From sjoerdoo at ripe.net Thu Aug 2 11:51:11 2007 From: sjoerdoo at ripe.net (Sjoerd Oostdijck) Date: Thu, 02 Aug 2007 11:51:11 +0200 Subject: [dns-wg] DNS provisioning system maintenance, 8th Aug Message-ID: <46B1A90F.2030907@ripe.net> Dear Colleagues, On Wednesday, 8 August 2007 we will update the provisioning system for our DNS servers. There will be no zone updates between 08:30 and 09:30 (UTC) on that day. We apologise for any inconvenience this may cause. If you have any questions or concerns about this, please send an e-mail to . Regards, Sjoerd Oostdijck, DNS Services RIPE NCC From Niall.oReilly at ucd.ie Tue Aug 7 13:02:03 2007 From: Niall.oReilly at ucd.ie (Niall O'Reilly) Date: Tue, 07 Aug 2007 12:02:03 +0100 Subject: [dns-wg] Last Call: Secondary service on ns.ripe.net for reverse delegations In-Reply-To: <20070731044718.GA7358@denics7.denic.de> References: <20070731044718.GA7358@denics7.denic.de> Message-ID: On 31 Jul 2007, at 05:47, Peter Koch wrote: > Please voice your opinion, the default will be to continue with (2) > above. My opinion is in favour of the default. 8-) Best regards, Niall O'Reilly University College Dublin IT Services PGP key ID: AE995ED9 (see www.pgp.net) Fingerprint: 23DC C6DE 8874 2432 2BE0 3905 7987 E48D AE99 5ED9 -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part URL: From sjoerdoo at ripe.net Thu Aug 16 15:28:35 2007 From: sjoerdoo at ripe.net (Sjoerd Oostdijck) Date: Thu, 16 Aug 2007 15:28:35 +0200 Subject: [dns-wg] DNS provisioning system maintenance, 22 Aug Message-ID: <46C45103.7000203@ripe.net> Dear Colleagues, On Wednesday, 22 August 2007 we will upgrade the provisioning system for our DNS servers. There will be no zone updates between 09:00 and 11:00 (UTC) on that day. We apologise for any inconvenience this may cause. If you have any questions or concerns about this, please send an e-mail to dns-help at ripe.net Regards, Sjoerd Oostdijck, DNS Services RIPE NCC From training at ripe.net Thu Aug 16 16:38:26 2007 From: training at ripe.net (RIPE NCC Training) Date: Thu, 16 Aug 2007 16:38:26 +0200 Subject: [dns-wg] Announcement DNS for LIRs Training Courses Message-ID: <20070816143826.57FCA2F583@herring.ripe.net> ------- [Apologies for duplicate e-mails] Dear Colleagues, The RIPE NCC Training Services Department invites you to register for one of our upcoming DNS for LIRs Training Courses: Date: Friday 14 September 2007 Time: 09:00-17:00 Location: Amsterdam, Netherlands And Date: Friday 9 November 2007 Time: 09:00-17:00 Location: Southampton, United Kingdom And Date: Wednesday 20 February 2008 Time: 09:00-17:00 Location: Vienna, Austria Hosted by: Nic.at: http://www.nic.at/ The main objective of the DNS for LIRs Training Course is to provide LIRs with information about the different DNS related services the RIPE NCC has available for them. It covers reverse DNS procedures and checks, as well as giving information about DNS Monitoring (DNSMON), K-Root and anycasting. The course also covers DNSSEC and the specific procedures set up by the RIPE NCC to secure the in-addr.arpa zones. Please note that the DNS for LIRs course focuses on DNS services and procedures related to being an LIR. The course does: - NOT teach the basics of DNS - NOT describe how to receive Internet resources from the RIPE NCC - NOT describe fully how to operate a Local Internet Registry (LIR) The course is intended for technical staff of LIRs. It is assumed that all attendees are familiar with common DNS terminology and have a practical knowledge of operating DNS servers. The course is free of charge. We provide lunch and printed training materials. We do not cover any of your travel expenses or accommodation. We give all of our training courses in English. You can find more information about the course at: http://www.ripe.net/training/dns REGISTRATION: ============ To register for this course, please use the LIR Portal or complete the registration via our website on: http://www.ripe.net/cgi-bin/trainingform.pl.cgi If you have any questions please do not hesitate to contact us at . Kind regards, Rumy Kanis Training Services Manager RIPE NCC From training at ripe.net Thu Aug 16 16:38:26 2007 From: training at ripe.net (RIPE NCC Training) Date: Thu, 16 Aug 2007 16:38:26 +0200 Subject: [dns-wg] [ncc-announce] Announcement DNS for LIRs Training Courses Message-ID: <20070816143826.57FCA2F583@herring.ripe.net> ------- [Apologies for duplicate e-mails] Dear Colleagues, The RIPE NCC Training Services Department invites you to register for one of our upcoming DNS for LIRs Training Courses: Date: Friday 14 September 2007 Time: 09:00-17:00 Location: Amsterdam, Netherlands And Date: Friday 9 November 2007 Time: 09:00-17:00 Location: Southampton, United Kingdom And Date: Wednesday 20 February 2008 Time: 09:00-17:00 Location: Vienna, Austria Hosted by: Nic.at: http://www.nic.at/ The main objective of the DNS for LIRs Training Course is to provide LIRs with information about the different DNS related services the RIPE NCC has available for them. It covers reverse DNS procedures and checks, as well as giving information about DNS Monitoring (DNSMON), K-Root and anycasting. The course also covers DNSSEC and the specific procedures set up by the RIPE NCC to secure the in-addr.arpa zones. Please note that the DNS for LIRs course focuses on DNS services and procedures related to being an LIR. The course does: - NOT teach the basics of DNS - NOT describe how to receive Internet resources from the RIPE NCC - NOT describe fully how to operate a Local Internet Registry (LIR) The course is intended for technical staff of LIRs. It is assumed that all attendees are familiar with common DNS terminology and have a practical knowledge of operating DNS servers. The course is free of charge. We provide lunch and printed training materials. We do not cover any of your travel expenses or accommodation. We give all of our training courses in English. You can find more information about the course at: http://www.ripe.net/training/dns REGISTRATION: ============ To register for this course, please use the LIR Portal or complete the registration via our website on: http://www.ripe.net/cgi-bin/trainingform.pl.cgi If you have any questions please do not hesitate to contact us at . Kind regards, Rumy Kanis Training Services Manager RIPE NCC From daniel.karrenberg at ripe.net Fri Aug 24 10:49:41 2007 From: daniel.karrenberg at ripe.net (Daniel Karrenberg) Date: Fri, 24 Aug 2007 10:49:41 +0200 Subject: [dns-wg] Heads Up: IESG Last Call on IANA DLV draft Message-ID: <20070824084941.GA12324@reiftel.karrenberg.net> http://www1.ietf.org/mail-archive/web/ietf-announce/current/msg04017.html From pk at DENIC.DE Tue Aug 28 17:40:22 2007 From: pk at DENIC.DE (Peter Koch) Date: Tue, 28 Aug 2007 17:40:22 +0200 Subject: [dns-wg] Last Call: Secondary service on ns.ripe.net for reverse delegations In-Reply-To: <20070731044718.GA7358@denics7.denic.de> References: <20070731044718.GA7358@denics7.denic.de> Message-ID: <20070828154022.GB15569@unknown.office.denic.de> Dear WG, this is a reminder that the Last Call issued in (Message-ID: <20070731044718.GA7358 at denics7.denic.de>) > Summary: > > To eliminate an inconsistency between IPv4 and IPv6 policies, where > /16 reverse on ns.ripe.net is mandatory for v4 and there's no such > policy for v6, three options were given: > > 1) Make ns.ripe.net mandatory on ipv4 and ipv6 delegations > 2) Make ns.ripe.net optional on ipv4 and ipv6 delegations > 3) Discontinue the secondary service on ns.ripe.net for new delegations. > > The NCC's preference was (2). will expire > Friday, 31 August 2007, 12:00 UTC > > Please voice your opinion, the default will be to continue with (2) above. > We'd like to ask the NCC to prepare an implementation plan after this date. -Peter Koch [DNS WG co-chair] From sjoerdoo at ripe.net Wed Aug 29 16:48:49 2007 From: sjoerdoo at ripe.net (Sjoerd Oostdijck) Date: Wed, 29 Aug 2007 16:48:49 +0200 Subject: [dns-wg] DNS Maintenance on ns-sec.ripe.net, 5 Sept Message-ID: <46D58751.4070405@ripe.net> [Apologies for duplicate e-mails.] Dear Colleagues, On Wednesday, 5 September 2007, we will update our DNS server ns-sec.ripe.net between 17:00 and 17:15 (UTC). During this period, it will not be able to answer DNS queries. We apologise for any inconvenience this may cause. If you have any questions or concerns about this, please send an e-mail to . Regards, Sjoerd Oostdijck, DNS Services RIPE NCC From pk at DENIC.DE Wed Aug 29 19:28:02 2007 From: pk at DENIC.DE (Peter Koch) Date: Wed, 29 Aug 2007 19:28:02 +0200 Subject: [dns-wg] DRAFT RIPE 54 DNS WG Minutes posted In-Reply-To: <20070704085944.GC2438@unknown.office.denic.de> References: <20070704085944.GC2438@unknown.office.denic.de> Message-ID: <20070829172802.GO16250@unknown.office.denic.de> Dear WG, > delivered them on time, the draft minutes for the Tallinn meeting > are now available at > > Please send in comments and/or corrections by Friday, 2007-08-03, > after which this or an amended version will be considered final. the only comment received was resolved on list, so the minutes are final as posted at the above URL. A text version is attached here. -Peter (who wishes he had resisted the temptation to send a pointer to an HTML document but instead circulated an authoritative TXT version to be filed into the archives and personal mailboxes) ----------------------------------------------------------------------------- DNS Working Group Minutes from RIPE 54 RIPE Meeting: 54 Working Group: DNS Status: Draft Revision Number: 1 content to the Chair of the working group. format to webmaster at ripe.net. RIPE 54 Tallinn DNS Working Group Session 1. (10 May 2007) Session 2. (10 May 2007) Session 1 Meeting: RIPE 54, Tallinn Date: Thursday, 10 May 2007 Time: 11:00 - 12:30 (UTC +0300) Chair: Jim Reid Minutes: Adrian Bedford J-Scribe: Rumy Kanis A. Administrative Matters There were small changes to the agenda, Mats is unable to attend and so Eva Ornberg will present in his place. B. Review of Action Items 48.1: TLD Support for Lameness at the Source. Some progress has been made. Peter updated the Internet Draft in February; he also started a survey within CENTR and received good feedback. He has yet to write this up. He asked if the working group wanted Peter to continue working on this. There was no response. Marcos Sanz from DENIC asked Peter if he had tried approaching reverse mapping registries. Peter replied that he had not yet done such a survey. He asked if anyone in the room wanted to comment. Again there was no response. Peter agreed to add this to the write-up, however otherwise once this was completed, there seemed to be no further interest in the action point and it was closed. 48.2 Authenticate XFR into ns*.ripe.net This was an action on Mans Nilsson. It has been overtaken by events and Mans suggested that the item be closed. There is a general sense that these things are being negotiated and more distributed than would be well served by a central nameserver. Distributed policy has made this less worthy. 49.1 Requirements for a Successor Hostcount We expect to hear more on this from the RIPE NCC. New prototypes of the software will soon go to BETA testers. From point of view of the working group, this can be marked as done. The new version of Hostcount is due to be rolled out. The working group thanked the RIPE NCC for their work. 49.2 DNS Server Migration Jim Reid apologised that he has yet to make any major progress on this action point. He hopes to have it ready for RIPE 55. There is also work to be scheduled in the IETF DNSOP WG to look at long versus short TTLs on NS-RRs. 51.4 RIPE 203 Update There has been no progress, it will remain open. 52.1 DNSSEC Resource Consumption Brett will present on this today. Tentatively this can be marked as done. 52.3 Lame Delegations to ns.ripe.net Again Brett will report on this today and the item can most likely be marked as done. 52.5 Lameness Checks in E164.arpa This action item was taken on by the DNS Quality Task Force - set up at RIPE 53 between the ENUM and DNS Working Groups. The main focus for the work lies with the ENUM Working Group. It can be marked as done from the perspective of this working group. Jim added that when the ENUM Working Group completes their work, they would be invited to present to the DNS Working Group. C. IETF WG News Update Antoin Verschuren, SIDN http://www.ripe.net/ripe/meetings/ripe-54/presentations/IETF_DNS.pdf There were no questions D. NCC Update Brett Carr http://www.ripe.net/ripe/meetings/ripe-54/presentations/DNS_update.pdf Niall OReilly asked if the level of notify noise could be configurable by users who carry slave zones. Brett said this was being investigated. Jim Reid suggested that following this report, both action points on the RIPE NCC be marked as done. Olaf Kolkman asked if there could be occasional reporting from the RIPE NCC on DNSSEC deployment at future meetings. Jim agreed that this should be added to regular reporting on DNS services from the RIPE NCC. Jim also suggested that there be a new action point (54.1) assigned to the RIPE NCC to generate feedback an a report through the mailing list on whether to require the use of ns.ripe.net as a secondary zone in reverse delegations and services for both IPv4 and IPv6. E. Proposal on rev-srv Peter Koch, DENIC http://www.ripe.net/ripe/meetings/ripe-54/presentations/rev-srv_considered_useless.pdf Gert Doering noted he was surprised to see this attribute was still active, he thought it had been deprecated five years ago. He agreed this should be killed off without delay. Daniel Karrenberg, speaking as one of those who invented the attribute agreed. This generated an action point on Peter (54.2). This will be taken to the Database Working Group tomorrow, Peter is hopeful that this might lead to quick action. F. Finding a DNSSEC Trust Anchor Eva Ornberg, TeliaSonera http://www.ripe.net/ripe/meetings/ripe-54/presentations/DNSsec_resolving_service.pdf There was a lengthy discussion following this presentation. The two core issues debated were whether having the RIPE NCC take on such a task would damage efforts to have the root signed. There was also a worry about whether taking on this role would be an appropriate fit for the RIPE NCC core activities. A number of people noted introducing such a scheme would not be a quick fix. They also advised caution in how such an activity is described for fear of stepping into areas that could have political ramifications. A major bone of contention was the mention of DLV. Eva stressed that this proposal was simply to create a central key repository. There were suggestions that the working group should approach ICANN and put pressure on it to make good on earlier commitments towards signing the root zones. There was also a worry about what might happen further down the line, in particular that going fully into this role might leave the RIPE NCC without a clear exit strategy should the membership later decide to stop providing the service. Others pointed out that alternative solutions might come along and provide better answers. Some people asked if this proposal was to make available a centralised service that is not truly scalable or truly central and only serves part of the community. There was further discussion that clarified that the proposal is to use the RIPE NCC as a trusted body for the whole Internet community and not just for its service region. Overall, there was support for the concept of a central registry, but concern was voiced about the mechanics, the time involved and the political implications. Jim Reid asked for guidance from the group. There was a split suggesting no clear consensus about going ahead with the proposal as it now stands. The RIPE NCC, it was suggested, needed a mandate if it was to react quickly rather than wait for others to catch up. Delaying progress in the name of as yet unknown solutions might not be wise. There is, as yet, no Plan B. Rejecting this might be missing a chance to be at the fore-front of technology in Europe. Jim asked that those who are for and against the proposal come up with concrete documents to bring to the Amsterdam meeting. He suggests that the group then could discuss the next steps. Peter Koch argued that six months might be a long time to wait and instead proposed the immediate formation of a task force to look at the proposal and its wording, perhaps removing specific mention of DLV which seems to be a major stumbling block. Andrei Robachevsky of the RIPE NCC offered support for this and agreed that it would be better to get moving quickly and formulate a service outline to put forward during the RIPE NCC Services Working Group at RIPE 55. The group considered Jims proposal to provide arguments for and against the proposal by RIPE 55 and Peters suggestion of forming a task force and agreed that on balance, the latter made a stronger case. It would allow the group to formulate something it could send to ICANN within the next month. Those who volunteered to serve on the task force are: Sam Weiler (from Jabber) Roy Arends Joao Damas Daniel Karrenberg Peter Koch Jim Reid Marcos Sanz Mats Dufberg (by proxy) It was suggested that rather than have the message come purely from the DNS Working Group, the proposed message be taken through to the plenary and thus have the message originate from the RIPE community as a whole. Those in the room felt it was important to prepare a statement at RIPE 54 which could then be sent to ICANN in good time for their meeting next month. G. Discussion Time for EOF Items There were no further questions Session 2 Meeting: RIPE 54, Tallinn Date: Thursday, 10 May 2007 Time: 16:00 17:00 (UTC +0300) Chair: Peter Koch Minutes: Adrian Bedford J-Scribe: Robert Kisteleki H. IDN Progress at ICANN Leo Vegoda, ICANN http://www.ripe.net/ripe/meetings/ripe-54/presentations/IDN_Update.pdf Leo was presenting on behalf of Tina Dam. Patrik F?ltstr?m has also worked on this project and so offered to provide answers to any questions on this. There were no questions during the session. I. OARC News and DNS DDoS Follow-up Keith Mitchell, OARC http://www.ripe.net/ripe/meetings/ripe-54/presentations/OARC_Activities.pdf Bill Manning observed that the statement about the sources for the DDoS attack coming from two economic regions may be true, but added that the attack appeared to be controlled from elsewhere. Keith noted that investigations into the attack were very much 'a work in progress'. J.Traffic Analysis the .se Way Using DNS2DB Niclas Rosell, NIC-SE http://www.ripe.net/ripe/meetings/ripe-54/presentations/DNS2DB.pdf Jim Reid commented that while it is interesting to look at domain names, he also wondered if it might be worth looking into the nature of the queries, perhaps identifying those caused by poor caching for example. Jim noted that the analysis could potentially be extended to report poorly configured nameservers and resolvers. Niclas replied that this might be something to consider in the future. Jim also felt that the data being produced might prove attractive to law enforcement agencies. Niclas agreed that it could be. K. Anycast Experiences in Japan Shinta Sato, JPRS http://www.ripe.net/ripe/meetings/ripe-54/presentations/Measurement_Anycast.pdf Jim Reid asked if there were plans to look into negotiating further probes in Europe. Was Shinta looking for more hosts in Europe and this service region. Shinta did not wish to clash with DNSMON and would liaise with those behind this project. Z. A.O.B./General Discussion Wilfried Woeber spoke about how he ran into problems trying to upgrade the rDNS details for a legacy Class B block and tried to use the checking script provided. The RIPE NCC resolved the issue. Wilfried asked if anyone uses the scripts and had the same experience. Nobody appeared to have encountered this. Bill Manning gave an update on CADR, a toolkit for managing DNSSEC delegations. He invited those present to give it a test drive. Comments, questions and concerns are most welcome. Jim Reid returned to the topic of root signing discussed this morning. Several people have asked to visit the issue again. The task force volunteers have been named and the mailing list will be the best place to follow this issue and make contributions. Jim presented a draft statement to send to ICANN outlining the consequences of the lack of progress towards the deployment of DNSSEC and how it is undermining the stability and security of the Internet. The text is available at: http://www.ripe.net/ripe/meetings/ripe-54/presentations/SignTheRoot.pdf The finished statement will be presented at the plenary and then sent to ICANN. Those present during the WG session unanimously supported the "sign the root" statement. [Added since meeting: The final text of the letter sent to ICANN - PDF - 57KB] -----------------------------------------------------------------------------