From pk at DENIC.DE Wed May 2 19:28:12 2007 From: pk at DENIC.DE (Peter Koch) Date: Wed, 2 May 2007 19:28:12 +0200 Subject: [dns-wg] Pointer to Proposal 2007-02: Change in IP Assignments for Anycasting DNS Policy Message-ID: <20070502172812.GK866@unknown.office.denic.de> Dear All, for those of you not on the mailing list, here's a pointer to a recent proposal for "Change in IP Assignments for Anycasting DNS Policy": . The venue for discussion was chosen to be the address policy WG. Since we will have a full agenda in Tallinn and AP meets before DNS, there might be some I/O between the groups with little time for on-site discussion. Please consider this a "heads up". See you in Estonia, Peter From brettcarr at ripe.net Mon May 14 10:21:06 2007 From: brettcarr at ripe.net (Brett Carr) Date: Mon, 14 May 2007 10:21:06 +0200 Subject: [dns-wg] Secondary service on ns.ripe.net for reverse delegations. Message-ID: <4A6256C3-97B5-4415-BC93-9A2978A01A20@ripe.net> As mentioned in my presentation at RIPE 54 last week we have become aware that there is an inconsistency between ipv4 and ipv6 with regard to obtaining reverse delegation. The reverse delegation procedure listed at http://www.ripe.net/rs/ reverse/reverse_howto.html has the following listed: -----snip Secondary Service by the RIPE NCC For IPv4: If your zone is a /16 reverse zone, you will need to set up ns.ripe.net as a secondary server For IPv6: If your zone is a /32 reverse zone, you may use ns.ripe.net as a secondary -----snip We think it would be a good idea to address this inconsistency, this could be done in several ways including but not limted to: Make ns.ripe.net mandatory on ipv4 and ipv6 delegations Make ns.ripe.net optional on ipv4 and ipv6 delegations Discontinue the secondary service on ns.ripe.net for new delegations. Our suggestion and preference would be to make ns.ripe.net optional on both ipv4 and ipv6 delegations. We would welcome and encourage input from the dns community on this subject. Regards Brett -- Brett Carr Manager -- DNS Services Group RIPE Network Coordination Centre Amsterdam From jorgen at hovland.cx Mon May 14 11:20:07 2007 From: jorgen at hovland.cx (=?utf-8?Q?J=C3=B8rgen_Hovland?=) Date: Mon, 14 May 2007 11:20:07 +0200 Subject: [dns-wg] Secondary service on ns.ripe.net for reverse delegations. In-Reply-To: <4A6256C3-97B5-4415-BC93-9A2978A01A20@ripe.net> References: <4A6256C3-97B5-4415-BC93-9A2978A01A20@ripe.net> Message-ID: <1673AD5871BB47CF86F3424D389C2F9F@tungemaskin> Hi, I hope this does not become mandatory, only optionally or discontinue it. A very few amount of LIRs would have to send a zonefile in the size of (2^96 ) * 32 * 4 * 20 bytes to ns.ripe.net if it becomes mandatory. I take it for granted that RIPE (in addition to the LIR) does not have the bandwidth or the harddrive capacity for these zones. Additionally, such a requirement would limit the amount of supported RRs and degrading competitive (dis)advantages. Example 1: These LIRs run software that updates any record/zone instant on all nameservers at once (milliseconds) when the customer performs changes. I am unsure if this is possible with RIPEs nameserver (NOTIFY probably limited to SOA changes etc). j -----Original Message----- From: dns-wg-admin at ripe.net [mailto:dns-wg-admin at ripe.net] On Behalf Of Brett Carr Sent: 14. mai 2007 10:21 To: dns-wg at ripe.net Subject: [dns-wg] Secondary service on ns.ripe.net for reverse delegations. As mentioned in my presentation at RIPE 54 last week we have become aware that there is an inconsistency between ipv4 and ipv6 with regard to obtaining reverse delegation. The reverse delegation procedure listed at http://www.ripe.net/rs/ reverse/reverse_howto.html has the following listed: -----snip Secondary Service by the RIPE NCC For IPv4: If your zone is a /16 reverse zone, you will need to set up ns.ripe.net as a secondary server For IPv6: If your zone is a /32 reverse zone, you may use ns.ripe.net as a secondary -----snip We think it would be a good idea to address this inconsistency, this could be done in several ways including but not limted to: Make ns.ripe.net mandatory on ipv4 and ipv6 delegations Make ns.ripe.net optional on ipv4 and ipv6 delegations Discontinue the secondary service on ns.ripe.net for new delegations. Our suggestion and preference would be to make ns.ripe.net optional on both ipv4 and ipv6 delegations. We would welcome and encourage input from the dns community on this subject. Regards Brett -- Brett Carr Manager -- DNS Services Group RIPE Network Coordination Centre Amsterdam From slz at baycix.de Mon May 14 12:15:55 2007 From: slz at baycix.de (Sascha Lenz) Date: Mon, 14 May 2007 12:15:55 +0200 Subject: [dns-wg] Secondary service on ns.ripe.net for reverse delegations. In-Reply-To: <4A6256C3-97B5-4415-BC93-9A2978A01A20@ripe.net> References: <4A6256C3-97B5-4415-BC93-9A2978A01A20@ripe.net> Message-ID: <464836DB.70309@baycix.de> Hi, Brett Carr schrieb: > As mentioned in my presentation at RIPE 54 last week we have become > aware that there is an inconsistency between ipv4 and ipv6 with regard > to obtaining reverse delegation. > > The reverse delegation procedure listed at > http://www.ripe.net/rs/reverse/reverse_howto.html has the following listed: [...] > We think it would be a good idea to address this inconsistency, this > could be done in several ways including but not limted to: > > Make ns.ripe.net mandatory on ipv4 and ipv6 delegations > Make ns.ripe.net optional on ipv4 and ipv6 delegations > Discontinue the secondary service on ns.ripe.net for new delegations. > > Our suggestion and preference would be to make ns.ripe.net optional on > both ipv4 and ipv6 delegations. > > We would welcome and encourage input from the dns community on this > subject. i support the suggestion to make it optional. Discontinuation makes no sense - i don't really think this service causes a high workload or costs too much money. Making it mandatory for ALL allocations(?) would eventually cause operational problems for the LIR/customer in some cases, not really worth the effort. ==> Make it optional for all delegations, IPv4&IPv6 as suggested if you feel any needs to change the current situation (which i don't actually consider bad either). As a service, i would like to use RIPE as 2ndary in some cases. -- ======================================================================== = Sascha Lenz SLZ-RIPE slz at baycix.de = = Network Operations = = BayCIX GmbH, Landshut * PGP public Key on demand * = ======================================================================== From jim at rfc1035.com Mon May 14 12:25:19 2007 From: jim at rfc1035.com (Jim Reid) Date: Mon, 14 May 2007 11:25:19 +0100 Subject: [dns-wg] Secondary service on ns.ripe.net for reverse delegations. In-Reply-To: <1673AD5871BB47CF86F3424D389C2F9F@tungemaskin> References: <4A6256C3-97B5-4415-BC93-9A2978A01A20@ripe.net> <1673AD5871BB47CF86F3424D389C2F9F@tungemaskin> Message-ID: On May 14, 2007, at 10:20, J?rgen Hovland wrote: > I hope this does not become mandatory, only optionally or > discontinue it. > A very few amount of LIRs would have to send a zonefile in the size > of (2^96 ) * 32 * 4 * 20 bytes to ns.ripe.net if it becomes mandatory. Let's step back. Slave service for reverse zones was something the NCC has been doing since the dawn of time. In the early days, connectivity was sometimes erratic, bandwidth was limited, lame delegations were common and DNS skills were worse than they are today. It made sense to have a robust and stable DNS platform and the NCC was in the position to provide that service. That was then. But this is now. The environment has changed. And there's less reliance on reverse DNS lookups these days too, even more so in an IPv6 world. So the questions for the WG should be IMO: * Is there value in having the NCC provide DNS service for big/ important reverse zones? * If the answer to the above question is yes, under what conditions? ie What do we mean by big or important? * If the answer is still yes, should this service be compulsory or optional? And under what conditions would optional use become compulsory and vice versa? * If the answer to the orginal question is no, what, if anything, does the NCC do about things like lame delegations for reverse zones and the operational problems these cause the NCC? From ripe-wgs.cs at schiefner.de Mon May 14 18:45:04 2007 From: ripe-wgs.cs at schiefner.de (Carsten Schiefner) Date: Mon, 14 May 2007 18:45:04 +0200 Subject: [dns-wg] Secondary service on ns.ripe.net for reverse delegations. In-Reply-To: References: <4A6256C3-97B5-4415-BC93-9A2978A01A20@ripe.net> <1673AD5871BB47CF86F3424D389C2F9F@tungemaskin> Message-ID: <46489210.5050108@schiefner.de> In the light of this: Jim Reid wrote: > So the questions for the WG should be IMO: > > * Is there value in having the NCC provide DNS service for big/important > reverse zones? > * If the answer to the above question is yes, under what conditions? ie > What do we mean by big or important? > * If the answer is still yes, should this service be compulsory or > optional? And under what conditions would optional use become compulsory > and vice versa? > * If the answer to the orginal question is no, what, if anything, does > the NCC do about things like lame delegations for reverse zones and the > operational problems these cause the NCC? I'd like to mention that slaving Tier 1 ENUM zones on ns.ripe.net is also purely optional only - for very good reasons. Some of them are hidden in Jim's questions. Best, Carsten From Niall.oReilly at ucd.ie Tue May 15 10:58:54 2007 From: Niall.oReilly at ucd.ie (Niall O'Reilly) Date: Tue, 15 May 2007 09:58:54 +0100 Subject: [dns-wg] Secondary service on ns.ripe.net for reverse delegations. In-Reply-To: <4A6256C3-97B5-4415-BC93-9A2978A01A20@ripe.net> References: <4A6256C3-97B5-4415-BC93-9A2978A01A20@ripe.net> Message-ID: <90ACCC42-1E88-4DA8-99F4-EA293A43A4C3@ucd.ie> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 14 May 2007, at 09:21, Brett Carr wrote: > Our suggestion and preference would be to make ns.ripe.net optional > on both ipv4 and ipv6 delegations. > We would welcome and encourage input from the dns community on this > subject. I'm in favour of this suggestion. ERX migration could have been much less grief if we had done this back a bit. Best regards, Niall O'Reilly University College Dublin IT Services PGP key ID: AE995ED9 (see www.pgp.net) Fingerprint: 23DC C6DE 8874 2432 2BE0 3905 7987 E48D AE99 5ED9 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFGSXZSeYfkja6ZXtkRAoFKAJ9CyN5Nz+O5YIgZgIZBQcWFFRkHXACfQ+hZ OfwkYf94XRErml15SgH+pY0= =V9Lw -----END PGP SIGNATURE----- From training at ripe.net Mon May 21 10:31:00 2007 From: training at ripe.net (Rumy Kanis) Date: Mon, 21 May 2007 10:31:00 +0200 Subject: [dns-wg] Announcement DNS for LIRs Training Courses Message-ID: <465158C4.2040006@ripe.net> [Apologies for duplicate e-mails] Dear Colleagues, The RIPE NCC Training Services Department invites you to register for one of our upcoming DNS for LIRs Training Courses: Date: Friday 3 August 2007 Time: 09:00-17:00 Location: St.Petersburg, Russian Federation And Date: Friday 7 September 2007 Time: 09:00-17:00 Location: Nottingham, United Kingdom And Date: Friday 14 September 2007 Time: 09:00-17:00 Location: Amsterdam, Netherlands And Date: Wednesday 20 February 2008 Time: 09:00-17:00 Location: Vienna, Austria Hosted by: Nic.at: http://www.nic.at/ The main objective of the DNS for LIRs Training Course is to provide LIRs with information about the different DNS related services the RIPE NCC has available for them. It covers reverse DNS procedures and checks, as well as giving information about DNS Monitoring (DNSMON), K-Root and anycasting. The course also covers DNSSEC and the specific procedures set up by the RIPE NCC to secure the in-addr.arpa zones. Please note that the DNS for LIRs course focuses on DNS services and procedures related to being an LIR. The course does: - NOT teach the basics of DNS - NOT describe how to receive Internet resources from the RIPE NCC - NOT describe fully how to operate a Local Internet Registry (LIR) The course is intended for technical staff of LIRs. It is assumed that all attendees are familiar with common DNS terminology and have a practical knowledge of operating DNS servers. The course is free of charge. We provide lunch and printed training materials. We do not cover any of your travel expenses or accommodation. We give all of our training courses in English. You can find more information about the course at: http://www.ripe.net/training/dns REGISTRATION: ============ To register for this course, please use the LIR Portal or complete the registration via our website on: http://www.ripe.net/cgi-bin/trainingform.pl.cgi If you have any questions please do not hesitate to contact us at . Kind regards, Rumy Kanis Training Services Manager RIPE NCC From markguz at ripe.net Mon May 21 13:33:53 2007 From: markguz at ripe.net (Mark Guz) Date: Mon, 21 May 2007 13:33:53 +0200 Subject: [dns-wg] RIPE NCC Network Maintenance Wednesday 23 May 1700 - 1900 UTC/GMT Message-ID: <465183A1.6030906@ripe.net> Dear Colleagues, Between 17:00 and 19:00 (UTC) on Wednesday, 23 May 2007, the RIPE NCC will carry out planned maintenance work on our core network infrastructure. During this period all RIPE NCC services will suffer intermittent interruptions We apologise for any inconvenience that this may cause. If you have any questions about this, please e-mail ops at ripe.net Regards Mark Guz Senior Engineer Operations Dept RIPE NCC From training at ripe.net Mon May 21 10:31:00 2007 From: training at ripe.net (Rumy Kanis) Date: Mon, 21 May 2007 10:31:00 +0200 Subject: [dns-wg] [ncc-announce] Announcement DNS for LIRs Training Courses Message-ID: <465158C4.2040006@ripe.net> [Apologies for duplicate e-mails] Dear Colleagues, The RIPE NCC Training Services Department invites you to register for one of our upcoming DNS for LIRs Training Courses: Date: Friday 3 August 2007 Time: 09:00-17:00 Location: St.Petersburg, Russian Federation And Date: Friday 7 September 2007 Time: 09:00-17:00 Location: Nottingham, United Kingdom And Date: Friday 14 September 2007 Time: 09:00-17:00 Location: Amsterdam, Netherlands And Date: Wednesday 20 February 2008 Time: 09:00-17:00 Location: Vienna, Austria Hosted by: Nic.at: http://www.nic.at/ The main objective of the DNS for LIRs Training Course is to provide LIRs with information about the different DNS related services the RIPE NCC has available for them. It covers reverse DNS procedures and checks, as well as giving information about DNS Monitoring (DNSMON), K-Root and anycasting. The course also covers DNSSEC and the specific procedures set up by the RIPE NCC to secure the in-addr.arpa zones. Please note that the DNS for LIRs course focuses on DNS services and procedures related to being an LIR. The course does: - NOT teach the basics of DNS - NOT describe how to receive Internet resources from the RIPE NCC - NOT describe fully how to operate a Local Internet Registry (LIR) The course is intended for technical staff of LIRs. It is assumed that all attendees are familiar with common DNS terminology and have a practical knowledge of operating DNS servers. The course is free of charge. We provide lunch and printed training materials. We do not cover any of your travel expenses or accommodation. We give all of our training courses in English. You can find more information about the course at: http://www.ripe.net/training/dns REGISTRATION: ============ To register for this course, please use the LIR Portal or complete the registration via our website on: http://www.ripe.net/cgi-bin/trainingform.pl.cgi If you have any questions please do not hesitate to contact us at . Kind regards, Rumy Kanis Training Services Manager RIPE NCC From markguz at ripe.net Thu May 24 13:44:36 2007 From: markguz at ripe.net (Mark Guz) Date: Thu, 24 May 2007 13:44:36 +0200 Subject: [dns-wg] RIPE NCC Network Maintenance Wednesday 23 May 1700 - 1900 UTC/GMT - COMPLETED Message-ID: <46557AA4.1000408@ripe.net> Dear Colleagues, The above mentioned maintenance was preformed successfully and within the specified maintenance window. If you have any questions about this, please e-mail ops at ripe.net Regards Mark Guz Senior Engineer Operations Dept RIPE NCC From markguz at ripe.net Thu May 24 17:34:30 2007 From: markguz at ripe.net (Mark Guz) Date: Thu, 24 May 2007 17:34:30 +0200 Subject: [dns-wg] RIPE NCC Network Maintenance Wednesday 23 May 1700 - 1900 UTC/GMT - COMPLETED Message-ID: <4655B086.8060709@ripe.net> Dear Colleagues, The above mentioned maintenance was performed successfully and within the specified maintenance window. If you have any questions about this, please e-mail ops at ripe.net Regards Mark Guz Senior Engineer Operations Dept RIPE NCC