[dns-wg] RFC 7344 support in the RIPE database

Shane Kerr <shane at time-travellers.org> wrote:
>
> Generally we leave the details of exactly how stuff works up to the RIPE NCC,
> and I think that makes sense for any request about RFC 7344 support.

That makes things easier for me :-)

> My own thinking is that we can request update & deletion support immediately,
> since those are clearly specified, but that we need to think a bit about what
> recommendations we can make for bootstrapping adding DS records, if we want
> that at all (I think we do, but reasonable people may disagree).

I would be happy with just RFC 7344 updates and RFC 8078 deletion, but I
agree RFC 8078 bootstrapping should be a goal. The implementations at
CZ.NIC and SWITCH have full RFC 7344 and RFC 8078 support.

https://www.nic.ch/export/shared/.content/files/SWITCH_CDS_Manual_en.pdf

https://ripe75.ripe.net/presentations/123-CDNSKEY-FRED-KNOT-RIPE75.pdf

The timings are different, though:

SWITCH requires consistent results for 3 days in all cases; for
bootstrapping they also require consistent results over TCP from all
nameservers.

CZ.NIC does updates as soon as a daily scan finds CDS/CDNSKEY recrods
requesting a change; bootstrapping requires 7 days of consistent results
over TCP from all nameservers.

(I think I prefer the CZ.NIC timings.)

The usual RIPE database change notification emails should occur for CDS
changes - cf. the CZ.NIC notifications.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Fisher: Variable 3 or 4, becoming southeast 4 or 5 later. Slight. Fair. Good.