This is a synopsis of an announcement which might be interesting
for those people planning to come to the Ripe meeting. The full
invitation will be published the web site:
http://www.sdl.sri.com/other/dnssec/ where some more info is
available. If you want to come, please register via this site (and
ignore the deadline).
jaap
-------
An Invitation: Building a Road Map for DNSSEC Deployment
Steve Crocker (steve(a)shinkuro.com)
Russ Mundy (russ(a)tislabs.com)
April 2004
Synopsis
What has to be done to move DNSSEC from the specification to
deployment? It's time to build a road map and identify any difficulties
that have to be overcome. The next step is for prospective vendors,
network operators and large users to get involved.
We are holding a pair of one day meetings, Monday, May 3 in Amsterdam
in conjunction with the RIPE meeting, and Sunday, May 23 in San
Francisco in conjunction with the NANOG meeting. These meetings
will be small, interactive workshops to extend the DNSSEC community
and identify the hurdles.
We invite interested parties to come to one or both meetings. These
meetings have put together on short notice and we recognize that
not everyone who is interested will be able to come. These meetings
are just a first step. Notes from the meeting will be posted and
other meetings will take place over the next several months.
This is a community based, international effort. These meetings are
being organized with the support of the U.S. Department of Homeland
Security, the U.S. National Institutes of Standards and ICANN.
Sponsorship will expand over the next several months. This work is
open and will be reported on the net at
http://www.sdl.sri.com/other/dnssec/
Dear Colleagues,
The RIPE NCC is pleased to announce the deployment of a new mirror
instance of the K-root Internet root name server in Athens, Greece
on April 26 2004. This node has been sponsored by the Greek Research
and Technology Network (GRNET) and is located at the Athens Internet
Exchange.
The announcement can be found at:
http://www.ripe.net/ripencc/kroot-athens-20040427.html
Kind regards,
Dave Knight
RIPE NCC
Dear Colleagues,
(Apologies for duplicate messages)
The RIPE NCC has implemented a number of changes in the policy and
procedures for requesting reverse delegation. This follows the effort
to streamline reverse DNS operations [1] and make it easier for
network administrators to manipulate related DOMAIN objects.
You should be aware of the following changes:
When users want to update their reverse DNS information, they send an
e-mail to <auto-dbm(a)ripe.net> (formerly this mail was sent to
<auto-inaddr(a)ripe.net>). The database update program will verify the
DNS information and update the RIPE Database. The information will
appear in the DNS after a short delay.
The policy constraints have been reduced. Previously only space
assigned to End Users could be reverse delegated in DNS. This caused
administrative burden to LIRs, as every time space was assigned,
reverse DNS had to be set up for that space. Now reverse DNS can be
set up for an entire allocation.
Documentation that details the new setup and authorisation can be found at:
http://www.ripe.net/reverse/
More details on these developments is provided below.
* The reverse DNS policy as proposed in [3] is published as ripe-xxx.
The main change to the policy is the removal of the requirement for
valid assignments.
Reverse delegations can also be requested by non LIRs if an
appropriate "mnt-domains:" attribute is in place in the corresponding
INETNUM/INET6NUM object, when submitting requests to
<auto-dbm(a)ripe.net>.
* The <auto-inaddr(a)ripe.net> interface will be deprecated as of 1 July 2004.
To allow for a graceful transition, the "mnt-domains:" based
authorisation mechanism has not been implemented for the
<auto-inaddr(a)ripe.net> interface. This will continue to use reg ID
based authorisation.
The "mnt-by:" attribute will become mandatory. However, the existence
of the "mnt-by:" attribute in DOMAIN objects is not enforced when the
object is submitted through the <auto-inaddr(a)ripe.net> interface.
Please contact <inaddr(a)ripe.net> if you have further questions.
Olaf Kolkman
New Projects, RIPE NCC
Can Bican
Software Engineering Dept., RIPE NCC
----------------------------------------------------------------------
References:
[1] Original RDNS Project Proposal
http://www.ripe.net/reverse/proposal.html
[2] "mnt-domains:" Attribute Proposal
http://www.ripe.net/ripe/mail-archives/dns-wg/2004/msg00007.html
[3] Policy for Reverse Address Delegation of IPv4 and IPv6 Address
Space in the RIPE NCC Service Region
http://www.ripe.net/ripe/docs/rev-del.html
[4] Webupdates
http://www.ripe.net/perl/webupdates.pl
[5] http://www.ripe.net/ripe/mail-archives/dns-wg/2004/msg00008.html
-----BEGIN PGP SIGNED MESSAGE-----
Dear DNS wg members,
during the last couple of meetings we have exercised the merger of the former
DNR Forum and the DNS working group. It seemed that both audiences had
significant overlap and obviously have been interested in each other's
work and topics. So, at the end of the last meeting slot at RIPE 47 the
people in the room were in favour of combining the efforts into a single
working group covering all issues around the DNS and domain names.
The dns wg's charter as it currently is documented on the wg's homepage
http://www.ripe.net/ripe/wg/dns/
is too narrowly focused anyway, so the chairs would like to suggest the
following text as a basis for discussion for our new working group charter:
The DNS Working Group discusses current DNS related issues in
technology and operations. The WG supports deployment of
DNS and DNS-related protocol components by collecting
experience and documenting current practice and recommendations.
It therefore provides a mechanism for exchanging practical and
operational experience with organisations like CENTR and the IETF.
The WG discusses DNS software implementations, especially security
and scalability aspects as well as performance and interoperability
considerations. DNS quality and other factors that may affect the
stability of the DNS system are also discussed by the WG.
The DNS WG provides a forum for the Registry and Registrar community.
It discusses the technical and operational issues arising from
registration policies with a specific focus on the deployment of
new and emerging features.
The charter is intended to reflect what the WG has been doing during the
last couple of RIPE meetings.
Please send in feedback! You are invited to comment and/or suggest changes
and if you're just happy with it - please say so, too.
Given that a holiday season is approaching for many of us, the comment period
will *end* at 2004-04-19.
- -Peter
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: ascii
iQCVAgUBQGxfABePjvYGi6TZAQG8pwQAlD+Q7rAxgPzmRAcQZg38RsGHB7dZxcm4
khPrBFWgI7zsqwreCJSjBYnAXANBio4j63YjdGad8ZmopT0MtC94FY1mrx47Yqs2
dn7L58/uFFiYufEQJ8c62bIViltOMKvxsqOngWOYbCyr0Dmaqs3f5ccY4lcAMRap
bduAwQID4uw=
=MART
-----END PGP SIGNATURE-----
Dear Colleagues,
Apologies for any duplicate messages.
This message about our zone file generation process is for your
information, there is no action required on your part.
We have completed the cleanup of a number of DOMAIN objects in the
Whois Database and NS Resource Records in the DNS files [1, 2 and
3]. We have verified that data within zone files generated from the
Whois Database matches the data currently in our zone files. We will
start generating our zone files from the Whois Database on Tuesday 13
April 2004.
>From a DNS point of view this change will be transparent. DNS
delegations will not change and there will be no interruptions in DNS
service.
The change in the method of zone generation allows us to migrate to a
new interface for submission of reverse delegation requests. We plan
to have the new interface available by the end of April, an
announcement to the <dns-wg(a)ripe.net> and <ncc-services-wg(a)ripe.net>
mailing lists will be sent.
We hope we have informed you sufficiently, do not hesitate to contact
us if you have further questions.
--Olaf Kolkman
New Projects, RIPE NCC
References:
[1] Original RDNS Project Proposal http://www.ripe.net/reverse/proposal.html
[2] Cleanup Proposal
http://www.ripe.net/ripe/mail-archives/db-wg/2003/msg00738.html
[3] RDNS Project Page: http://www.ripe.net/reverse/rdns-project/
