From jaap at NLnetLabs.nl Tue Sep 4 11:10:01 2007 From: jaap at NLnetLabs.nl (Jaap Akkerhuis) Date: Tue, 04 Sep 2007 11:10:01 +0200 Subject: [dns-wg] RIPE-55 coming up -- Agenda's items sought Message-ID: <200709040910.l849A1lo028879@bartok.nlnetlabs.nl> Yes, it is that time of the year. In seven weeks we will have another RIPE meeting. We have the usual two slots. Please provide agenda items or suggestions for such items. Mail them to the list or just to the chairs. Let me remind you that only your contributions can make RIPE meetings to a success. jaap From sjoerdoo at ripe.net Thu Sep 6 15:43:23 2007 From: sjoerdoo at ripe.net (Sjoerd Oostdijck) Date: Thu, 06 Sep 2007 15:43:23 +0200 Subject: [dns-wg] DNS Maintenance on ns-tld.ripe.net, 12 Sept Message-ID: <46E003FB.3040606@ripe.net> [Apologies for duplicate e-mails.] Dear Colleagues, On Wednesday, 12 September 2007, we will update our DNS server ns-tld.ripe.net between 17:00 and 17:15 (UTC). During this period, it will not be able to answer DNS queries. We apologise for any inconvenience this may cause. If you have any questions or concerns about this, please send an e-mail to . Regards, Sjoerd Oostdijck, DNS Services RIPE NCC From jorgen at hovland.cx Thu Sep 6 15:59:04 2007 From: jorgen at hovland.cx (=?utf-8?Q?J=C3=B8rgen_Hovland?=) Date: Thu, 6 Sep 2007 15:59:04 +0200 Subject: [dns-wg] DNS Maintenance on ns-tld.ripe.net, 12 Sept In-Reply-To: <46E003FB.3040606@ripe.net> References: <46E003FB.3040606@ripe.net> Message-ID: <9191A705EEB54FD499BD82444E09A3A2@tungemaskin> Pardon me for asking, but why do you need a maintenance window to upgrade the DNS server? You can for example reroute the IP to another server while you perform the upgrade. Cheers, Joergen Hovland -----Original Message----- From: dns-wg-admin at ripe.net [mailto:dns-wg-admin at ripe.net] On Behalf Of Sjoerd Oostdijck Sent: 6. september 2007 15:43 To: dns-wg at ripe.net; ncc-services-wg at ripe.net Subject: [dns-wg] DNS Maintenance on ns-tld.ripe.net, 12 Sept [Apologies for duplicate e-mails.] Dear Colleagues, On Wednesday, 12 September 2007, we will update our DNS server ns-tld.ripe.net between 17:00 and 17:15 (UTC). During this period, it will not be able to answer DNS queries. We apologise for any inconvenience this may cause. If you have any questions or concerns about this, please send an e-mail to . Regards, Sjoerd Oostdijck, DNS Services RIPE NCC From bortzmeyer at nic.fr Thu Sep 6 16:03:32 2007 From: bortzmeyer at nic.fr (Stephane Bortzmeyer) Date: Thu, 6 Sep 2007 16:03:32 +0200 Subject: [dns-wg] Re: DNS Maintenance on ns-tld.ripe.net, 12 Sept In-Reply-To: <9191A705EEB54FD499BD82444E09A3A2@tungemaskin> References: <46E003FB.3040606@ripe.net> <9191A705EEB54FD499BD82444E09A3A2@tungemaskin> Message-ID: <20070906140332.GA544@nic.fr> On Thu, Sep 06, 2007 at 03:59:04PM +0200, J?rgen Hovland wrote a message of 35 lines which said: > but why do you need a maintenance window to upgrade the DNS server? > You can for example reroute the IP to another server while you > perform the upgrade. It is not worth it, specially for fifteen minutes of maintenance. The DNS protocol can handle the lack of response from a server, without any problem. There is no need for the RIPE-NCC to bother with "Five nines" reliability, not only because this is a "best effort" and gratis service, but also because the DNS does not require it. From brettcarr at ripe.net Thu Sep 6 16:04:21 2007 From: brettcarr at ripe.net (Brett Carr) Date: Thu, 6 Sep 2007 16:04:21 +0200 Subject: [dns-wg] DNS Maintenance on ns-tld.ripe.net, 12 Sept In-Reply-To: <9191A705EEB54FD499BD82444E09A3A2@tungemaskin> References: <46E003FB.3040606@ripe.net> <9191A705EEB54FD499BD82444E09A3A2@tungemaskin> Message-ID: <003001c7f08e$d2cbeab0$8e0200c1@singel.ripe.net> It would be slightly more involved than that I'm afraid. A scenario similar to what you describe would be a considerable amount of work. For an outage that is expected to be less than 15 minutes of what is a redundant service anyway. -- Brett Carr RIPE Network Coordination Centre Manager -- DNS Services Group Singel 258 Amsterdam NL GPG Key fingerprint = F20D B2A7 C91D E370 44CF F244 B6A1 EF48 E743 F7D8 > -----Original Message----- > From: dns-wg-admin at ripe.net [mailto:dns-wg-admin at ripe.net] On > Behalf Of J?rgen Hovland > Sent: 06 September 2007 15:59 > To: 'Sjoerd Oostdijck'; dns-wg at ripe.net > Subject: RE: [dns-wg] DNS Maintenance on ns-tld.ripe.net, 12 Sept > > Pardon me for asking, > but why do you need a maintenance window to upgrade the DNS server? > You can for example reroute the IP to another server while > you perform the upgrade. > > > Cheers, > > Joergen Hovland > > > -----Original Message----- > From: dns-wg-admin at ripe.net [mailto:dns-wg-admin at ripe.net] On > Behalf Of Sjoerd Oostdijck > Sent: 6. september 2007 15:43 > To: dns-wg at ripe.net; ncc-services-wg at ripe.net > Subject: [dns-wg] DNS Maintenance on ns-tld.ripe.net, 12 Sept > > [Apologies for duplicate e-mails.] > > Dear Colleagues, > > On Wednesday, 12 September 2007, we will update our DNS > server ns-tld.ripe.net between 17:00 and 17:15 (UTC). During > this period, it will not be able to answer DNS queries. > > We apologise for any inconvenience this may cause. > > If you have any questions or concerns about this, please send > an e-mail to . > > Regards, > Sjoerd Oostdijck, > DNS Services > RIPE NCC > > > From pk at DENIC.DE Tue Sep 11 17:30:19 2007 From: pk at DENIC.DE (Peter Koch) Date: Tue, 11 Sep 2007 17:30:19 +0200 Subject: [dns-wg] Last Call: Secondary service on ns.ripe.net for reverse delegations In-Reply-To: <20070731044718.GA7358@denics7.denic.de> References: <20070731044718.GA7358@denics7.denic.de> Message-ID: <20070911153019.GJ1233@unknown.office.denic.de> Dear WG, the Last Call issued 2007-07-31 ... > Summary: > > To eliminate an inconsistency between IPv4 and IPv6 policies, where > /16 reverse on ns.ripe.net is mandatory for v4 and there's no such > policy for v6, three options were given: > > 1) Make ns.ripe.net mandatory on ipv4 and ipv6 delegations > 2) Make ns.ripe.net optional on ipv4 and ipv6 delegations > 3) Discontinue the secondary service on ns.ripe.net for new delegations. > > The NCC's preference was (2). > > The thread started as mentioned above saw 8 replies until June. Those who > expressed an opinion were in favour of going forward with (2). has expired. Noone opposed the proposal, so per default judgement there's consensus to proceed with option (2) above. > We'd like to ask the NCC to prepare an implementation plan after this date. Which is why I'd like to ask Brett to care of the implementation on behalf of the NCC. Thanks for bringing this issue forward and also thanks to everybody who contributed to the discussion. -Peter Koch [DNS WG co-chair] From brettcarr at ripe.net Fri Sep 14 11:50:11 2007 From: brettcarr at ripe.net (Brett Carr) Date: Fri, 14 Sep 2007 11:50:11 +0200 Subject: [dns-wg] Leaving the RIPE NCC Message-ID: <003e01c7f6b4$a483b670$8e0200c1@singel.ripe.net> I will be moving back to the UK and hence leaving the RIPE NCC on September the 20th. I would like to thank all WG members for the help and support over the last 3 years. Rest assured DNS services at the NCC are in the safe hands of Anand and Sjoerd, and Andrei will take over the running of the team until a replacement has been hired. As always queries and problems can be sent to dns-help at ripe.net and will be dealt with swiftly. Thanks Brett -- Brett Carr RIPE Network Coordination Centre Manager -- DNS Services Group Singel 258 Amsterdam NL GPG Key fingerprint = F20D B2A7 C91D E370 44CF F244 B6A1 EF48 E743 F7D8 From sjoerdoo at ripe.net Mon Sep 17 13:21:21 2007 From: sjoerdoo at ripe.net (Sjoerd Oostdijck) Date: Mon, 17 Sep 2007 13:21:21 +0200 Subject: [dns-wg] DNS Maintenance on ns.ripe.net, 19 Sept Message-ID: <46EE6331.4000405@ripe.net> [Apologies for duplicate e-mails.] Dear Colleagues, On Wednesday, 19 September 2007, we will update our DNS server ns.ripe.net between 17:00 and 18:00 (UTC). During this period, it will not be able to answer DNS queries. We apologise for any inconvenience this may cause. If you have any questions or concerns about this, please send an e-mail to . Regards, Sjoerd Oostdijck, DNS Services RIPE NCC From brettcarr at ripe.net Wed Sep 19 09:50:39 2007 From: brettcarr at ripe.net (Brett Carr) Date: Wed, 19 Sep 2007 09:50:39 +0200 Subject: [dns-wg] Last Call: Secondary service on ns.ripe.net for reverse delegations In-Reply-To: <20070911153019.GJ1233@unknown.office.denic.de> References: <20070731044718.GA7358@denics7.denic.de> <20070911153019.GJ1233@unknown.office.denic.de> Message-ID: <002701c7fa91$c5aefd10$8e0200c1@singel.ripe.net> > -----Original Message----- > From: Peter Koch [mailto:pk at DENIC.DE] > Sent: 11 September 2007 17:30 > To: RIPE DNS WG > Cc: Brett Carr > Subject: Re: [dns-wg] Last Call: Secondary service on > ns.ripe.net for reverse delegations > > Dear WG, > > the Last Call issued 2007-07-31 ... > > > Summary: > > > > To eliminate an inconsistency between IPv4 and IPv6 > policies, where > > /16 reverse on ns.ripe.net is mandatory for v4 and there's no such > > policy for v6, three options were given: > > > > 1) Make ns.ripe.net mandatory on ipv4 and ipv6 delegations > > 2) Make ns.ripe.net optional on ipv4 and ipv6 delegations > > 3) Discontinue the secondary service on ns.ripe.net for > new delegations. > > > > The NCC's preference was (2). > > > > The thread started as mentioned above saw 8 replies until > June. Those > > who expressed an opinion were in favour of going forward with (2). > > has expired. Noone opposed the proposal, so per default > judgement there's consensus to proceed with option (2) above. > > > We'd like to ask the NCC to prepare an implementation plan > after this date. > > Which is why I'd like to ask Brett to care of the > implementation on behalf of the NCC. Thanks for bringing > this issue forward and also thanks to everybody who > contributed to the discussion. > This is now implemented, ns.ripe.net is no longer mandatory for /16 reverse delegations and can also be removed from existing delegations if you so require. Regards Brett -- Brett Carr RIPE Network Coordination Centre Manager -- DNS Services Group Singel 258 Amsterdam NL GPG Key fingerprint = F20D B2A7 C91D E370 44CF F244 B6A1 EF48 E743 F7D8 From sjoerdoo at ripe.net Wed Sep 26 09:14:47 2007 From: sjoerdoo at ripe.net (Sjoerd Oostdijck) Date: Wed, 26 Sep 2007 09:14:47 +0200 Subject: [dns-wg] DNS Maintenance on ns-pri.ripe.net, 26 Sept Message-ID: <46FA06E7.5070607@ripe.net> [Apologies for duplicate e-mails.] Dear Colleagues, On Wednesday, 26 September 2007, we will update our DNS server ns.ripe.net between 17:00 and 18:00 (UTC). During this period, it may not be able to answer DNS queries. We apologise for any inconvenience this may cause. If you have any questions or concerns about this, please send an e-mail to . Regards, Sjoerd Oostdijck, DNS Services RIPE NCC From andrei at ripe.net Thu Sep 27 17:04:35 2007 From: andrei at ripe.net (Andrei Robachevsky) Date: Thu, 27 Sep 2007 17:04:35 +0200 Subject: [dns-wg] Deploying DNSSEC in e164.arpa zone Message-ID: <46FBC683.9000107@ripe.net> Dear Colleagues, The RIPE NCC is pleased to announce its plan for the deployment of DNSSEC in the e164.arpa zone (ENUM). This improvement to the operation of the domain was developed and concluded following consultation with the IETF's Internet Architecture Board (IAB). In line with the IAB's instructions, the RIPE NCC has provided technical administration for the e164.arpa zone since 2002. These instructions are documented and are available at: http://www.ripe.net/enum/instructions.html We informed the IAB of our intention to implement DNSSEC in the e164.arpa zone and we received positive feedback and support for the deployment. Details of the correspondence between the RIPE NCC and the IAB can be found at: http://www.iab.org/documents/correspondence/ We will start signing the e164.arpa on 26 November 2007 and support for secure delegations will be provided on 24 March 2008. Further announcements will be posted as these milestones approach. Best regards, Andrei Robachevsky Chief Technical Officer RIPE NCC From Niall.oReilly at ucd.ie Thu Sep 27 18:43:23 2007 From: Niall.oReilly at ucd.ie (Niall O'Reilly) Date: Thu, 27 Sep 2007 17:43:23 +0100 Subject: [dns-wg] Deploying DNSSEC in e164.arpa zone In-Reply-To: <46FBC683.9000107@ripe.net> References: <46FBC683.9000107@ripe.net> Message-ID: <804BF8C1-EDC3-48FA-9AD5-0A1E1A3D4D7F@ucd.ie> On 27 Sep 2007, at 16:04, Andrei Robachevsky wrote: > The RIPE NCC is pleased to announce its plan for the deployment of > DNSSEC in the e164.arpa zone (ENUM). This improvement to the operation > of the domain was developed and concluded following consultation with > the IETF's Internet Architecture Board (IAB). Excellent! Best regards, Niall O'Reilly Co-Chair, RIPE ENUM Working Group -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part URL: From jaap at NLnetLabs.nl Thu Sep 27 20:26:59 2007 From: jaap at NLnetLabs.nl (Jaap Akkerhuis) Date: Thu, 27 Sep 2007 20:26:59 +0200 Subject: [dns-wg] Re: [enum-wg] Deploying DNSSEC in e164.arpa zone In-Reply-To: Your message of Thu, 27 Sep 2007 17:33:28 +0200. Message-ID: <200709271826.l8RIQxFF011974@bartok.nlnetlabs.nl> Finally :) Good news. We use DNSSEC for our 8.4.e164.zone for quite a long time. .... ENUM: 0.7.5.1.4.2.6.0.6.8.4.e164.arpa So, time to sign this one as well :-). jaap From andrzejb at nask.pl Thu Sep 27 17:33:28 2007 From: andrzejb at nask.pl (Andrzej Bartosiewicz) Date: Thu, 27 Sep 2007 17:33:28 +0200 (CEST) Subject: [dns-wg] Re: [enum-wg] Deploying DNSSEC in e164.arpa zone In-Reply-To: <46FBC683.9000107@ripe.net> References: <46FBC683.9000107@ripe.net> Message-ID: Finally :) Good news. We use DNSSEC for our 8.4.e164.zone for quite a long time. Best, Andrzej Bartosiewicz tel: +48 22 380 8395 tel: +1 (310) 817 6567 ENUM: 0.7.5.1.4.2.6.0.6.8.4.e164.arpa skype: abartosiewicz On Thu, 27 Sep 2007, Andrei Robachevsky wrote: > Dear Colleagues, > > The RIPE NCC is pleased to announce its plan for the deployment of > DNSSEC in the e164.arpa zone (ENUM). This improvement to the operation > of the domain was developed and concluded following consultation with > the IETF's Internet Architecture Board (IAB). > > In line with the IAB's instructions, the RIPE NCC has provided technical > administration for the e164.arpa zone since 2002. These instructions are > documented and are available at: http://www.ripe.net/enum/instructions.html > > We informed the IAB of our intention to implement DNSSEC in the > e164.arpa zone and we received positive feedback and support for the > deployment. Details of the correspondence between the RIPE NCC and the > IAB can be found at: http://www.iab.org/documents/correspondence/ > > We will start signing the e164.arpa on 26 November 2007 and support for > secure delegations will be provided on 24 March 2008. Further > announcements will be posted as these milestones approach. > > Best regards, > > Andrei Robachevsky > Chief Technical Officer > RIPE NCC > From enumvoipsip.cs at schiefner.de Thu Sep 27 18:49:58 2007 From: enumvoipsip.cs at schiefner.de (Carsten Schiefner) Date: Thu, 27 Sep 2007 18:49:58 +0200 Subject: [enum-wg] Re: [dns-wg] Deploying DNSSEC in e164.arpa zone In-Reply-To: <804BF8C1-EDC3-48FA-9AD5-0A1E1A3D4D7F@ucd.ie> References: <46FBC683.9000107@ripe.net> <804BF8C1-EDC3-48FA-9AD5-0A1E1A3D4D7F@ucd.ie> Message-ID: <46FBDF36.5070704@schiefner.de> Niall O'Reilly wrote: >On 27 Sep 2007, at 16:04, Andrei Robachevsky wrote: >> The RIPE NCC is pleased to announce its plan for the deployment of >> DNSSEC in the e164.arpa zone (ENUM). This improvement to the operation >> of the domain was developed and concluded following consultation with >> the IETF's Internet Architecture Board (IAB). > > Excellent! Also from my side! :-) Best, Carsten Schiefner Co-Chair, RIPE ENUM Working Group From paf at cisco.com Fri Sep 28 09:50:17 2007 From: paf at cisco.com (=?ISO-8859-1?Q?Patrik_F=E4ltstr=F6m?=) Date: Fri, 28 Sep 2007 09:50:17 +0200 Subject: [dns-wg] Deploying DNSSEC in e164.arpa zone In-Reply-To: <46FBC683.9000107@ripe.net> References: <46FBC683.9000107@ripe.net> Message-ID: <1ECA2B7B-6B74-4C36-9FBE-99C1F29B3778@cisco.com> On 27 sep 2007, at 17.04, Andrei Robachevsky wrote: > The RIPE NCC is pleased to announce its plan for the deployment of > DNSSEC in the e164.arpa zone (ENUM). This improvement to the operation > of the domain was developed and concluded following consultation with > the IETF's Internet Architecture Board (IAB). Andrei, staff at RIPE NCC, IAB, wg members. My sincere congratulations for this big step towards a more stable and secure Internet. Regards, Patrik F?ltstr?m From jaap at NLnetLabs.nl Fri Sep 28 12:08:38 2007 From: jaap at NLnetLabs.nl (Jaap Akkerhuis) Date: Fri, 28 Sep 2007 12:08:38 +0200 Subject: [dns-wg] Re: [enum-wg] Deploying DNSSEC in e164.arpa zone In-Reply-To: Your message of Fri, 28 Sep 2007 10:15:53 +0200. Message-ID: <200709281008.l8SA8cJU087117@bartok.nlnetlabs.nl> this domain is signed, ALL servers respond with DNSSEC data EXCEPT the RIPE server which do not support DNSSEC.... so if you resolve domains from 8.4.e164.arpa zone using RIPE server, you can't get DNSSEC enabled answers. we will remove ns.ripe.net and the problem will be solved today. Ah, I might have hit that one, I just only tried it once. But there is at least one lesson in this: you make sure al servers support DNSSEC when you roll it out. jaap From andrzejb at nask.pl Fri Sep 28 10:04:41 2007 From: andrzejb at nask.pl (Andrzej Bartosiewicz) Date: Fri, 28 Sep 2007 10:04:41 +0200 (CEST) Subject: [dns-wg] Re: [enum-wg] Deploying DNSSEC in e164.arpa zone In-Reply-To: <200709271826.l8RIQxFF011974@bartok.nlnetlabs.nl> References: <200709271826.l8RIQxFF011974@bartok.nlnetlabs.nl> Message-ID: ? it's properly signed. Andrzej Bartosiewicz tel: +48 22 380 8395 tel: +1 (310) 817 6567 ENUM: 0.7.5.1.4.2.6.0.6.8.4.e164.arpa skype: abartosiewicz On Thu, 27 Sep 2007, Jaap Akkerhuis wrote: > > Finally :) > > Good news. We use DNSSEC for our 8.4.e164.zone for quite a long time. > > .... > > ENUM: 0.7.5.1.4.2.6.0.6.8.4.e164.arpa > > So, time to sign this one as well :-). > > jaap > From andrzejb at nask.pl Fri Sep 28 10:15:53 2007 From: andrzejb at nask.pl (Andrzej Bartosiewicz) Date: Fri, 28 Sep 2007 10:15:53 +0200 (CEST) Subject: [dns-wg] Re: [enum-wg] Deploying DNSSEC in e164.arpa zone In-Reply-To: <200709271826.l8RIQxFF011974@bartok.nlnetlabs.nl> References: <200709271826.l8RIQxFF011974@bartok.nlnetlabs.nl> Message-ID: Jaap, i've checked... this domain is signed, ALL servers respond with DNSSEC data EXCEPT the RIPE server which do not support DNSSEC.... so if you resolve domains from 8.4.e164.arpa zone using RIPE server, you can't get DNSSEC enabled answers. we will remove ns.ripe.net and the problem will be solved today. thanks Andrzej Bartosiewicz tel: +48 22 380 8395 tel: +1 (310) 817 6567 ENUM: 0.7.5.1.4.2.6.0.6.8.4.e164.arpa skype: abartosiewicz On Thu, 27 Sep 2007, Jaap Akkerhuis wrote: > > Finally :) > > Good news. We use DNSSEC for our 8.4.e164.zone for quite a long time. > > .... > > ENUM: 0.7.5.1.4.2.6.0.6.8.4.e164.arpa > > So, time to sign this one as well :-). > > jaap >