Better late than never... Here are the drafts minutes scribed by Benoit Grange and edited by me. Please send corrections/additions to the list before 951110. ---------- ---------- Antonio_Blasco Bonito E-Mail: bonito@nis.garr.it GARR - Network Information Service c=it;a=garr;p=garr;o=nis;s=bonito c/o CNUCE - Istituto del CNR Tel: +39 50 593246 Via S. Maria, 36 Fax: +39 50 904052 I-56126 PISA Telex: 500371 CNUCE I Italy Url: http://www.nis.garr.it/nis/staff/bonito.html ---------- ---------- --------------------cut here------------ DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT RIPE 22 DNS Working Group minutes Amsterdam 12 October 1995 Chairman: Antonio Blasco Bonito (ABB) Scribe: Benoit Grange (BG) Preliminaries ------------- Rob Blokzijl presented the apologies from the working group chairman, Leonid Yegoshin (LY), who had a visa problem and asked ABB to chair the group. The agenda was reorganized and agreed. 1) Reports about DNS Failures -------------------------- [This item should have been covered by LY, but because he was not there some of us reported current problems] BG talked about the known problem with uncesessary glues that appear in zone transfers. This happens on most old implementations (BIND prior to 4.9) as shipped my most of the vendors. DNS Operation suffer from old implementation that have known bugs and proble ms. The usual suggestion is to install a recent version of BIND, which happens to be a beta version. It was noted that, altough that effectively eliminates the problem, many DNS administrators are not willing to use a beta version. The working group agreed on sending a letter to the ISC to ask to put BIND 4.9.3 in final so that doubts about it are solved. [ACTION on ABB] Many expressed concern about how delegation changes are done at the Internic. Today Internic accepts any change to current delegation (normal and reverse) and also to glue records. This leads to situation where some bad data is introduced, either as an error, or as some malicious action. Eg: 'ns.ripe.net' (193.0.0.193) is primary for 'ripe.net' and a lot of important zones. John Doe wants to create a 'johndoe.com' zone and submits a request to Internic mentionning both 'banana.johndoe.com' (198.1.2.3) as primary and 'ns.ripe.net' with a WRONG address 193.0.0.93 because of a typo. Internic creates the 'johndoe.com' zone and CHANGES the glue record for 'ns.ripe.net'. All delegations to 'ns.ripe.net' are affected because Internic accepted unnecessary glue record from John Doe and blindly accepted to change an existing name server IP address. The working group recommends that Internic does not accept unneccessary glue records and double checks any change to existing glue records. [ACTION on Geert Jan de Groot] Some people do not watch their name servers: it happens that some name servers are left unattended and fail without anyone noticing. This has an impact on the performance and reliability of the overall name service. People should watch their name servers and their zones on their primary and secondaries. At least the 'host' command can be used with the '-C' option to do this at regular intervals. During the plenary session someone remembered the existance of RFC1713 A. Romao, "Tools for DNS debugging", which is usually referred to as the guide for DNS administrators and suggested to ask the author to include such recommendation. [ACTION on ABB] 2) 'in-addr.arpa' automatic checking and delegation (D. Kessens) ------------------------------------------------------------- David briefly talked about the tool he wrote which is being used at RIPE- NCC. This tools checks if the reverse zone is correctly configured as per RIPE requirements. Usage: Send an e-mail message to 'auto-inaddr@ripe.net' containing the 'inet-num' object with 'rev-svr:' attributes listing the desired name servers (1 name server per line). Send an empty message to get help. The final editing of the zone file is still done manually and the operators also checks the author of the update. After a short discussion the group agreed that some authentication mechanism be added in order to avoid malicious changes to current delegation, specially when the reverse delegation process will be completly automated. [ACTION on RIPE-NCC] This tool could also be used to check for normal delegations, but only after some rewriting because some of the checks are specific to reverse delegation or RIPE requirements. Sources are on ftp://ftp.ripe.net/tools/inaddrtool-VERSION Another tool to check delegation exist under http://www.nic.fr/ZoneCheck Sources of this tool will be freely available by the end of the year. [ACTION on BG] 3) Future developments of the name servers --------------------------------------- It was reported that: Paul Vixie got RU-BIND and will somehow merge the two programs. IBM has donated code to do dynamic updates, and an other source is available as well. 4) About the recent changes of the root name servers ------------------------------------------------- All root name servers have been renamed as '<letter>.root-servers.net'. If you want to know the "old name" of a name server, query for the TXT record associated with the name. A new primary for the root zone will be created and managed directly from IANA, and the primary for the '.com', etc. zones will remain managed by Internic. 5) Charging for domain names, etc. ------------------------------- A European 'TLD' forum might be useful, and the first move should be to collect how TLD management is done over Europe. Different countries have different policies, etc. Some multinational company which wants to create a bunch of domains in different countries needs more information on how this can be done and who should be contacted. The working group decided to set up a questionnaire and Guy Davies (GD) collected a lot of questions. He will organise the questionnaire and submit it to the list for review and later send it to the European TLD admins. [Action on GD] DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT