Dear TF members,

Here are the minutes from our seventh call.

Cheers,

Boris 

***

Tuesday, 8 August 2023 17:00 (UTC+2)

Attendees: Marteen Aertsen, Shane Kerr, Andronikos Kyriakou, Tim Wicinski

Scribe: Boris Duval 

1.  Recommended Knobs Settings 

The Task Force discussed recommendations for specific DNS settings:
https://github.com/DNS-Resolver-BCP-TF/Resolver-Recommendations/issues/10

Here’s a summary:

DNSSEC Validation:

·       Recommended enabling DNSSEC validation.

·       Negative caching (NSEC, NSEC3) reduces traffic, safeguards against random subdomain attacks (RFC 8198).

·       Root KSK update essential; RFC 5011 or resolver operator for updates via OS.

·       Valuable material in RFC9364 for DNSSEC operations.

TTL Limits (max & min):

·       Software default TTL of 1-2 days; potential reduction for cache size.

·       Lower TTL removes infrequently-used records, minimal operational impact, memory savings.

·       Some implementations allow minimum TTL, though a DNS protocol violation.

·       Software can set differing max/min TTL, impacting queries.

TTL Record Pre-fetch:

·       Certain resolvers prefetch records before cache expiration to extend TTL.

·       Feature not standardized; related proposal: https://datatracker.ietf.org/doc/html/draft-wkumari-dnsop-hammer-03

·       Recommended enabling if available. 

Cache Saving:

·       Exploring downsides; input sought from implementors, DNS OARC list.

Local Root (and maybe local TLD?):

·       Beneficial to use local root (RFC8806).

·       Not applicable to most TLDs due to frequent changes.

Shane offered to develop these notes and come up with a first draft.