From jabley at hopcount.ca Wed Apr 3 16:11:08 2013 From: jabley at hopcount.ca (Joe Abley) Date: Wed, 3 Apr 2013 10:11:08 -0400 Subject: [dns-wg] public consultation on root zone KSK rollover Message-ID: <3EFFA27D-8BF7-473E-AE24-6679A1BE050C@hopcount.ca> Hi all, As advised a month or so ago, the following public comment period is open: http://www.icann.org/en/news/public-comment/root-zone-consultation-08mar13-en.htm We have received a small number of responses which are accessible from that page. The topic at hand and the specific questions that have been asked as part of the consultation are important ones; the decisions taken will have operational consequences to any user of the Internet who validates DNS responses with DNSSEC. If you have experience, opinions or expertise to contribute, it would be greatly appreciated. The window for being able to submit comments closes on 12 April 2013 at 23:59 UTC. Many thanks, Joe From jabley at hopcount.ca Wed Apr 3 16:11:14 2013 From: jabley at hopcount.ca (Joe Abley) Date: Wed, 3 Apr 2013 10:11:14 -0400 Subject: [dns-wg] public consultation on root zone KSK rollover Message-ID: Hi all, As advised a month or so ago, the following public comment period is open: http://www.icann.org/en/news/public-comment/root-zone-consultation-08mar13-en.htm We have received a small number of responses which are accessible from that page. The topic at hand and the specific questions that have been asked as part of the consultation are important ones; the decisions taken will have operational consequences to any user of the Internet who validates DNS responses with DNSSEC. If you have experience, opinions or expertise to contribute, it would be greatly appreciated. The window for being able to submit comments closes on 12 April 2013 at 23:59 UTC. Many thanks, Joe From cet1 at cam.ac.uk Wed Apr 17 17:40:35 2013 From: cet1 at cam.ac.uk (Chris Thompson) Date: 17 Apr 2013 16:40:35 +0100 Subject: [dns-wg] When did ns-v6.ripe.net become a CNAME? Message-ID: Can anyone say when ns-v6.ripe.net became a CNAME (target ns.ripe.net), which makes it a rather bad idea to have an NS record pointing to it? We (due credit: Tony Finch) have just discovered that some strange resolving glitches were due to 0.3.6.0.1.0.0.2.ip6.arpa having such an NS record. The Janet NOC have been informed and hopefully will fix. -- Chris Thompson University of Cambridge Computing Service, Email: cet1 at ucs.cam.ac.uk New Museums Site, Cambridge CB2 3QH, Phone: +44 1223 334715 United Kingdom. From romeo.zwart at ripe.net Wed Apr 17 20:32:39 2013 From: romeo.zwart at ripe.net (Romeo Zwart) Date: Wed, 17 Apr 2013 20:32:39 +0200 Subject: [dns-wg] When did ns-v6.ripe.net become a CNAME? In-Reply-To: References: Message-ID: <516EEAC7.9000802@ripe.net> Hi Chris, Thanks for drawing our attention to this. On 13/04/17 17:40 , Chris Thompson wrote: > Can anyone say when ns-v6.ripe.net became a CNAME (target ns.ripe.net), > which makes it a rather bad idea to have an NS record pointing to it? The cname was introduced in March 2012. It has been corrected. Apologies for the inconvenience. Best regards, Romeo > We (due credit: Tony Finch) have just discovered that some strange > resolving glitches were due to 0.3.6.0.1.0.0.2.ip6.arpa having such > an NS record. The Janet NOC have been informed and hopefully will fix. From jimsimpson2 at hushmail.com Sat Apr 20 16:25:40 2013 From: jimsimpson2 at hushmail.com (jimsimpson2 at hushmail.com) Date: Sat, 20 Apr 2013 10:25:40 -0400 Subject: [dns-wg] Biggest Fake Conference in Computer Science Message-ID: <20130420142540.5A0C0E6736@smtp.hushmail.com> We are researchers from different parts of the world and conducted a study on the world?s biggest bogus computer science conference WORLDCOMP ( http://sites.google.com/site/worlddump1 ) organized by Prof. Hamid Arabnia from University of Georgia, USA. We submitted a fake paper to WORLDCOMP 2011 and again (the same paper with a modified title) to WORLDCOMP 2012. This paper had numerous fundamental mistakes. Sample statements from that paper include: (1). Binary logic is fuzzy logic and vice versa (2). Pascal developed fuzzy logic (3). Object oriented languages do not exhibit any polymorphism or inheritance (4). TCP and IP are synonyms and are part of OSI model (5). Distributed systems deal with only one computer (6). Laptop is an example for a super computer (7). Operating system is an example for computer hardware Also, our paper did not express any conceptual meaning. However, it was accepted both the times without any modifications (and without any reviews) and we were invited to submit the final paper and a payment of $500+ fee to present the paper. We decided to use the fee for better purposes than making Prof. Hamid Arabnia (Chairman of WORLDCOMP) rich. After that, we received few reminders from WORLDCOMP to pay the fee but we never responded. We MUST say that you should look at the above website if you have any thoughts to submit a paper to WORLDCOMP. DBLP and other indexing agencies have stopped indexing WORLDCOMP?s proceedings since 2011 due to its fakeness. See http://www.informatik.uni-trier.de/~ley/db/conf/icai/index.html for of one of the conferences of WORLDCOMP and notice that there is no listing after 2010. See http://sites.google.com/site/dumpconf for comments from well-known researchers about WORLDCOMP. If WORLDCOMP is not fake then why did DBLP suddenly stopped listing the proceedings after? The status of your WORLDCOMP papers can be changed from ?scientific? to ?other? (i.e., junk or non-technical) at any time. See the comments http://www.mail-archive.com/tccc at lists.cs.columbia.edu/msg05168.html of a respected researcher on this. Better not to have a paper than having it in WORLDCOMP and spoil the resume and peace of mind forever! Our study revealed that WORLDCOMP is a money making business, using University of Georgia mask, for Prof. Hamid Arabnia. He is throwing out a small chunk of that money (around 20 dollars per paper published in WORLDCOMP?s proceedings) to his puppet (Mr. Ashu Solo or A.M.G. Solo) who publicizes WORLDCOMP and also defends it at various forums, using fake/anonymous names. The puppet uses fake names and defames other conferences to divert traffic to WORLDCOMP. He also makes anonymous phone calls and try to threaten the critiques of WORLDCOMP. That is, the puppet does all his best to get a maximum number of papers published at WORLDCOMP to get more money into his (and Prof. Hamid Arabnia?s) pockets. Monte Carlo Resort (the venue of WORLDCOMP until 2012) has refused to provide the venue for WORLDCOMP?13 because of the fears of their image being tarnished due to WORLDCOMP?s fraudulent activities. WORLDCOMP?13 will be held at a different resort. WORLDCOMP will not be held after 2013. The paper submission deadline for WORLDCOMP?13 was March 18 and it was extended to April 6 and now it is extended to April 20 (it may be extended again) but still there are no committee members, no reviewers, and there is no conference Chairman. The only contact details available on WORLDCOMP?s website is just an email address! Prof. Hamid Arabnia expends the deadline to get more papers (means, more registration fee into his pocket!). Let us make a direct request to Prof. Hamid arabnia: publish all reviews for all the papers (after blocking identifiable details) since 2000 conference. Reveal the names and affiliations of all the reviewers (for each year) and how many papers each reviewer had reviewed on average. We also request him to look at the Open Challenge at https://sites.google.com/site/moneycomp1 Sorry for posting to multiple lists. Spreading the word is the only way to stop this bogus conference. Please forward this message to other mailing lists and people. We are shocked with Prof. Hamid Arabnia and his puppet?s activities http://worldcomp-fake-bogus.blogspot.com Search Google using the keyword worldcomp fake for additional links. From bortzmeyer at nic.fr Sat Apr 20 17:49:44 2013 From: bortzmeyer at nic.fr (Stephane Bortzmeyer) Date: Sat, 20 Apr 2013 17:49:44 +0200 Subject: [dns-wg] Biggest Fake Conference in Computer Science In-Reply-To: <20130420142540.5A0C0E6736@smtp.hushmail.com> References: <20130420142540.5A0C0E6736@smtp.hushmail.com> Message-ID: <20130420154944.GB21953@sources.org> On Sat, Apr 20, 2013 at 10:25:40AM -0400, jimsimpson2 at hushmail.com wrote a message of 89 lines which said: > We submitted a fake paper to WORLDCOMP 2011 [...] it was accepted > both the times without any modifications That's cool. I'm partially evaluated on the number of publications and this looks like really interesting. > We MUST say that you should look at the above website if you have any thoughts > to submit a paper to WORLDCOMP. There are several famous names in the Steering Committee (David Patterson, the processor guy, Eugene Spafford, Jim "bufferbloat" Gettys...) Are they really part of such a scam? From jim at rfc1035.com Sun Apr 21 19:21:55 2013 From: jim at rfc1035.com (Jim Reid) Date: Sun, 21 Apr 2013 18:21:55 +0100 Subject: [dns-wg] RIPE65 minutes Message-ID: <7F6A9F94-BA51-4E6B-92D8-0E9EDF578B62@rfc1035.com> Here are the minutes of the last WG meeting. Please speak up if there are any corrections. RIPE 65 DNS Working Group - Session I 26 September 2012, 11:00-12:30 WG co-Chairs: Jim Reid, Jaap Akkerhuis, Peter Koch Scribe: Daniel Quinn A. Administrivia Jaap Akkerhuis, DNS WG co-chair, opened the session and welcomed attendees. He announced that the minutes for RIPE 64 were online and no comments were received so he assumed it was safe to publish them as final. He reminded attendees to state their name clearly before asking a question. Jaap said that there would be some changes to the agenda and that the OpenDNSSEC and benchmarking effort presentations would swap. B. Software Reports DNS Benchmarking Effort - Shane Kerr, ISC https://ripe65.ripe.net/presentations/168-ripe65-dns-benchmarking.pdf Jim Reid, WG co-chair, asked if they had a mailing list or website where the public can see what was going on. He would like to see benchmarks and other forms of information. Shane said there wasn't and that although BIND is not developed in a committee-fashion, ISC is still interested in requests from the community. Daniel Karrenberg, RIPE NCC, asked which direction they were going and whether it was just local benchmarking or a more natural network setting with remote clients. He also asked if they were looking for realistic test loads that come from actual server operators. Shane replied that real world query traffic is important, but it is also important for people to be able to reproduce these benchmarks in their own environment. Also, privacy is a concern. Emilio Madaio, RIPE NCC, pointed out that there was in fact a mailing list: dns-benchmarking at lists.dns-oarc.net OpenDNSSEC Update - Sara Dickinson, Sinodun Internet Technologies https://ripe65.ripe.net/presentations/189-ripe65-opendnssec.pdf John Bond, RIPE NCC, asked if they were planning on continuing auditor development. Sara explained that it is no longer part of the product and would require a lot of work to maintain. It is unlikely to continue. C. RIPE NCC DNS Update - Romeo Zwart, RIPE NCC https://ripe65.ripe.net/presentations/179-RIPE65_RomeoZwart_NCC_DNS_update_.pdf Antoin Verschuren, SIDN, asked if it was possible to mandate that networks that have a local K-root node have to do validation. Romeo agreed that that was a good idea. Wilfried Woeber, Univie, pointed out that the RIPE NCC's current model of thinking will exclude networks that are built around ASes like his. Romeo acknowledged this and said that he'd like to make sure that the RIPE NCC approaches these settings on a case-by-case basis. D. DNSSEC Measurement-A slightly closer look - Geoff Huston, APNIC https://ripe65.ripe.net/presentations/177-2012-09-26-dnssec.pdf Lorenzo Colitti, Google, commented that the numbers of 8 and 15% are different for their various tests and experiments but that they always vary with the same range between them. He added that '3' is the number you can trust, which is 8-5. Jim Reid wanted to know if they were doing fingerprinting for software identification. Geoff replied that they were. Heather Schiller, ARIN, asked what record the IP addressess in Geoff's final slide were querying, remarking that if they belonged to her, she would have them fixed. Geoff said that they were querying the A record all the way down in that domain. Paul Vixie, ARIN Board of Trustees, commented that the version of BIND (8) that exhibited this behaviour is known to be susceptible to two stack smashing attacks. He suggested that publication of this information would encourage the managers of those machines to upgrade. E. Panel: Overcoming the ?First Mover Loses? Paradigm for IPv6 DNSSEC Deployment https://ripe65.ripe.net/presentations/161-worldfitbday.pdf Panel: Patrick Falstrom (Netnod) Andrei Robachevsky (ISOC), Roland Van Rijswijk (Surfnet), Antoin Verschuren (SIDN) Jim Reid commented that validation may not be as painful as many may think. He suggested that better explanation might help with adoption. Patrik pointed out that what he's heard from others was that the process was so painless, they don't really have any comment on it. Roland said that it cost his organisation nothing, and made no money aside from offers to pay him for talking about it at conferences. He added that training costs should be small because all that's needed is a one or two-day course. Andrew Sullivan, Dyn, Inc., stated that he's more interested in making sure that endpoints are using IPv6 and DNSSEC. He's less interested in ISPs doing the work. He wants OSs and browsers to look into supporting this, rather than ISPs. Peter Koch, WG co-chair, said that this was a topic for another panel. Patrik said that it was good to focus on the "low hanging fruit": the ISPs, and work from there. Lorenzo Colitti, Google, said that the panel was ignoring the problems beyond the initial setup and training costs such as CPU load and the lack of information available regarding the results in different environments. Roland said that the process used for IPv6 migration was one worth repeating, and advocated for some pioneering ISPs and/or big providers like Google, Facebook, and Yahoo to setup DNSSEC for other networks to test against. Patrik said that there was not enough information yet to prove that CPU consumption was significantly increased as a result of DNSSEC, and suggested looking at Sweden?s results, comparing average growth of DNS records and CPU load vs. growth of DNSSEC records and CPU load. Andrei said that the low-hanging fruit isn't very meaningful because there isn't much to validate. DNS - Session II 26 September 2012 - 14:00-15:30 F. Interop & New Protocols Knot DNS - Marek Vavrusa, CZ.NIC https://ripe65.ripe.net/presentations/183-knotdns-ripe65.pdf Sara Dickinson, Sinodun, asked whether the remote control utility they built was using a proprietary protocol. Marek answered that it was and that there are not yet any plans to publish it. Dane: Killer App for DNSSEC - Warren Kumari, Google https://ripe65.ripe.net/presentations/180-Kumari&Sury-DANE-RIPE65_1.pdf There were no questions. RESTful WHOIS ? the IETF WEIRDS WG - Olaf Kolkman, NLnet Labs https://ripe65.ripe.net/presentations/213-RIPE65-WEIRDS-WG-DNS.pdf Stanislav Petr, HOSTING90, asked know why they needed this new protocol. Olaf replied that this was an entirely different dataset and requirements. G. DNSMON Future - Romeo Zwart, RIPE NCC https://ripe65.ripe.net/presentations/202-RIPE65_RomeoZwart_NCC_DNSMON_future.pdf Joao Damas, ISC, wanted to know if these features would be open to all members and wanted more specifics. Romeo said that they would be open to monitor domains for members that want their domains to be monitored. H. Operational Considerations and Recommendations for DNS Response Packet Sizes - Roland Van Rijswijk, SURFnet BV https://ripe65.ripe.net/presentations/167-20120926_-_RIPE65_-_Amsterdam_-_DNSSEC_reco_draft.pdf Rick van Rein, OpenFortress, asked if the problems he'd experienced were related to IPv4 or v6. Roland confirmed that the problem exists for both, but that it's much worse with IPv6. Joao commented that BIND was going to have a lot of work done on it soon and asked for Roland's opinion on best practice for DNS. He asked whether you compromise efficiency and performance for the sake of compatibility with poorly configured firewalls or do you leave people with broken networks with slower speeds. He asked if there was a middle ground. Roland referred to the differences between BIND and Unbound and how Unbound's method was more effective at getting a response faster for the user. He added that that, coupled with Geoff Huston's revelations from earlier that day that users are extremely impatient, meant that users are less likely to blame the zone operator for poor speeds, but rather they might blame the network operator who can't fix the problem. Joao asked if Roland, as a zone operator, was happy with the increase in TCP requests for DNS. Roland replied that that metric wasn't in the stats, but that they did monitor for an increase in TCP and there was no statistically significant increase for TCP fallback. Paul Vixie asked if the total number of UDP queries go up when he dropped the buffer size. Roland explained this was not monitored specifically, but that there were no spikes indicating an increase in extra queries. He added that they could look at it specifically. Paul said that he wrote RFC2671, and as the author he would like to apologise for mistakes he made in its initial writing. Lars-Johan Liman, Netnod, asked how the recommendations would be conveyed to the community. Roland replied that a draft RIPE Working Group recommendation is open to suggestions from this point. An audience speaker commented that DNS operators generally don't like being told how to run their servers. Jim Reid said that what was important was that there was something documented that could serve as an example. The speaker agreed and asked that this be considered in the decision process. Eric Osterweil, Verisign Labs, objected to the hard limits on either side of the equation and noted that establishing standards like this are a slippery slope leading to telling people how to write their code. Roland agreed, stating that a lot of people have limited understanding regarding how to configure their own resolver. I. Panel: DNS Amplification Attacks: BCP38, mitigation, reputation or what? Panelists: Olaf Kolkman (NLnetLabs), Paul Vixie (ISC), Andrew Sullivan (Dyn), Xander Jansen (Surfnet) Joao asked if the solution was something that couldn't come from the people in this room and whether it be meetspace law? Olaf said the problem was enforcement, the overhead in tracking as well as international treaties, as well as the "arms race" and RFC 3514. Paul said that it comes down to enforcement and that as a victim, you are either being used as an amplifier and reflector or you are being attacked by others. He encouraged anyone in the audience that may be a target of such attacks to contact him privately, as they have access to data that they can share about the attack. They would be contributing to a global effort to track down people conducting these sorts of attacks. Jim Reid noted that by the time the attacking packets have reached him, the perpetrator is already gone, and suggested that BCP38 may be the solution to this. He suggested that core internet exchanges might offer discounts or fatter pipes to ISPs implementing BCP38. Andrew Sullivan said he agreed because it reversed the equation of who has terrible bandwidth: people who act poorly suffer on lower network speeds, as opposed to people who are being attacked. He admits that this is not an ideal solution, but he wasn't sure of a better alternative. J. AOB Anand Buddhdev, RIPE NCC, announced that the RIPE NCC wanted to make the name server attribute mandatory in the RIPE Database, as well make some minor changes to the syntax. He encouraged everyone to look into the archives of the DNS Working Group mailing list and to comment there. From jaap at NLnetLabs.nl Sat Apr 27 00:00:37 2013 From: jaap at NLnetLabs.nl (Jaap Akkerhuis) Date: Sat, 27 Apr 2013 00:00:37 +0200 Subject: [dns-wg] Draft agenda DNS-WG Message-ID: <201304262200.r3QM0bnM077324@bela.nlnetlabs.nl> All, Here is the draft agenda for the DNS-WG meeting in Dublin during RIPE-66. Note that this is subject to change, there still is some room for more things and we might actually fill the time with yet another panel but things aren't finalized yet. jaap ---- DNS WG, Thursday May 15th 11:00-12:30, Morning Session A. Administrative matters +5 min o Welcome o Scribe selection/introduction o Jabber selection/introduction o Microphone Etiquette o Finalise agenda B. Matters arising from RIPE-59 Minutes +5 min C. Review of Action items +1 min (No open items) D. Ripe NCC Report +20 min Romeo Zwart (tentative) E. ENUM-WG Update +15 min Niall O'Reilly or Carsten Schiefner F. Analysis of query traffic to .com/.net name servers +30 min Matt Larson, Verisign G. New DNS zone parser for Knot +15 min Marek Vavrusa, nic.cz ___________________ DNS WG, Thursday May 15th 14:00-15:30, Afternoon Session H. DNS Abuse @.nl +20 min SIDN Experiences with (Rate) limiting Stephan R??tten, SIDN I. News from SSAC +20 min Issues with unallocated TLDs that shortly will be allocated, case study with internal certificates Patrik F??ltstr??m, Netnod K. OpenDNSSEC +15 min Sara Dickinson, Sinodun Z. AOB