From ruben at ripe.net Thu Sep 14 15:16:15 2006 From: ruben at ripe.net (Ruben van Staveren) Date: Thu, 14 Sep 2006 15:16:15 +0200 Subject: [dns-wg] RIPE NCC DNSSEC Key Maintenance: Preemptive Key Signing Key Rollover Message-ID: <20060914131612.GA23940@cow.ripe.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [Apologies for duplicate e-mails] Dear Colleagues, Due to the recently published weakness in PKCS 1.5 signatures in OpenSSL RSA crypto, the RIPE NCC will be performing an key signing key (KSK) rollover earlier than planned. We have completed the first phase of the procedure and have published the new Key Signing Keys (KSK's). The deprecated keys will remain valid for a maximum of three months. We recommend that you reconfigure any resolvers to use the new keys. You can download them from: https://www.ripe.net/projects/disi//keys/ripe-ncc-dnssec-keys-new.txt The DNSSEC Key Maintenance Procedure is available at: https://www.ripe.net/rs/reverse/dnssec/key-maintenance-procedure.html The following references may be useful: http://www.openssl.org/news/secadv_20060905.txt http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 We thank you for your patience and apologise for any inconvenience this maintenance may cause. If you have any questions regarding this maintenance please e-mail: ops at ripe.net. Regards, Ruben van Staveren Operations Group RIPE NCC -----BEGIN PGP SIGNATURE----- Comment: For info see https://www.ripe.net/rs/pgp/ iD8DBQFFCVSambreNIsOKy8RAsRWAJ9jVQT++r9aZ3b0sCAl+IMFaUQLrgCfTtFb 5Az85tIv7TrWHVYoyt4Wvto= =tvtB -----END PGP SIGNATURE----- -- Ruben van Staveren RIPE Network Coordination Center Operations Group Singel 258 Amsterdam NL http://www.ripe.net +31 20 535 4444 PGP finger print 6501 4389 A675 477E DCE5 53D8 9108 49E2 DAFC 271B From bmanning at vacation.karoshi.com Thu Sep 14 19:03:27 2006 From: bmanning at vacation.karoshi.com (bmanning at vacation.karoshi.com) Date: Thu, 14 Sep 2006 17:03:27 +0000 Subject: [dns-wg] RIPE NCC DNSSEC Key Maintenance: Preemptive Key Signing Key Rollover In-Reply-To: <20060914131612.GA23940@cow.ripe.net> References: <20060914131612.GA23940@cow.ripe.net> Message-ID: <20060914170327.GB8642@vacation.karoshi.com.> as a suggestion, could you -please- put a date on the web page that indicates when the keys were generated or expected to be valid? --bill On Thu, Sep 14, 2006 at 03:16:15PM +0200, Ruben van Staveren wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > [Apologies for duplicate e-mails] > > Dear Colleagues, > > Due to the recently published weakness in PKCS 1.5 signatures in OpenSSL > RSA crypto, the RIPE NCC will be performing an key signing key (KSK) > rollover earlier than planned. > > We have completed the first phase of the procedure and have published > the new Key Signing Keys (KSK's). The deprecated keys will remain valid for > a maximum of three months. > > We recommend that you reconfigure any resolvers to use the new keys. You > can download them from: > https://www.ripe.net/projects/disi//keys/ripe-ncc-dnssec-keys-new.txt > > The DNSSEC Key Maintenance Procedure is available at: > https://www.ripe.net/rs/reverse/dnssec/key-maintenance-procedure.html > > The following references may be useful: > http://www.openssl.org/news/secadv_20060905.txt > http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 > > We thank you for your patience and apologise for any inconvenience this > maintenance may cause. > > If you have any questions regarding this maintenance please e-mail: > ops at ripe.net. > > Regards, > > > Ruben van Staveren > Operations Group > RIPE NCC > -----BEGIN PGP SIGNATURE----- > Comment: For info see https://www.ripe.net/rs/pgp/ > > iD8DBQFFCVSambreNIsOKy8RAsRWAJ9jVQT++r9aZ3b0sCAl+IMFaUQLrgCfTtFb > 5Az85tIv7TrWHVYoyt4Wvto= > =tvtB > -----END PGP SIGNATURE----- > > -- > Ruben van Staveren RIPE Network Coordination Center > Operations Group Singel 258 Amsterdam NL > http://www.ripe.net +31 20 535 4444 > PGP finger print 6501 4389 A675 477E DCE5 53D8 9108 49E2 DAFC 271B From olaf at NLnetLabs.nl Fri Sep 15 19:34:53 2006 From: olaf at NLnetLabs.nl (Olaf M. Kolkman) Date: Fri, 15 Sep 2006 19:34:53 +0200 Subject: [dns-wg] RIPE NCC DNSSEC Key Maintenance: Preemptive Key Signing Key Rollover In-Reply-To: <20060914170327.GB8642@vacation.karoshi.com.> References: <20060914131612.GA23940@cow.ripe.net> <20060914170327.GB8642@vacation.karoshi.com.> Message-ID: On 14Sep 2006, at 7:03 PM, bmanning at vacation.karoshi.com wrote: > as a suggestion, could you -please- put a date on the web page > that indicates when the keys were generated or expected to be valid? > I agree the inception date to be very handy. But an expected end date has the danger that people will hard code such thing into their scripts and that might prevent rolls just like the one we see now. The minimal time they are to be valid would be OK. Then the script can take that as its TTL. I would also like to point this community to draft-ietf-dnsext- trustupdate-timers which is very relevant in this context --in terms of a standarized method for automatic rollovers-- and is about to be last called. [1] http://tools.ietf.org/wg/dnsext/draft-ietf-dnsext-trustupdate- timers/ ---Olaf ----------------------------------------------------------- Olaf M. Kolkman NLnet Labs http://www.nlnetlabs.nl/ From brettcarr at ripe.net Mon Sep 18 16:11:19 2006 From: brettcarr at ripe.net (Brett Carr) Date: Mon, 18 Sep 2006 16:11:19 +0200 Subject: [dns-wg] dnssec statistics action point 52.2 Message-ID: <01d101c6db2c$5004be90$f00e3bb0$@net> At the RIPE 52 meeting, the DNS Working Group asked us to provide statistics on secured delegations within RIPE NCC hosted zones. At the time of this e-mail, the figures are as follows: Total number of zones hosted as a primary by RIPE NCC - 113 Total number of primary zones that are signed - 72 Total number of NS records in all zones - 521,811 Total number of DS records in all zones - 61 We are of course happy to answer any questions about these numbers. Background Information: The RIPE NCC hosts the majority of the 41 unsigned zones on behalf of third parties. We can and will continue to expand the list of signed zones. The current keys for all zones that we sign are available at: https://www.ripe.net/projects/disi/keys/ripe-ncc-dnssec-keys-new.txt We accept signed delegations (DS records) for all in-addr.arpa zones where we are primary. We cannot currently accept signed delegations (DS records) for those zones in ERX space, where we are not primary for the zone. The two graphs attached to this e-mail show the distribution of both NS and DS records. Regards. Brett. -- Brett Carr RIPE Network Coordination Centre Systems Engineer -- Operations Group Amsterdam, Netherlands GPG Key fingerprint = F20D B2A7 C91D E370 44CF F244 B6A1 EF48 E743 F7D8 -------------- next part -------------- A non-text attachment was scrubbed... Name: NSStats.gif Type: image/gif Size: 13856 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: DSStats.gif Type: image/gif Size: 10224 bytes Desc: not available URL: From Ed.Lewis at neustar.biz Mon Sep 18 18:36:40 2006 From: Ed.Lewis at neustar.biz (Edward Lewis) Date: Mon, 18 Sep 2006 12:36:40 -0400 Subject: [dns-wg] dnssec statistics action point 52.2 In-Reply-To: <01d101c6db2c$5004be90$f00e3bb0$@net> References: <01d101c6db2c$5004be90$f00e3bb0$@net> Message-ID: At 16:11 +0200 9/18/06, Brett Carr wrote: >At the RIPE 52 meeting, the DNS Working Group asked us to provide >statistics on secured delegations within RIPE NCC hosted zones. > >At the time of this e-mail, the figures are as follows: > >Total number of zones hosted as a primary by RIPE NCC - 113 >Total number of primary zones that are signed - 72 >Total number of NS records in all zones - 521,811 >Total number of DS records in all zones - 61 > >We are of course happy to answer any questions about these numbers. Thanks for the numbers. What I would like to do is to measure the community interest in DNSSEC in terms of how many are deploying DNSSEC, and so I have some questions. As far as the 521,811 NS records - how many different "sets" of NS records does that represent. Specifically, how many of those delegations are to outside (non-RIPE NCC) administrations? Same for the DS records. How many sets, and how many sets to outside administrations? The measure of adoption I am looking at is what percent of zones delegated away from RIPE NCC are signed. It would also be interesting, but probably too time consuming, to find the percentage of administrations with delegations that are deploying DNSSEC. (I.e., you may have 10 zones signed, but that could represent just 1 administration.) > >Background Information: > >The RIPE NCC hosts the majority of the 41 unsigned zones on behalf of >third parties. We can and will continue to expand the list of signed zones. > >The current keys for all zones that we sign are available at: >https://www.ripe.net/projects/disi/keys/ripe-ncc-dnssec-keys-new.txt > >We accept signed delegations (DS records) for all in-addr.arpa zones >where we are primary. > >We cannot currently accept signed delegations (DS records) for those >zones in ERX space, where we are not primary for the zone. > >The two graphs attached to this e-mail show the distribution of both NS >and DS records. > >Regards. > >Brett. > >-- >Brett Carr RIPE Network Coordination Centre >Systems Engineer -- Operations Group Amsterdam, Netherlands >GPG Key fingerprint = F20D B2A7 C91D E370 44CF F244 B6A1 EF48 E743 F7D8 > > >Attachment converted: Macintosh HD:NSStats.gif (GIFf/?IC?) (0027C820) >Attachment converted: Macintosh HD:DSStats.gif (GIFf/?IC?) (0027C821) -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar Secrets of Success #107: Why arrive at 7am for the good parking space? Come in at 11am while the early birds drive out to lunch. From brettcarr at ripe.net Tue Sep 19 11:06:58 2006 From: brettcarr at ripe.net (Brett Carr) Date: Tue, 19 Sep 2006 11:06:58 +0200 Subject: [dns-wg] dnssec statistics action point 52.2 In-Reply-To: References: <01d101c6db2c$5004be90$f00e3bb0$@net> Message-ID: <005d01c6dbca$f5f0bef0$e1d23cd0$@net> Hello Ed, > -----Original Message----- > From: Edward Lewis [mailto:Ed.Lewis at neustar.biz] > Sent: Monday, September 18, 2006 6:37 PM > To: Brett Carr > Cc: dns-wg at ripe.net > Subject: Re: [dns-wg] dnssec statistics action point 52.2 > > At 16:11 +0200 9/18/06, Brett Carr wrote: > >At the RIPE 52 meeting, the DNS Working Group asked us to provide > >statistics on secured delegations within RIPE NCC hosted zones. > > > >At the time of this e-mail, the figures are as follows: > > > >Total number of zones hosted as a primary by RIPE NCC - 113 > >Total number of primary zones that are signed - 72 > >Total number of NS records in all zones - 521,811 > >Total number of DS records in all zones - 61 > > > >We are of course happy to answer any questions about these numbers. > > Thanks for the numbers. What I would like to do > is to measure the community interest in DNSSEC in > terms of how many are deploying DNSSEC, and so I > have some questions. > > As far as the 521,811 NS records - how many > different "sets" of NS records does that > represent. Specifically, how many of those > delegations are to outside (non-RIPE NCC) > administrations? > NS Record Sets: 225432 RIPE NCC: 49 Other: 225383 > Same for the DS records. How many sets, and how > many sets to outside administrations? DS Records: 61 RIPE NCC: 14 Other: 47 > > The measure of adoption I am looking at is what > percent of zones delegated away from RIPE NCC are > signed. It would also be interesting, but > probably too time consuming, to find the > percentage of administrations with delegations > that are deploying DNSSEC. (I.e., you may have > 10 zones signed, but that could represent just 1 > administration.) So I'd read the percentage of signed zones as 0.02 My feeling is we are still currently just looking at very early experimentation. -- Brett Carr RIPE Network Coordination Centre Systems Engineer -- Operations Group Amsterdam, Netherlands GPG Key fingerprint = F20D B2A7 C91D E370 44CF F244 B6A1 EF48 E743 F7D8 From president at ukraine.su Tue Sep 19 18:06:45 2006 From: president at ukraine.su (Max Tulyev) Date: Tue, 19 Sep 2006 16:06:45 +0000 Subject: [dns-wg] dnssec statistics action point 52.2 In-Reply-To: <005d01c6dbca$f5f0bef0$e1d23cd0$@net> References: <01d101c6db2c$5004be90$f00e3bb0$@net> <005d01c6dbca$f5f0bef0$e1d23cd0$@net> Message-ID: <45101595.4050800@ukraine.su> Brett Carr wrote: >> Same for the DS records. How many sets, and how >> many sets to outside administrations? > > DS Records: 61 > RIPE NCC: 14 > Other: 47 At least 21 mine and my client's backresolve domains are signed (have DS record in domain: object). Is there really 47 signed backresolve domains total or I missed something? -- WBR, Max Tulyev (MT6561-RIPE, 2:463/253 at FIDO) From brettcarr at ripe.net Fri Sep 22 12:30:21 2006 From: brettcarr at ripe.net (Brett Carr) Date: Fri, 22 Sep 2006 12:30:21 +0200 Subject: [dns-wg] DNS Lameness Checking Proposal In-Reply-To: References: <004201c6baef$c15c4e80$4414eb80$@net> Message-ID: <000101c6de32$1b6ae840$5240b8c0$@net> Ed, sorry for the late reply on this. > -----Original Message----- > From: Edward Lewis [mailto:Ed.Lewis at neustar.biz] > Sent: Tuesday, August 08, 2006 8:21 PM > To: Brett Carr > Cc: dns-wg at ripe.net > Subject: Re: [dns-wg] DNS Lameness Checking Proposal > > At 3:37 PM +0200 8/8/06, Brett Carr wrote: > >As per the dns-wg Action point 52.3 from RIPE 52 > > > >"post questions and proposal to wg mailing list on how to deal with > >lame delegations when either the NCC is responsible for maintaining > the > >parent or for running a (secondary) server for the child that is or is > >about to become delegated lame due to an unavailable *xfr source." > > > >Please find attached "dnslamecheckAug2006.txt" a proposal on how the > >RIPE NCC should test for lameness and what the resulting actions could > be. > > > >Your feedback and discussion on this proposal is welcomed. > > I can't resist dwelling in lameness. > > I'll throw out a few ideas at a non-detail level. > > One is that I'd like to see a plan to measure the success of the > efforts. More or less, how big is the problem and what dent is being > made. This will help decide if the work is worth the payoff. I have added to the document that we will assess the effectiveness of the checks periodically. I didn't think it was appropriate for this document to state any more detail than that for now. > > Two is to clear up "one email per server." The average number of zones > per server is higher in the reverse space than forward space (a /20 > translates into a bunch of /24's). I think you should look at what you > want to present to an admin from their point of view. Not just for > their benefit, but also to make interactions more manageable for you. > I've also clarified this a little more in version 2 of the document, hopefully available next week. > I think is it beneficial to just observe and report lameness, maybe > there's no need to remove lame delegations for this to have a benefit. > I don't see any mention of what the plan is for zones that remain lame. > Do you just want to let them be, or do you want to "enforce" non- > lameness? > > Three is remove any specificity about "A or AAAA" - just call them > address records. And make it clear that the testing is network-layer > protocol independent. > Also noted and taken care of in version 2. > Four is what do you do about failed lookups of address records for name > servers? Like, no response as opposed to NXDOMAIN? Without an IP > address, you may still have to track a lame NS record, as opposed to a > lame NS-A[AAA] combination. > We will still attempt to contact the admin of the server (hopefully from contact information in the SOA record of the domain) if the domain no longer exists at all then I think we will only be able to report this to the owner of the delegation. > Five, what about anycasted servers? It's possible that a zone may have > no available servers in some regions (because of routing effects), but > be okay in other locations. Will all testing be done from one > location? I've added something about anycasting to the new document aswell. Initially at least all testing will be done from Amsterdam, of course we can consider expanding this in the future if the need and demand is there. Regards -- Brett Carr RIPE Network Coordination Centre Systems Engineer -- Operations Group Amsterdam, Netherlands GPG Key fingerprint = F20D B2A7 C91D E370 44CF F244 B6A1 EF48 E743 F7D8 From brettcarr at ripe.net Fri Sep 22 12:31:34 2006 From: brettcarr at ripe.net (Brett Carr) Date: Fri, 22 Sep 2006 12:31:34 +0200 Subject: [dns-wg] DNS Lameness Checking Proposal In-Reply-To: References: <004201c6baef$c15c4e80$4414eb80$@net> Message-ID: <000201c6de32$47074e30$d515ea90$@net> > -----Original Message----- > From: Marcos Sanz/Denic [mailto:sanz at denic.de] > Sent: Friday, August 18, 2006 3:47 PM > To: Brett Carr > Cc: dns-wg at ripe.net > Subject: Re: [dns-wg] DNS Lameness Checking Proposal > > Brett, > > > Your feedback and discussion on this proposal is welcomed. > > If a server fails this test, it will be retried five times over ten > days > > before it is deemed to be 'lame'. > > Make these tests (and document it accordingly) at different times of > the days, to minimize coinciding with (periodical) name server reloads. > > Regards, > Marcos Duly noted and added to version 2 of the document. I will send this to the dns-wg next week. Thanks -- Brett Carr RIPE Network Coordination Centre Systems Engineer -- Operations Group Amsterdam, Netherlands GPG Key fingerprint = F20D B2A7 C91D E370 44CF F244 B6A1 EF48 E743 F7D8 From brettcarr at ripe.net Mon Sep 25 10:12:30 2006 From: brettcarr at ripe.net (Brett Carr) Date: Mon, 25 Sep 2006 10:12:30 +0200 Subject: [dns-wg] Lameness Checking Proposal Message-ID: <001b01c6e07a$592e5b40$0b8b11c0$@net> Dear Colleagues At RIPE 52, the RIPE NCC presented figures on the levels of lame DNS in the reverse tree within its service region. We were asked to propose a procedure for checking and reporting on the level of lameness. We sent a proposal to the DNS Working Group and received some comments. We have incorporated this feedback into a draft RIPE Document that you can find at: http://www.ripe.net/ripe/draft-documents/dns-lameness.html We will include this in a DNS presentation at the upcoming RIPE Meeting in Amsterdam. We welcome your comments and suggestions. Regards -- Brett Carr RIPE Network Coordination Centre Systems Engineer -- Operations Group Amsterdam, Netherlands GPG Key fingerprint = F20D B2A7 C91D E370 44CF F244 B6A1 EF48 E743 F7D8 From pk at DENIC.DE Mon Sep 25 14:55:24 2006 From: pk at DENIC.DE (Peter Koch) Date: Mon, 25 Sep 2006 14:55:24 +0200 Subject: [dns-wg] DRAFT DNS WG Agenda for RIPE 53 Message-ID: <20060925125524.GB803@unknown.office.denic.de> Dear WG, here's the draft agenda for next week's Wed and Thu. -Peter -------------- next part -------------- # $Id: RIPE53agenda,v 1.2 2006/09/25 12:52:28 pk Exp $ ############################################################################# DNS-related presentations in the EOF/plenary: 1) DNS infrastructure distribution - Steve Gibbard, PCH 2) What's wrong with the DNS? - Duane Wessels ############################################################################# 2006-10-04 1600 - 1700, DNS WG slot I [60 min] ############################################################################# 0) Administrivia [chairs][ 5 min] - scribe, jabber, minutes - agenda bashing 1) Status Reports [chairs][25 min] - IETF dnsext, dnsop and others [N.N.][15 min] - ICANN/IANA [N.N.][ 5 min] - CENTR [N.N.][ 5min] 2) Action Item Review [chairs][30 min] [X] 48.1 Peter Koch (draft-koch-dns-unsolicited-queries-00.txt) [ ] 48.2 Mans Nilsson (status update) [ ] 48.4 David Malone (status update) [ ] 49.1 Peter Koch (DNS hostcount successor requirements) [X] 49.2 Jim Reid (Server Migration Document) [ ] 51.1 RIPE NCC K-Root Anycast measurement [ ] 51.3 Lars-Johan Liman (NCC Secondary Service Policy) [ ] 51.4 Peter Koch RIPE 203 Update [X] 52.1 Brett Carr Causes for extra DNSSEC network traffic [X] 52.2 Brett Carr report # of signed zones and delegations in reverse tree [X] 52.3 Brett Carr Lame delegation poroposal [X] 52.4 RIPE NCC automate and streamline ENUM delegation process [ ] 52.5 Carsten Schiefner proposal for regular lameness checks in e164.arpa ############################################################################# 2006-10-05 1100 - 1230, DNS WG slot II [90 min] ############################################################################# 3) Plenaries Followup [chairs][15 min] Discussion of details postponed from plenary presentations (see above), including identification of potential work for the WG 4) Software Update from ISC [Joao Damas][10 min] 5) PowerDNS Update (PowerDNS Recursor) [bert hubert][10 min] 6) OARC Update [Keith Mitchell][10 min] P) {Pending Requests} [][30 min] X) I/O with other WGs [chairs][ 5 min] Y) A.O.B. [chairs][ 5 min] Z) Wrap-Up & Close [chairs][ 5 min] ############################################################################# From leo at ripe.net Tue Sep 26 10:59:57 2006 From: leo at ripe.net (leo vegoda) Date: Tue, 26 Sep 2006 10:59:57 +0200 Subject: [dns-wg] 2005-02 implementation: IP assignments for anycasting DNS Message-ID: <271D7BC3-CF74-4877-A993-5918714DD514@ripe.net> Dear Colleagues, We are pleased to announce that we will be able to accept e-mailed requests for assignments for anycasting DNS servers from 2 October 2006. The request form and supporting notes will be available from the RIPE Document Store at: http://www.ripe.net/ripe/docs/internet-registries.html We will make a separate announcement when it is possible to make requests via the LIR Portal. Assignments for anycasting DNS will come from reserved blocks: * IPv4 Anycast Assignments (/24) from 194.0.0.0/18 * IPv6 Anycast Assignments (/48) from 2001:0678::/29 You may want to update your filters. Regards, -- leo vegoda Registration Services Manager RIPE NCC From leo at ripe.net Tue Sep 26 10:59:57 2006 From: leo at ripe.net (leo vegoda) Date: Tue, 26 Sep 2006 10:59:57 +0200 Subject: [dns-wg] [ncc-announce] 2005-02 implementation: IP assignments for anycasting DNS Message-ID: <271D7BC3-CF74-4877-A993-5918714DD514@ripe.net> Dear Colleagues, We are pleased to announce that we will be able to accept e-mailed requests for assignments for anycasting DNS servers from 2 October 2006. The request form and supporting notes will be available from the RIPE Document Store at: http://www.ripe.net/ripe/docs/internet-registries.html We will make a separate announcement when it is possible to make requests via the LIR Portal. Assignments for anycasting DNS will come from reserved blocks: * IPv4 Anycast Assignments (/24) from 194.0.0.0/18 * IPv6 Anycast Assignments (/48) from 2001:0678::/29 You may want to update your filters. Regards, -- leo vegoda Registration Services Manager RIPE NCC From leo at ripe.net Tue Sep 26 10:59:57 2006 From: leo at ripe.net (leo vegoda) Date: Tue, 26 Sep 2006 10:59:57 +0200 Subject: [dns-wg] [ncc-co@ripe.net] [ncc-announce] 2005-02 implementation: IP assignments for anycasting DNS Message-ID: <271D7BC3-CF74-4877-A993-5918714DD514@ripe.net> Dear Colleagues, We are pleased to announce that we will be able to accept e-mailed requests for assignments for anycasting DNS servers from 2 October 2006. The request form and supporting notes will be available from the RIPE Document Store at: http://www.ripe.net/ripe/docs/internet-registries.html We will make a separate announcement when it is possible to make requests via the LIR Portal. Assignments for anycasting DNS will come from reserved blocks: * IPv4 Anycast Assignments (/24) from 194.0.0.0/18 * IPv6 Anycast Assignments (/48) from 2001:0678::/29 You may want to update your filters. Regards, -- leo vegoda Registration Services Manager RIPE NCC From pk at DENIC.DE Fri Sep 29 21:04:09 2006 From: pk at DENIC.DE (Peter Koch) Date: Fri, 29 Sep 2006 21:04:09 +0200 Subject: [dns-wg] DRAFT DNS WG Agenda for RIPE 53 In-Reply-To: <20060925125524.GB803@unknown.office.denic.de> References: <20060925125524.GB803@unknown.office.denic.de> Message-ID: <20060929190409.GB7413@unknown.office.denic.de> On Mon, Sep 25, 2006 at 02:55:24PM +0200, Peter Koch wrote: > here's the draft agenda for next week's Wed and Thu. and here's an update, last draft. See you in Amsterdam! -Peter -------------- next part -------------- # $Id: RIPE53agenda,v 1.3 2006/09/29 19:01:37 pk Exp $ ############################################################################# DNS-related presentations in the EOF/plenary: 1) DNS infrastructure distribution - Steve Gibbard, PCH Tue morning slot I (2006-10-03 09:00 - 10:30) 2) What's wrong with the DNS? - Duane Wessels Tue morning slot I (2006-10-03 09:00 - 10:30) ############################################################################# 2006-10-04 1600 - 1700, DNS WG slot I [60 min] ############################################################################# 0) Administrivia [chairs][ 5 min] - scribe, jabber, minutes - agenda bashing 1) Status Reports [chairs][25 min] - IETF dnsext, dnsop and others [Olaf Kolkman][15 min] - ICANN/IANA [John Crain][ 5 min] - CENTR [Marcos Sanz][ 5min] 2) Action Item Review [chairs][30 min] [X] 48.1 Peter Koch (draft-koch-dns-unsolicited-queries-00.txt) [ ] 48.2 Mans Nilsson (status update) [ ] 48.4 David Malone (status update) [ ] 49.1 Peter Koch (DNS hostcount successor requirements) [X] 49.2 Jim Reid (Server Migration Document) [ ] 51.1 RIPE NCC K-Root Anycast measurement [ ] 51.3 Lars-Johan Liman (NCC Secondary Service Policy) [ ] 51.4 Peter Koch RIPE 203 Update [X] 52.1 Brett Carr Causes for extra DNSSEC network traffic [X] 52.2 Brett Carr report # of signed zones and delegations in reverse tree [X] 52.3 Brett Carr Lame delegation poroposal [X] 52.4 RIPE NCC automate and streamline ENUM delegation process [ ] 52.5 Carsten Schiefner proposal for regular lameness checks in e164.arpa ############################################################################# 2006-10-05 1100 - 1230, DNS WG slot II [90 min] ############################################################################# 3) Plenaries Followup [chairs][15 min] Discussion of details postponed from plenary presentations (see above), including identification of potential work for the WG 4) Software Update from ISC [Joao Damas][10 min] 5) PowerDNS Update (PowerDNS Recursor) [bert hubert][15 min] 6) OARC Update [Keith Mitchell][10 min] 7) CADR [Johan Ihren][15 min] P) {Pending Request} [][15 min] X) I/O with other WGs [chairs][ 3 min] Y) A.O.B. [chairs][ 5 min] Z) Wrap-Up & Close [chairs][ 2 min] ############################################################################# From leo at ripe.net Tue Sep 26 10:59:57 2006 From: leo at ripe.net (leo vegoda) Date: Tue, 26 Sep 2006 10:59:57 +0200 Subject: [dns-wg] [ncc-co@ripe.net] [ncc-announce] 2005-02 implementation: IP assignments for anycasting DNS Message-ID: <271D7BC3-CF74-4877-A993-5918714DD514@ripe.net> Dear Colleagues, We are pleased to announce that we will be able to accept e-mailed requests for assignments for anycasting DNS servers from 2 October 2006. The request form and supporting notes will be available from the RIPE Document Store at: http://www.ripe.net/ripe/docs/internet-registries.html We will make a separate announcement when it is possible to make requests via the LIR Portal. Assignments for anycasting DNS will come from reserved blocks: * IPv4 Anycast Assignments (/24) from 194.0.0.0/18 * IPv6 Anycast Assignments (/48) from 2001:0678::/29 You may want to update your filters. Regards, -- leo vegoda Registration Services Manager RIPE NCC