change the attributes for a record, it is necessary to log in as an administrator and change the glue records. Ed felt that although the application demonstrated by Bill was useful, it might not suit all registries due to the different issues each faced. Bill agreed that not everything should be run the same way throughout the DNS. Peter Koch wondered if it might be better to feed the glue from the data that has been verified through DNSSEC, rather than from host registrations. Bill agreed that it would and that it should work in 98% of cases. Jim Reid mentioned Keyman used by .se. He wondered if CADR could be used in the .se environment. Bill felt Lars could answer better on this. Lars gave his personal opinion on this. There is a fundamental difference between CADR and Keyman models. The difference lies in authorisation. Keyman is based on individual generating a certificate that has to be signed by a selected group of CAs. The certificate is installed into a browser that then handles authentication. Although both models pick up their data from live DNS, CADR relies on DNS signatures. Bill clarified that the CADR web interface relied on user ID and password authentication. Anyone could request the change, but if it was not visible in the nameservers, then nothing would happen. ----------------------------------------------------------------------------- X. I/O with other WGs Already dealt with under action item 52.5. ----------------------------------------------------------------------------- Y. AOB No other items were raised. ----------------------------------------------------------------------------- Z. Wrap Up and Close ----------------------------------------------------------------------------- From ripe-wgs.cs at schiefner.de Wed Oct 11 22:28:44 2006 From: ripe-wgs.cs at schiefner.de (Carsten Schiefner) Date: Wed, 11 Oct 2006 22:28:44 +0200 Subject: [dns-wg] DRAFT RIPE 53 DNS WG minutes In-Reply-To: <20061011192036.GG1282@unknown.office.denic.de> References: <20061011192036.GG1282@unknown.office.denic.de> Message-ID: <452D53FC.4000809@schiefner.de> Peter, > Meeting: RIPE 53, Istanbul AFAIR we met in Amsterdam, no? Or has there some kind of wormhole directly to Istanbul been established? ;-) Best, -C. From pk at DENIC.DE Thu Oct 12 10:41:19 2006 From: pk at DENIC.DE (Peter Koch) Date: Thu, 12 Oct 2006 10:41:19 +0200 Subject: [dns-wg] Action Item 48.4 (AAAA anomalies) Last Call Message-ID: <20061012084119.GA1426@unknown.office.denic.de> Dear WG, action item 48.4 reads : Write up a draft RIPE Document summarising the observations made regarding AAAA resolution problems. Circulate to the list, initiate discussion what to do, i.e. who to approach with the list of errors/problems seen. After the presentation given by Dave Wilson (stepping in for David Malone) , and also judging from the previous discussion, the majority of the wg seemed to agree that a separate RIPE document would not be necessary. David had already published his findings in the publicly accessible Cisco IPJ, volume 8.1 The wg chairs would like to thank David and Dave for their work and contributions and propose this AI be considered done. If you disagree, please speak up until October, 27th, preferrably with identification of any issue(s) you feel still need to be addressed. My understanding is that David is happy to continue his monitoring efforts, but as far as the WG is considered, the goal of raising awareness has been achieved. -Peter PS: Silence will be taken as consent. From pk at DENIC.DE Thu Oct 12 12:01:08 2006 From: pk at DENIC.DE (Peter Koch) Date: Thu, 12 Oct 2006 12:01:08 +0200 Subject: [dns-wg] DNS WG Action Items 52.2 and 52.4 closed Message-ID: <20061012100108.GC1426@unknown.office.denic.de> Dear WG, action items 52.2 and 52.4 will now be marked "done": 52.2 RIPE NCC Report number of signed zones and signed delegations in the reverse tree. Addressed in the thread starting at as well as the presentation given at RIPE 53 The NCC agreed to continue collecting and reporting of statistics. 52.4 RIPE NCC Automate and streamline the process for ENUM delegations, including checks similar to those applied to the reverse tree. Reported in Action item 52.1 {Investigate causes for extra DNSSEC network traffic (in excess of the predicted growth) and extra CPU cycles} requires further investigation and is therefore "ongoing". -Peter From jaap at NLnetLabs.nl Fri Oct 13 15:32:00 2006 From: jaap at NLnetLabs.nl (Jaap Akkerhuis) Date: Fri, 13 Oct 2006 15:32:00 +0200 Subject: [dns-wg] DRAFT RIPE 53 DNS WG minutes In-Reply-To: <20061011192036.GG1282@unknown.office.denic.de> References: <20061011192036.GG1282@unknown.office.denic.de> Message-ID: <200610131332.k9DDW0o7087969@open.nlnetlabs.nl> Dear WG, Apologies I had to miss it the WG meetings this time. I noticed in these draft minutes that there were some discussions about the iso 3166 alpha-2 country codes: ... Carsten Schiefner commented that .cs was reused recently. Not really recently, but a couple of years ago. Previously it was the code for Czechoslovakia; it was then used for Serbia and Montenegro. Serbia and Montenegro got new codes recently (RS and ME) and therefore the CS coded got retired again. For datails, see the two newsletters, "2006-09-26 ISO 3166-1 Newsletter V-12 'Serbia, Montenegro'" and "2006-09-26 ISO 3166-3 Newsletter I-4" accesible via the ISO 3166 "What's new?" page (http://www.iso.org/iso/en/prods-services/iso3166ma/01whats-new/index.html). jaap From hank at efes.iucc.ac.il Sun Oct 15 09:25:35 2006 From: hank at efes.iucc.ac.il (Hank Nussbacher) Date: Sun, 15 Oct 2006 09:25:35 +0200 Subject: [dns-wg] DRAFT RIPE 53 DNS WG minutes In-Reply-To: <200610131332.k9DDW0o7087969@open.nlnetlabs.nl> References: <20061011192036.GG1282@unknown.office.denic.de> <20061011192036.GG1282@unknown.office.denic.de> Message-ID: <5.1.0.14.2.20061015092430.055bae18@efes.iucc.ac.il> At 03:32 PM 13-10-06 +0200, Jaap Akkerhuis wrote: >Serbia and Montenegro got new codes recently (RS and ME) and therefore >the CS coded got retired again. For datails, see the two newsletters, >"2006-09-26 ISO 3166-1 Newsletter V-12 'Serbia, Montenegro'" and >"2006-09-26 ISO 3166-3 Newsletter I-4" accesible via the ISO 3166 >"What's new?" page >(http://www.iso.org/iso/en/prods-services/iso3166ma/01whats-new/index.html). Not there yet: http://www.iana.org/root-whois/me.htm http://www.iana.org/root-whois/rs.htm -Hank Nussbacher http://www.interall.co.il From jaap at NLnetLabs.nl Sun Oct 15 11:11:37 2006 From: jaap at NLnetLabs.nl (Jaap Akkerhuis) Date: Sun, 15 Oct 2006 11:11:37 +0200 Subject: [dns-wg] DRAFT RIPE 53 DNS WG minutes In-Reply-To: <5.1.0.14.2.20061015092430.055bae18@efes.iucc.ac.il> References: <20061011192036.GG1282@unknown.office.denic.de> <20061011192036.GG1282@unknown.office.denic.de> <5.1.0.14.2.20061015092430.055bae18@efes.iucc.ac.il> Message-ID: <200610150911.k9F9Bbim061229@open.nlnetlabs.nl> At 03:32 PM 13-10-06 +0200, Jaap Akkerhuis wrote: Not there yet: http://www.iana.org/root-whois/me.htm http://www.iana.org/root-whois/rs.htm They are there but they are "Not assigned". That always takes a while. For AX it took about a year if I remember correctly. BTW, the CS is (still) there. jaap From dougb at dougbarton.us Sun Oct 15 22:17:14 2006 From: dougb at dougbarton.us (Doug Barton) Date: Sun, 15 Oct 2006 13:17:14 -0700 Subject: [dns-wg] DRAFT RIPE 53 DNS WG minutes In-Reply-To: <200610150911.k9F9Bbim061229@open.nlnetlabs.nl> References: <20061011192036.GG1282@unknown.office.denic.de> <20061011192036.GG1282@unknown.office.denic.de> <5.1.0.14.2.20061015092430.055bae18@efes.iucc.ac.il> <200610150911.k9F9Bbim061229@open.nlnetlabs.nl> Message-ID: <4532974A.1050507@dougbarton.us> Jaap Akkerhuis wrote: > At 03:32 PM 13-10-06 +0200, Jaap Akkerhuis wrote: > > Not there yet: > http://www.iana.org/root-whois/me.htm > http://www.iana.org/root-whois/rs.htm > > They are there but they are "Not assigned". That always takes a while. > For AX it took about a year if I remember correctly. Traditionally IANA has prioritized getting new ccTLDs on line once an application has been received from appropriate parties in that country. > BTW, the CS is (still) there. cc'ed David so that he can add taking that page down to the TODO list. Doug -- If you're never wrong, you're not trying hard enough From pk at DENIC.DE Sun Oct 15 22:45:27 2006 From: pk at DENIC.DE (Peter Koch) Date: Sun, 15 Oct 2006 22:45:27 +0200 Subject: ISO3166 vs live ccTLDs [Re: [dns-wg] DRAFT RIPE 53 DNS WG minutes] In-Reply-To: <4532974A.1050507@dougbarton.us> References: <20061011192036.GG1282@unknown.office.denic.de> <20061011192036.GG1282@unknown.office.denic.de> <5.1.0.14.2.20061015092430.055bae18@efes.iucc.ac.il> <200610150911.k9F9Bbim061229@open.nlnetlabs.nl> <4532974A.1050507@dougbarton.us> Message-ID: <20061015204527.GA19468@denics7.denic.de> On Sun, Oct 15, 2006 at 01:17:14PM -0700, Doug Barton wrote: > >They are there but they are "Not assigned". That always takes a while. > >For AX it took about a year if I remember correctly. > > Traditionally IANA has prioritized getting new ccTLDs on line once an > application has been received from appropriate parties in that country. it should be noted that defining the 2 letter ISO3166 code and delegating a ccTLD are different issues. There are two other codes without delegation (EH and KP) for more or less obvious reasons. > cc'ed David so that he can add taking that page down to the TODO list. The two 'pages' Hank missed have already been set up during the weekend. -Peter From president at ukraine.su Mon Oct 16 14:16:59 2006 From: president at ukraine.su (Max Tulyev) Date: Mon, 16 Oct 2006 12:16:59 +0000 Subject: ISO3166 vs live ccTLDs [Re: [dns-wg] DRAFT RIPE 53 DNS WG minutes] In-Reply-To: <20061015204527.GA19468@denics7.denic.de> References: <20061011192036.GG1282@unknown.office.denic.de> <20061011192036.GG1282@unknown.office.denic.de> <5.1.0.14.2.20061015092430.055bae18@efes.iucc.ac.il> <200610150911.k9F9Bbim061229@open.nlnetlabs.nl> <4532974A.1050507@dougbarton.us> <20061015204527.GA19468@denics7.denic.de> Message-ID: <4533783B.2030901@ukraine.su> Hi, Yet another reason to travel DPRK ;) Peter Koch wrote: > On Sun, Oct 15, 2006 at 01:17:14PM -0700, Doug Barton wrote: > >>> They are there but they are "Not assigned". That always takes a while. >>> For AX it took about a year if I remember correctly. >> Traditionally IANA has prioritized getting new ccTLDs on line once an >> application has been received from appropriate parties in that country. > > it should be noted that defining the 2 letter ISO3166 code and delegating > a ccTLD are different issues. There are two other codes without delegation > (EH and KP) for more or less obvious reasons. > >> cc'ed David so that he can add taking that page down to the TODO list. > > The two 'pages' Hank missed have already been set up during the weekend. > > -Peter > -- WBR, Max Tulyev (MT6561-RIPE, 2:463/253 at FIDO) From webmaster at ripe.net Mon Oct 23 11:51:22 2006 From: webmaster at ripe.net (RIPE NCC Document Announcement Service) Date: Mon, 23 Oct 2006 11:51:22 +0200 Subject: [dns-wg] New RIPE Document available: RIPE-393 Message-ID: <20061023095122.DD0D62F583@herring.ripe.net> New RIPE Document Announcement -------------------------------------- A new RIPE Document is available from the RIPE Document store. Ref: ripe-393 Title: Evaluating the Effects of Anycast on DNS Root Nameservers Author: Lorenzo Colitti,Erik Romijn, Henk Uijterwaal & Andrei Robachevsky Format: PDF= 2,871,296 Date: October 2006 Obsoleted by: Obsoletes: Updates: Updated by: This document is the result of a DNS WG action on the RIPE NCC. Accessing the RIPE Document store --------------------------------- You can access the RIPE documents in HTML format via our website at the following URL:. http://www.ripe.net/docs/ripe-393.html The RIPE Document Store is also available via anonymous FTP to ftp.ripe.net, in the directory ripe/docs. Kind Regards, RIPE NCC Document Announcement Service From pk at DENIC.DE Wed Oct 25 16:53:51 2006 From: pk at DENIC.DE (Peter Koch) Date: Wed, 25 Oct 2006 16:53:51 +0200 Subject: [dns-wg] DRAFT RIPE 53 DNS WG minutes In-Reply-To: <20061011192036.GG1282@unknown.office.denic.de> References: <20061011192036.GG1282@unknown.office.denic.de> Message-ID: <20061025145351.GD2127@unknown.office.denic.de> Dear WG, here's an updated version and a separate file with just the small diffs. > Please review the minutes, especially if you are quoted by name. The > deadline for this first round is October, 30th. Thanks! That's five days ... -Peter -------------- next part -------------- ----------------------------------------------------------------------------- D R A F T [2] RIPE DNS WG minutes for RIPE 53, Amsterdam ----------------------------------------------------------------------------- WG: DNS Meeting: RIPE 53, Amsterdam Date-1: Wednesday, 4 October 2006 Time-1: 16:00 - 17:00 (UTC +0200) Chair-1: Peter Koch Minutes-1: Adrian Bedford Jabber: xmpp:dns at conference.ripe.net J-Scribe-1: Susannah Gray J-Script-1: TBD Audio-1: TBD WG URL: http://www.ripe.net/ripe/wg/dns/ Material-1: http://www.ripe.net/ripe/meetings/ripe-53/presentations/wednesday.html Agenda: http://www.ripe.net/ripe/meetings/ripe-53/agendas/dns.html ----------------------------------------------------------------------------- A. Administrative Matters - Working Group Chairs Appointment of scribe -- Adrian Bedford (RIPE NCC) Jabber monitor -- Susannah Gray (RIPE NCC) Agenda bashing -- no changes ----------------------------------------------------------------------------- B. Status Reports - Working Group Chairs IETF, DNSEXT, DNSOP and others (Olaf Kolkman, NLNet Labs) Questions: Ole Jacobsen asked about the team set up to discuss operational aspects of DNS security. Although the aim of the team was to lead the rapid deployment of the technology, little has been heard since it inception almost two years ago. Olaf replied that the DNSSEC deployment initiative led by Steve Crocker is essentially a web-based forum. There is a move to involve more people. It certainly remains a good place to go to find information or help with the deployment of DNSSEC in any organisation. In terms of results, Olaf feels there is much going on behind the scenes. He clarified that there is no formal liaison between the forum and the IETF. ICANN/IANA Update (John Crain, ICANN) Questions: Rob Blokzijl asked why there was a move to retire old ccTLDs. He could see no technical reason to do this. John agreed that there was no compelling reason. He added that the question remained about whether this should be done. Rob pointed out that current guidelines preclude reuse of ISO3166 country codes for a period of five years. New guidelines will change this to 50 years. Carsten Schiefner commented that .cs was reused recently. Previously it was the code for Czechoslovakia; it was then used for Serbia and Montenegro. CENTR (Marcos Sanz, DENIC) Questions: Peter Koch asked if interested operators might be able to present at the normally closed CENTR tech meetings. Marcos said the meetings were not open in general, but guests were allowed if an active contribution is planned, provided there was not a confidential matter under discussion. ----------------------------------------------------------------------------- C. Action Items Review (Working Group Chairs) The action list for the working group was reviewed. 48.1 Peter Koch has written this up in an Internet draft. [[Ongoing]] 48.2 Mans Nilsson -- TSIG/SIG(0) for ns.ripe.net [[Ongoing]] 48.4 David Malone -- AAAA misbehavior. Dave Wilson gave a short presentation on the issue on behalf of Dave Malone. The document has been written and circulated to the list. There is a question about whether this document would just repeat work done elsewhere in the Internet Protocol Journal. After a show of hands, it was decided to mark the item done and regard the IPJ article as the authoritative source. [[Done, pending mailing list approval]] 49.1 Peter Koch -- DNS Hostcount successor requirements Peter is to discuss this with RIPE NCC staff. [[Ongoing]] 49.2 Jim Reid -- Server Migration Document A document will go to the review panel after this meeting and be circulated through the working group mailing list. Hopefully, this can be marked as completed in time for RIPE 54. [[Ongoing]] 51.1 RIPE NCC -- K-Root anycast measurement The publication of the report from the RIPE NCC is nearing publication. After this happens, the working group will then need to decide whether to ask the RIPE NCC to look into other types of measurement. [[Ongoing, draft RIPE document to be last called]] 51.3 Lars-Johan Liman -- NCC Secondary Service Policy Lars commented that the RIPE NCC has announced it will limit involvement in provision of slave servers for TLDs. Lars suggested this be closed for now and marked as overtaken by events. The working group agreed. [[Done, pending mailing list approval]] 51.4 Peter Koch -- ripe-203 Update [[Ongoing]] Brett Carr gave an update on the various outstanding actions on the RIPE NCC 52.1 Report into the causes for extra DNSSEC network traffic. [[Ongoing]] 52.2 Report numbers of signed zones and delegations in reverse tree Jim suggested this be considered closed, but ask the RIPE NCC to give regular updates once or twice a year. As a result, this will remain a standing item on the working group agenda. [[Done]] Questions: Max Tulyev asked why there are so few DNSSEC delegations. Brett replied that the answer for this would lie with the community. He agreed with comments from Max that people need to understand the benefits and that implementation is easy. 52.3 Lame delegation proposal WG Last call to be issued, chairs to discuss and declare consensus [[Ongoing]] 52.4 Automate and streamline ENUM delegation process. [[Done]] 52.5 Carsten Schiefner -- Proposal for regular lameness checks in e164.arpa Carsten has reported on this in the ENUM working group. They will come up with a task force to take this work forward and report at RIPE 54. Carsten suggests that the DNS working group mark this action as closed. [[Done]] ----------------------------------------------------------------------------- ----------------------------------------------------------------------------- Date-2: Thursday, 5 October 2006 Time-2: 11:00 - 12:30 (UTC +0200) Chair-2: Jim Reid Minutes-2: Adrian Bedford J-Scribe-2: Susannah Gray WG URL: http://www.ripe.net/ripe/wg/dns/ Material-2: http://www.ripe.net/ripe/meetings/ripe-53/presentations/thursday.html J-Script-2: TBD Audio-2: TBD ----------------------------------------------------------------------------- D. Plenary Follow Up (Working Group Chairs) There was a discussion around the issues raised by Duane Wessels on problems with DNS and Steve Gibbard on DNS Infrastructure Distribution. Jim Reid commented that much of what Duane had said was reasonably valid and much was already good practice, such separating out authoritative and caching-only nameservers and issues surrounding lameness. Jim however did take exception to was the talk of using TCP-based DNS queries. He pointed out that most DNS clients will make a single DNS lookup before taking any action. Using TCP for this seemed somewhat inefficient, considering the small amounts of data that are being transferred. It would also add to latency. A high latency, low bandwidth network or one with a busy nameserver might find handling short-lived TCP connections painful. Olaf Kolkman mentioned that he had heard that under a DoS attack, an operator had first sent back a result with a TC-bit leading to a re-test on TCP, after this the UDP source was white listed. Duane confirmed that there is a company producing software that can create a white list in this way. Replying to Jim's concerns about using TCP on busy servers, he stated that there are applications that can handle large volumes of queries each second. He also agreed that maintaining state for TCP would be painful. Lars Liman asked Duane to clarify if he thought TCP should be a preferred transport. Duane said that he did suggest this. Lars voiced the general mood that high TCP loads would be painful for a server. Duane commented that it would still be preferable to a DDos attack. Lars clarified that he was not against using TCP, but felt unable to advocate using it as his preferred mode of transport. The first defence against a DDos attack would be to rate limit the traffic in his upstream router. Ed Lewis favoured the expansion of DNS beyond its use in root servers; it is a quick reacting database. Recommending using TCP as a default way of contacting DNS goes against its very nature. He also recognises that the way UDP uses DNS manifests considerable problems, which is perhaps why Duane sees TCP as the best way to go. Ed felt the group should first look at the UDP problem in terms of operational practices, buffers and the brakes put on its use. The working group might like to look into suggestions for time-outs and back-offs, maintaining statistics about efficient routing and so on. Jim concurred that this was a good point. There was a short discussion about whether the DNS Working Group is the right arena for such investigation. Jim suggested that it might be worth the working group gathering information about the work done by various parties and put them into a single document identifying key elements of operational best current practice. Lars asked if anyone had previously measured the difference between DNS over UDP and DNS locked down to TCP. It would appear that little specific work has been done already in this area. Peter Koch commented that creating a RIPE Document or bibliography style web page containing links to the various best common practices within DNS operation is not a bad idea. Lars pointed out that an operator facing a problem might not first think of looking at the RIPE Document Store for information about how to resolve his problems. Keith Mitchell commented that a project to address this was under way with ORAC. Lars Liman suggested that this might be well incorporated into a conventional book. ----------------------------------------------------------------------------- E. Software Update (Joao Damas, ISC) There was a short discussion after Peter Koch asked who in the room was already using BIND 9.4 and had found issues with how it handles zones. It was clear this needed some attention, introduction of checks on sibling glue seems to have caused some problems. Joao replied that there is no solution as yet. The change simply produces warnings, although it can produce many of these depending on the zone in question. He pointed out that it is possible to disable that check. Jim asks about the new resolver library. He wanted know if this now meant that the lightweight resolver library (LWRES) was to be phased out. He asked if anyone was using LWRES. Joao said it was impossible to say. ----------------------------------------------------------------------------- F. PowerDNS Update (PowerDNS Recursor) (Bert Hubert, PowerDNS/Netherlabs) Tomas Simonaitis asked if PowerDNS was scalable. Bert replied it can scale as each instance operates independently and does not communicate with another. They do not share a cache. There is a chance that in the future, PowerDNS will look at cache sharing. Roy Arends asked if dnsreplay, dnsstat and dnsscope are publicly available. Bert confirmed that they were all in the PowerDNS repository. Roy asked if the recursor also dealt with unknown records. Bert said that it did. ----------------------------------------------------------------------------- G. OARC Update (Keith Mitchell, ISC) Lars Liman commented that it was important to be aware of problems with protecting privacy laws when researching DNS data. There are some nations that impose far stricter rules on how such data can be used than others do. Keith replied that the OARC secretariat is aware of these rules and the various regulations around data protection. ----------------------------------------------------------------------------- H. CADR (Bill Manning) After the presentation, Bill did a demonstration using live data. There were no questions on the presentation. Geoff Huston asked if the web interface was necessary to do the work. Bill replied that this was necessary to ensure any updates were made correctly. Ed Lewis asked how do I find all the other delegations to change when changing glue records. Bill replied that it did not really matter as changes did not need to be synchronized between all of them. The child would change the list. Host records are equivalent in peering terms, to a registry or delegation. To change the attributes for a record, it is necessary to log in as an administrator and change the glue records. Ed felt that although the application demonstrated by Bill was useful, it might not suit all registries due to the different issues each faced. Bill agreed that not everything should be run the same way throughout the DNS. Peter Koch wondered if it might be better to feed the glue from the data that has been verified through DNSSEC, rather than from host registrations. Bill agreed that it would and that it should work in 98% of cases. Jim Reid mentioned Keyman used by .se. He wondered if CADR could be used in the .se environment. Bill felt Lars could answer better on this. Lars gave his personal opinion on this. There is a fundamental difference between CADR and Keyman models. The difference lies in authorisation. Keyman is based on individual generating a certificate that has to be signed by a selected group of CAs. The certificate is installed into a browser that then handles authentication. Although both models pick up their data from live DNS, CADR relies on DNS signatures. Bill clarified that the CADR web interface relied on user ID and password authentication. Anyone could request the change, but if it was not visible in the nameservers, then nothing would happen. ----------------------------------------------------------------------------- X. I/O with other WGs Already dealt with under action item 52.5. ----------------------------------------------------------------------------- Y. AOB No other items were raised. ----------------------------------------------------------------------------- Z. Wrap Up and Close ----------------------------------------------------------------------------- -------------- next part -------------- --- MINUTES53.txt 2006/10/11 19:12:41 1.2 +++ MINUTES53.txt 2006/10/25 14:50:43 @@ -1,8 +1,8 @@ ----------------------------------------------------------------------------- - D R A F T [1] RIPE DNS WG minutes for RIPE 53, Amsterdam + D R A F T [2] RIPE DNS WG minutes for RIPE 53, Amsterdam ----------------------------------------------------------------------------- WG: DNS -Meeting: RIPE 53, Istanbul +Meeting: RIPE 53, Amsterdam Date-1: Wednesday, 4 October 2006 Time-1: 16:00 - 17:00 (UTC +0200) Chair-1: Peter Koch @@ -66,9 +66,9 @@ Questions: Peter Koch asked if interested operators might be able to present at the - normally closed CENTR meetings. Marco said that active participation in - the meetings was encouraged, provided there was not a confidential matter - under discussion. + normally closed CENTR tech meetings. Marcos said the meetings were not open + in general, but guests were allowed if an active contribution is planned, + provided there was not a confidential matter under discussion. ----------------------------------------------------------------------------- From pk at DENIC.DE Wed Oct 25 17:05:14 2006 From: pk at DENIC.DE (Peter Koch) Date: Wed, 25 Oct 2006 17:05:14 +0200 Subject: AI 51.1 [Re: [dns-wg] New RIPE Document available: RIPE-393] In-Reply-To: <20061023095122.DD0D62F583@herring.ripe.net> References: <20061023095122.DD0D62F583@herring.ripe.net> Message-ID: <20061025150514.GE2127@unknown.office.denic.de> Dear WG, On Mon, Oct 23, 2006 at 11:51:22AM +0200, RIPE NCC Document Announcement Service wrote: > Ref: ripe-393 > Title: Evaluating the Effects of Anycast on DNS Root Nameservers > Author: Lorenzo Colitti,Erik Romijn, Henk Uijterwaal & Andrei Robachevsky > This document is the result of a DNS WG action on the RIPE NCC. > http://www.ripe.net/docs/ripe-393.html this refers to our Action Item 51.1: Publish K-Root anycast measurement results through appropriate channels with a RIPE document as a fallback. Please have a look at the document. Unless anyone disagrees until 2006-11-13, the chairs will consider 51.1 done. Thanks to the authors for making the results available. -Peter From pk at DENIC.DE Wed Oct 25 17:29:19 2006 From: pk at DENIC.DE (Peter Koch) Date: Wed, 25 Oct 2006 17:29:19 +0200 Subject: [dns-wg] Last Call on 51.3 "ns*.ripe.net secondary service policy" Message-ID: <20061025152919.GF2127@unknown.office.denic.de> Dear WG, regarding action item 51.3 , Lars-Johan Liman Draft a proposal on the future of the RIPE NCC Secondary DNS Service. To be dealt with on cooperation with the NCC Services WG. the NCC announced in June a change in the eligibility criteria. During the recent meeting in Amsterdam, Liman suggested that the action item was 'overtaken by events' and should be considered closed (marked 'done'). The room unanimously agreed, so I'd like to ask for confirmation of this suggestion here. If you disagree with closing 51.3, please speak up until 2006-11-17, ideally providing specific suggestions at the same time. Thanks, Peter From pk at DENIC.DE Mon Oct 30 21:26:42 2006 From: pk at DENIC.DE (Peter Koch) Date: Mon, 30 Oct 2006 21:26:42 +0100 Subject: [dns-wg] Action Item 48.4 (AAAA anomalies) Last Call In-Reply-To: <20061012084119.GA1426@unknown.office.denic.de> References: <20061012084119.GA1426@unknown.office.denic.de> Message-ID: <20061030202642.GC284@denics7.denic.de> Dear WG, given that there was no response to this request: > action item 48.4 reads : [...] > The wg chairs would like to thank David and Dave for their work and > contributions and propose this AI be considered done. If you disagree, > please speak up until October, 27th, preferrably with identification of [...] > PS: Silence will be taken as consent. we can now consider 48.4 closed. Just FYI here's the list of open deadlines: 2006-10-30 comments on minutes (first round) 2006-11-13 comments on 51.1 2006-11-17 comments on 51.3 -Peter From Ed.Lewis at neustar.biz Mon Oct 30 22:06:34 2006 From: Ed.Lewis at neustar.biz (Edward Lewis) Date: Mon, 30 Oct 2006 16:06:34 -0500 Subject: [dns-wg] retiring old ccTLDs In-Reply-To: <20061011192036.GG1282@unknown.office.denic.de> References: <20061011192036.GG1282@unknown.office.denic.de> Message-ID: This prompted by the minutes, but it isn't a comment about the minutes: At 21:20 +0200 10/11/06, Peter Koch wrote: ... >please find below the draft minutes of last week's two DNS WG sessions. ... > ICANN/IANA Update > (John Crain, ICANN) > > > Questions: > Rob Blokzijl asked why there was a move to retire old ccTLDs. > He could see no technical reason to do this. John agreed that there was > no compelling reason. He added that the question remained about whether > this should be done. Rob pointed out that current guidelines preclude > reuse of ISO3166 country codes for a period of five years. New guidelines > will change this to 50 years. Carsten Schiefner commented that .cs was > reused recently. Previously it was the code for Czechoslovakia; it was > then used for Serbia and Montenegro. I think there is a reason to retire ccTLDs. Perhaps it is not technical, but, if the ccTLDs are granted according to ISO3166, then straying from ISO3166 as it retires country codes means that IANA would have to have a policy and process for determining when to stray. I think we are protected from having to deal with politics if we have a strict policy of following ISO3166 (plus whatever exceptions we've already grandfathered-in). Once a country code is pulled from ISO3166, if there is a plan for phasing it out (I don't think it is appropriate to debate a plan here as this is an IANA matter) that's what any IANA plan should match. I.e., how long until we yank them from the root zone? At what point should an on-going registry refuse to list an NS record in a retired country code domain? -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar Secrets of Success #107: Why arrive at 7am for the good parking space? Come in at 11am while the early birds drive out to lunch. From Ed.Lewis at neustar.biz Mon Oct 30 22:08:10 2006 From: Ed.Lewis at neustar.biz (Edward Lewis) Date: Mon, 30 Oct 2006 16:08:10 -0500 Subject: [dns-wg] Last Call on 51.3 "ns*.ripe.net secondary service policy" In-Reply-To: <20061025152919.GF2127@unknown.office.denic.de> References: <20061025152919.GF2127@unknown.office.denic.de> Message-ID: At 17:29 +0200 10/25/06, Peter Koch wrote: >Dear WG, >The room unanimously agreed, so I'd like to ask for confirmation of this >suggestion here. If you disagree with closing 51.3, please speak up until >2006-11-17, ideally providing specific suggestions at the same time. Please close it. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar Secrets of Success #107: Why arrive at 7am for the good parking space? Come in at 11am while the early birds drive out to lunch. From president at ukraine.su Tue Oct 31 13:27:51 2006 From: president at ukraine.su (Max Tulyev) Date: Tue, 31 Oct 2006 12:27:51 +0000 Subject: [dns-wg] retiring old ccTLDs In-Reply-To: References: <20061011192036.GG1282@unknown.office.denic.de> Message-ID: <45474147.9000909@ukraine.su> Edward Lewis wrote: > I think there is a reason to retire ccTLDs. Perhaps it is not > technical, but, if the ccTLDs are granted according to ISO3166, then > straying from ISO3166 as it retires country codes means that IANA would > have to have a policy and process for determining when to stray. I > think we are protected from having to deal with politics if we have a > strict policy of following ISO3166 (plus whatever exceptions we've > already grandfathered-in). I think we should also take a look at each of that domain individually. Is it usable? Is it grows? Does the community need it? For example, SU grows fast (even it costs $100 per year now), need by community and usable because of many people associate themselves with ex-USSR, and many companies working in ex-USSR market. So this community need it, as like as European people need EU domain (that also not in ISO3166). (of course, I'm protecting my cool e-mail too ;) ) -- WBR, Max Tulyev (MT6561-RIPE, 2:463/253 at FIDO) From Ed.Lewis at neustar.biz Tue Oct 31 14:28:29 2006 From: Ed.Lewis at neustar.biz (Edward Lewis) Date: Tue, 31 Oct 2006 08:28:29 -0500 Subject: [dns-wg] retiring old ccTLDs In-Reply-To: <45474147.9000909@ukraine.su> References: <20061011192036.GG1282@unknown.office.denic.de> <45474147.9000909@ukraine.su> Message-ID: At 12:27 +0000 10/31/06, Max Tulyev wrote: >Edward Lewis wrote: >> I think there is a reason to retire ccTLDs. Perhaps it is not >> technical, but, if the ccTLDs are granted according to ISO3166, then >> straying from ISO3166 as it retires country codes means that IANA would >> have to have a policy and process for determining when to stray. I >> think we are protected from having to deal with politics if we have a >> strict policy of following ISO3166 (plus whatever exceptions we've >> already grandfathered-in). > >I think we should also take a look at each of that domain individually. >Is it usable? Is it grows? Does the community need it? > >For example, SU grows fast (even it costs $100 per year now), need by >community and usable because of many people associate themselves with >ex-USSR, and many companies working in ex-USSR market. So this community >need it, as like as European people need EU domain (that also not in >ISO3166). > >(of course, I'm protecting my cool e-mail too ;) ) The dotSU domain was the first time I was aware of the issue - when someone tried to register a name server with a ".su" domain name. I don't have a particular opinion on whether old ccTLDs are to be shut down or not be shut down based on ISO3166 membership. But IANA has a choice - blindly/faithfully follow that list and abide by the policies governing it or use that list as a guideline and put in place policies and processes for deviation. There are other imaginative solutions - but that's for an IANA forum to discuss. When I said "I think there is a reason" it's because I wouldn't want to be involved in the set up of policies and processes for this. If others want to, that's fine by me. ;) -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar Secrets of Success #107: Why arrive at 7am for the good parking space? Come in at 11am while the early birds drive out to lunch. From kim.davies at icann.org Tue Oct 31 17:46:06 2006 From: kim.davies at icann.org (Kim Davies) Date: Tue, 31 Oct 2006 08:46:06 -0800 Subject: [dns-wg] retiring old ccTLDs In-Reply-To: <45474147.9000909@ukraine.su> References: <20061011192036.GG1282@unknown.office.denic.de> <45474147.9000909@ukraine.su> Message-ID: <45477DCE.8080505@icann.org> Max Tulyev wrote: > For example, SU grows fast (even it costs $100 per year now), need by > community and usable because of many people associate themselves with > ex-USSR, and many companies working in ex-USSR market. So this community > need it, as like as European people need EU domain (that also not in > ISO3166). Actually, that is incorrect. EU is in the ISO-3166 list as a special reservation, SU is not. kim From jim at rfc1035.com Tue Oct 31 17:56:20 2006 From: jim at rfc1035.com (Jim Reid) Date: Tue, 31 Oct 2006 16:56:20 +0000 Subject: [dns-wg] retiring old ccTLDs In-Reply-To: <45477DCE.8080505@icann.org> References: <20061011192036.GG1282@unknown.office.denic.de> <45474147.9000909@ukraine.su> <45477DCE.8080505@icann.org> Message-ID: <154BC521-6EE5-490E-B219-8E72B2E35EAD@rfc1035.com> On Oct 31, 2006, at 16:46, Kim Davies wrote: > Actually, that is incorrect. EU is in the ISO-3166 list as a special > reservation, SU is not. So what? UK isn't in 3166 either. BTW, the "official" ISO list doesn't have EU: http://www.iso.org/iso/en/prods-services/iso3166ma/02iso-3166-code- lists/list-en1.html From president at ukraine.su Tue Oct 31 17:52:02 2006 From: president at ukraine.su (Max Tulyev) Date: Tue, 31 Oct 2006 19:52:02 +0300 Subject: [dns-wg] retiring old ccTLDs In-Reply-To: <45477DCE.8080505@icann.org> References: <20061011192036.GG1282@unknown.office.denic.de> <45474147.9000909@ukraine.su> <45477DCE.8080505@icann.org> Message-ID: <45477F32.1070805@ukraine.su> Kim, Could you please point me it on the site? I can't figure it out :( There is no EU (as well as SU) at the list there or at the links nearby: http://www.iso.org/iso/en/prods-services/iso3166ma/02iso-3166-code-lists/list-en1.html#gk Kim Davies wrote: > Max Tulyev wrote: >> For example, SU grows fast (even it costs $100 per year now), need by >> community and usable because of many people associate themselves with >> ex-USSR, and many companies working in ex-USSR market. So this community >> need it, as like as European people need EU domain (that also not in >> ISO3166). > > Actually, that is incorrect. EU is in the ISO-3166 list as a special > reservation, SU is not. > > kim > -- WBR, Max Tulyev (MT6561-RIPE, 2:463/253 at FIDO) From president at ukraine.su Tue Oct 31 17:57:15 2006 From: president at ukraine.su (Max Tulyev) Date: Tue, 31 Oct 2006 19:57:15 +0300 Subject: [dns-wg] retiring old ccTLDs In-Reply-To: <154BC521-6EE5-490E-B219-8E72B2E35EAD@rfc1035.com> References: <20061011192036.GG1282@unknown.office.denic.de> <45474147.9000909@ukraine.su> <45477DCE.8080505@icann.org> <154BC521-6EE5-490E-B219-8E72B2E35EAD@rfc1035.com> Message-ID: <4547806B.1010507@ukraine.su> Jim Reid wrote: > On Oct 31, 2006, at 16:46, Kim Davies wrote: > >> Actually, that is incorrect. EU is in the ISO-3166 list as a special >> reservation, SU is not. > > So what? UK isn't in 3166 either. > > BTW, the "official" ISO list doesn't have EU: > > http://www.iso.org/iso/en/prods-services/iso3166ma/02iso-3166-code-lists/list-en1.html > So we have huge desync in TLD and ISO-3166 in the real life. Is it an issue to return to my talks with ICANN about TLD for Transdnistria country? ;) -- WBR, Max Tulyev (MT6561-RIPE, 2:463/253 at FIDO) From kim.davies at icann.org Tue Oct 31 18:06:35 2006 From: kim.davies at icann.org (Kim Davies) Date: Tue, 31 Oct 2006 09:06:35 -0800 Subject: [dns-wg] retiring old ccTLDs In-Reply-To: <154BC521-6EE5-490E-B219-8E72B2E35EAD@rfc1035.com> References: <20061011192036.GG1282@unknown.office.denic.de> <45474147.9000909@ukraine.su> <45477DCE.8080505@icann.org> <154BC521-6EE5-490E-B219-8E72B2E35EAD@rfc1035.com> Message-ID: <4547829B.9030204@icann.org> Jim Reid wrote: > On Oct 31, 2006, at 16:46, Kim Davies wrote: > >> Actually, that is incorrect. EU is in the ISO-3166 list as a special >> reservation, SU is not. > > So what? UK isn't in 3166 either. > > BTW, the "official" ISO list doesn't have EU: Both EU and UK are in the ISO 3166 standard as "exceptionally reserved", which allows for usage. SU, on the other hand is listed as retired ("transitionally reserved"). You can see an overview of the status of the codes at: http://www.iso.org/iso/en/prods-services/iso3166ma/02iso-3166-code-lists/iso_3166-1_decoding_table.html kim From kim.davies at icann.org Tue Oct 31 18:17:14 2006 From: kim.davies at icann.org (Kim Davies) Date: Tue, 31 Oct 2006 09:17:14 -0800 Subject: [dns-wg] retiring old ccTLDs In-Reply-To: <4547806B.1010507@ukraine.su> References: <20061011192036.GG1282@unknown.office.denic.de> <45474147.9000909@ukraine.su> <45477DCE.8080505@icann.org> <154BC521-6EE5-490E-B219-8E72B2E35EAD@rfc1035.com> <4547806B.1010507@ukraine.su> Message-ID: <4547851A.4070600@icann.org> Hi, Max Tulyev wrote: > > So we have huge desync in TLD and ISO-3166 in the real life. > > Actually there are only three: SU, YU and TP. IANA has had constructive dialogue with YU and TP on their decommissioning. Naturally YU first will require the successor domains (RS, ME) to be established before that could happen in earnest. kim From training at ripe.net Tue Oct 31 18:17:31 2006 From: training at ripe.net (RIPE NCC Training Services) Date: Tue, 31 Oct 2006 18:17:31 +0100 Subject: [dns-wg] Announcement DNS for LIRs Training Courses Message-ID: <20061031171731.A9DC32F593@herring.ripe.net> Dear Colleagues, The RIPE NCC Training Services Department invites you to register for one of our upcoming DNS for LIRs Training Courses: Date: Friday 26 January 2007 Time: 09:00-17:00 Location: Ljubljana, Slovenia And Date: Friday 9 March 2007 Time: 09:00-17:00 Location: Edinburgh, United Kingdom And Date: Friday 30 March 2007 Time: 09:00-17:00 Location: Lisbon, Portugal The main objective of the DNS for LIRs Training Course is to provide LIRs with information about the different DNS related services the RIPE NCC has available for them. It covers reverse DNS procedures and checks, as well as giving information about DNS Monitoring (DNSMON), K-Root and anycasting. The course also covers DNSSEC and the specific procedures set up by the RIPE NCC to secure the in-addr.arpa zones. Please note that the DNS for LIRs course focuses on DNS services and procedures related to being an LIR. The course does: - NOT teach the basics of DNS - NOT describe how to receive Internet resources from the RIPE NCC - NOT describe fully how to operate a Local Internet Registry (LIR) The course is intended for technical staff of LIRs. It is assumed that all attendees are familiar with common DNS terminology and have a practical knowledge of operating DNS servers. The course is free of charge. We provide lunch and printed training materials. We do not cover any of your travel expenses or accommodation. We give all of our training courses in English. You can find more information about the course at: http://www.ripe.net/training/dns REGISTRATION: ============ To register for this course, please use the LIR Portal or complete the registration via our website on: http://www.ripe.net/cgi-bin/trainingform.pl.cgi If you have any questions please do not hesitate to contact us at . Kind regards, Rumy Kanis Training Services Manager RIPE NCC From randy at psg.com Tue Oct 31 18:36:27 2006 From: randy at psg.com (Randy Bush) Date: Tue, 31 Oct 2006 07:36:27 -1000 Subject: [dns-wg] retiring old ccTLDs References: <20061011192036.GG1282@unknown.office.denic.de> <45474147.9000909@ukraine.su> <45477DCE.8080505@icann.org> <154BC521-6EE5-490E-B219-8E72B2E35EAD@rfc1035.com> <4547829B.9030204@icann.org> Message-ID: <17735.35227.500107.636744@roam.psg.com> > Both EU and UK are in the ISO 3166 standard as "exceptionally reserved", > which allows for usage. > > SU, on the other hand is listed as retired ("transitionally reserved"). > > You can see an overview of the status of the codes at: > > > http://www.iso.org/iso/en/prods-services/iso3166ma/02iso-3166-code-lists/iso_3166-1_decoding_table.html live sure seemed a bit simpler when we followed simpler rules. randy From jaap at NLnetLabs.nl Tue Oct 31 19:39:07 2006 From: jaap at NLnetLabs.nl (Jaap Akkerhuis) Date: Tue, 31 Oct 2006 19:39:07 +0100 Subject: [dns-wg] retiring old ccTLDs In-Reply-To: Your message of Tue, 31 Oct 2006 16:56:20 +0000. <154BC521-6EE5-490E-B219-8E72B2E35EAD@rfc1035.com> Message-ID: <200610311839.k9VId79I080881@open.nlnetlabs.nl> Note, the ISO information is somewhat confusing. BTW, the "official" ISO list doesn't have EU: http://www.iso.org/iso/en/prods-services/iso3166ma/02iso-3166-code- lists/list-en1.html This is just a subset of the 3166 list. To quote: This list states the country names (official short names in English) in alphabetical order as given in ISO 3166-1 and the corresponding ISO 3166-1-alpha-2 code elements. and European Union(*) is clearly not country. The UNITED KINGDOM(**) is (GB) but the United Kingdom(*) (UK) apparently not. The list Kim points to, the "decoding table" (http://www.iso.org/iso/en/prods-services/iso3166ma/02iso-3166-code- lists/iso_3166-1_decoding_table.html) contains all codes covered by 3166. To quote: This decoding table provides the user of ISO 3166-1 with an easy access to the definition of all 676 code elements available in the alpha-2 code of ISO's country code standard. So, be careful what you quote. jaap (*) Spelling according to the code table. See also footnote (b) of this table (**) Short name; Official name: United Kingdom of Great Britain and Nothern Island (according to 3166 5th edition). From dougb at dougbarton.us Tue Oct 31 20:09:24 2006 From: dougb at dougbarton.us (Doug Barton) Date: Tue, 31 Oct 2006 11:09:24 -0800 Subject: [dns-wg] retiring old ccTLDs In-Reply-To: <45477F32.1070805@ukraine.su> References: <20061011192036.GG1282@unknown.office.denic.de> <45474147.9000909@ukraine.su> <45477DCE.8080505@icann.org> <45477F32.1070805@ukraine.su> Message-ID: <45479F64.8070802@dougbarton.us> Max Tulyev wrote: > Kim, > > Could you please point me it on the site? I can't figure it out :( Kim already posted the URL you want to look at, but I'll include it here for you just in case: http://www.iso.org/iso/en/prods-services/iso3166ma/02iso-3166-code-lists/iso_3166-1_decoding_table.html Speaking from experience, I'd like to emphasize what others have said. You do not want what you are asking for. You do not want ICANN (remember, IANA is ICANN) making decisions about what ccTLDs are "worthy" of being in the root absent some objective, third party reference. You do not want them making decisions about the factors that you mentioned in your first message (usability, growth rate, community "need"), and you do not want ICANN in the middle of all the political wrangling that would happen if you ever opened that door. You do not want this. Now I know that you THINK you want it, because you want to make a case for preserving YOUR ccTLD. But you really don't want to open that can of worms. Doug -- If you're never wrong, you're not trying hard enough From randy at psg.com Tue Oct 31 20:22:47 2006 From: randy at psg.com (Randy Bush) Date: Tue, 31 Oct 2006 09:22:47 -1000 Subject: [dns-wg] retiring old ccTLDs In-Reply-To: <45479F64.8070802@dougbarton.us> References: <20061011192036.GG1282@unknown.office.denic.de> <45474147.9000909@ukraine.su> <45477DCE.8080505@icann.org> <45477F32.1070805@ukraine.su> <45479F64.8070802@dougbarton.us> Message-ID: <4547A287.5030500@psg.com> > Now I know that you THINK you want it, because you want to make a case > for preserving YOUR ccTLD. But you really don't want to open that can > of worms. your mail system seems broken. it has regurgitated an old mail. one pre the issuance of EU randy From dougb at dougbarton.us Tue Oct 31 20:45:34 2006 From: dougb at dougbarton.us (Doug Barton) Date: Tue, 31 Oct 2006 11:45:34 -0800 Subject: [dns-wg] retiring old ccTLDs In-Reply-To: <4547A287.5030500@psg.com> References: <20061011192036.GG1282@unknown.office.denic.de> <45474147.9000909@ukraine.su> <45477DCE.8080505@icann.org> <45477F32.1070805@ukraine.su> <45479F64.8070802@dougbarton.us> <4547A287.5030500@psg.com> Message-ID: <4547A7DE.8030308@dougbarton.us> Randy Bush wrote: >> Now I know that you THINK you want it, because you want to make a case >> for preserving YOUR ccTLD. But you really don't want to open that can >> of worms. > > your mail system seems broken. it has regurgitated an old mail. one > pre the issuance of EU As Kim pointed out, EU is "in the list" as exceptionally reserved, just like UK and AC. If you'd like to have a discussion about not including any exceptionally reserved names in the root, the ccNSO and/or the ccNSO-IANA working group are probably the best forums for that. If you choose to have that discussion, it's probably worth noting that it is not uncommon for names to move from "exceptionally reserved" status to "officially assigned" status, as has happened over the last two years for GG, IM, and JE. Sure it would be nice if the world was simple, but it's not. On the other hand, SU has specifically been deleted by ISO, hence the ccTLD needs to be deleted as well (just like ZR was back in the day). For that matter, TP is way overdue for being deleted, as the TL domain has been up and running for a long time now. I think we can cut YU some slack until the ME and SE domains are up and running, but then that one needs to go too. My point is, we actually do have a policy here, and the SU operators are running their operation with deliberate disregard for it. If you don't like the policy, there are places to debate it, however since this isn't one of them, I think I'll leave it at that. Doug -- If you're never wrong, you're not trying hard enough From mansaxel at sunet.se Tue Oct 31 23:26:51 2006 From: mansaxel at sunet.se (=?UTF-8?Q?M=C3=A5ns_Nilsson?=) Date: Tue, 31 Oct 2006 23:26:51 +0100 Subject: [dns-wg] retiring old ccTLDs In-Reply-To: <4547A7DE.8030308@dougbarton.us> References: <20061011192036.GG1282@unknown.office.denic.de> <45474147.9000909@ukraine.su> <45477DCE.8080505@icann.org> <45477F32.1070805@ukraine.su> <45479F64.8070802@dougbarton.us> <4547A287.5030500@psg.com> <4547A7DE.8030308@dougbarton.us> Message-ID: --On tisdag, tisdag 31 okt 2006 11.45.34 -0800 Doug Barton wrote: > some slack until the ME and SE domains are up and running, but then > that one needs to go too. Methinks SE is up and running and has been so for some time. I think Bj?rn got the delegation from Jon Postel 1984, and we've been trying to not fall of the Internet since then. I believe you're confusing Konungariket Sverige (SE) with Republika Srbija (RS), in some form. -- M?ns Nilsson Systems Specialist +46 70 681 7204 cell KTHNOC +46 8 790 6518 office MN1334-RIPE I wonder if I should put myself in ESCROW!! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available URL: From training at ripe.net Tue Oct 31 18:17:31 2006 From: training at ripe.net (RIPE NCC Training Services) Date: Tue, 31 Oct 2006 18:17:31 +0100 Subject: [dns-wg] [ncc-announce] Announcement DNS for LIRs Training Courses Message-ID: <20061031171731.A9DC32F593@herring.ripe.net> Dear Colleagues, The RIPE NCC Training Services Department invites you to register for one of our upcoming DNS for LIRs Training Courses: Date: Friday 26 January 2007 Time: 09:00-17:00 Location: Ljubljana, Slovenia And Date: Friday 9 March 2007 Time: 09:00-17:00 Location: Edinburgh, United Kingdom And Date: Friday 30 March 2007 Time: 09:00-17:00 Location: Lisbon, Portugal The main objective of the DNS for LIRs Training Course is to provide LIRs with information about the different DNS related services the RIPE NCC has available for them. It covers reverse DNS procedures and checks, as well as giving information about DNS Monitoring (DNSMON), K-Root and anycasting. The course also covers DNSSEC and the specific procedures set up by the RIPE NCC to secure the in-addr.arpa zones. Please note that the DNS for LIRs course focuses on DNS services and procedures related to being an LIR. The course does: - NOT teach the basics of DNS - NOT describe how to receive Internet resources from the RIPE NCC - NOT describe fully how to operate a Local Internet Registry (LIR) The course is intended for technical staff of LIRs. It is assumed that all attendees are familiar with common DNS terminology and have a practical knowledge of operating DNS servers. The course is free of charge. We provide lunch and printed training materials. We do not cover any of your travel expenses or accommodation. We give all of our training courses in English. You can find more information about the course at: http://www.ripe.net/training/dns REGISTRATION: ============ To register for this course, please use the LIR Portal or complete the registration via our website on: http://www.ripe.net/cgi-bin/trainingform.pl.cgi If you have any questions please do not hesitate to contact us at . Kind regards, Rumy Kanis Training Services Manager RIPE NCC From training at ripe.net Tue Oct 31 18:17:31 2006 From: training at ripe.net (RIPE NCC Training Services) Date: Tue, 31 Oct 2006 18:17:31 +0100 Subject: [dns-wg] [ncc-announce] Announcement DNS for LIRs Training Courses Message-ID: <20061031171731.A9DC32F593@herring.ripe.net> Dear Colleagues, The RIPE NCC Training Services Department invites you to register for one of our upcoming DNS for LIRs Training Courses: Date: Friday 26 January 2007 Time: 09:00-17:00 Location: Ljubljana, Slovenia And Date: Friday 9 March 2007 Time: 09:00-17:00 Location: Edinburgh, United Kingdom And Date: Friday 30 March 2007 Time: 09:00-17:00 Location: Lisbon, Portugal The main objective of the DNS for LIRs Training Course is to provide LIRs with information about the different DNS related services the RIPE NCC has available for them. It covers reverse DNS procedures and checks, as well as giving information about DNS Monitoring (DNSMON), K-Root and anycasting. The course also covers DNSSEC and the specific procedures set up by the RIPE NCC to secure the in-addr.arpa zones. Please note that the DNS for LIRs course focuses on DNS services and procedures related to being an LIR. The course does: - NOT teach the basics of DNS - NOT describe how to receive Internet resources from the RIPE NCC - NOT describe fully how to operate a Local Internet Registry (LIR) The course is intended for technical staff of LIRs. It is assumed that all attendees are familiar with common DNS terminology and have a practical knowledge of operating DNS servers. The course is free of charge. We provide lunch and printed training materials. We do not cover any of your travel expenses or accommodation. We give all of our training courses in English. You can find more information about the course at: http://www.ripe.net/training/dns REGISTRATION: ============ To register for this course, please use the LIR Portal or complete the registration via our website on: http://www.ripe.net/cgi-bin/trainingform.pl.cgi If you have any questions please do not hesitate to contact us at . Kind regards, Rumy Kanis Training Services Manager RIPE NCC From training at ripe.net Tue Oct 31 18:17:31 2006 From: training at ripe.net (RIPE NCC Training Services) Date: Tue, 31 Oct 2006 18:17:31 +0100 Subject: [dns-wg] [ncc-announce] Announcement DNS for LIRs Training Courses Message-ID: <20061031171731.A9DC32F593@herring.ripe.net> Dear Colleagues, The RIPE NCC Training Services Department invites you to register for one of our upcoming DNS for LIRs Training Courses: Date: Friday 26 January 2007 Time: 09:00-17:00 Location: Ljubljana, Slovenia And Date: Friday 9 March 2007 Time: 09:00-17:00 Location: Edinburgh, United Kingdom And Date: Friday 30 March 2007 Time: 09:00-17:00 Location: Lisbon, Portugal The main objective of the DNS for LIRs Training Course is to provide LIRs with information about the different DNS related services the RIPE NCC has available for them. It covers reverse DNS procedures and checks, as well as giving information about DNS Monitoring (DNSMON), K-Root and anycasting. The course also covers DNSSEC and the specific procedures set up by the RIPE NCC to secure the in-addr.arpa zones. Please note that the DNS for LIRs course focuses on DNS services and procedures related to being an LIR. The course does: - NOT teach the basics of DNS - NOT describe how to receive Internet resources from the RIPE NCC - NOT describe fully how to operate a Local Internet Registry (LIR) The course is intended for technical staff of LIRs. It is assumed that all attendees are familiar with common DNS terminology and have a practical knowledge of operating DNS servers. The course is free of charge. We provide lunch and printed training materials. We do not cover any of your travel expenses or accommodation. We give all of our training courses in English. You can find more information about the course at: http://www.ripe.net/training/dns REGISTRATION: ============ To register for this course, please use the LIR Portal or complete the registration via our website on: http://www.ripe.net/cgi-bin/trainingform.pl.cgi If you have any questions please do not hesitate to contact us at . Kind regards, Rumy Kanis Training Services Manager RIPE NCC