Dear TF members, Here are the minutes from our seventh call. Cheers, Boris *** Tuesday, 8 August 2023 17:00 (UTC+2) Attendees: Marteen Aertsen, Shane Kerr, Andronikos Kyriakou, Tim Wicinski Scribe: Boris Duval 1. Recommended Knobs Settings The Task Force discussed recommendations for specific DNS settings: https://github.com/DNS-Resolver-BCP-TF/Resolver-Recommendations/issues/10 Here’s a summary: DNSSEC Validation: · Recommended enabling DNSSEC validation. · Negative caching (NSEC, NSEC3) reduces traffic, safeguards against random subdomain attacks (RFC 8198). · Root KSK update essential; RFC 5011 or resolver operator for updates via OS. · Valuable material in RFC9364 for DNSSEC operations. TTL Limits (max & min): · Software default TTL of 1-2 days; potential reduction for cache size. · Lower TTL removes infrequently-used records, minimal operational impact, memory savings. · Some implementations allow minimum TTL, though a DNS protocol violation. · Software can set differing max/min TTL, impacting queries. TTL Record Pre-fetch: · Certain resolvers prefetch records before cache expiration to extend TTL. · Feature not standardized; related proposal: https://datatracker.ietf.org/doc/html/draft-wkumari-dnsop-hammer-03 · Recommended enabling if available. Cache Saving: · Exploring downsides; input sought from implementors, DNS OARC list. Local Root (and maybe local TLD?): · Beneficial to use local root (RFC8806). · Not applicable to most TLDs due to frequent changes. Shane offered to develop these notes and come up with a first draft.