New draft charter for the RIPE DNS WG
Dear DNS WG members, the working group charter posted at http://www.ripe.net/ripe/wg/dns/ is a bit out of date and no longer really accurate: The Domain Name System working group discusses current BIND versions. It is also concerned with potential pollution of the DNS and with domain name related issues. Jim and I have discussed this and we thought the charter should be adjusted to better reflect what the WG has been dealing with during the past couple of meetings and is going to do in the near future. Together with the meeting agendas this may help (new) participants to decide whether to attend and contribute ideas and questions. So, this is our suggestion for an updated charter: The Domain Name System (DNS) working group discusses current DNS related issues in technology and operations. It supports deployment of newly developed DNS and DNS related protocol components by collecting experience and documenting current practice and recommendations. It is therefore also a feedback channel to the IETF. The WG also discusses DNS software implementations, especially security and scalability aspects as well as performance and interoperability. It does not try to ``support'' all these software products. Bugs in specific products are only discussed if they affect critical infrastructure or interoperability at a large scale (differential analysis). The DNS WG works as a contact for the Registry and Registrar community, watching DNS quality. It discusses registration policies only to the extent technical questions are concerned (e.g. pre delegation checks & quality control). Please send comments to this list. -Peter
That sounds fine, except the WG also discusses operational and procedural issues, for example how to sign zones. How about, as a replacement sentence... "The WG also discusses DNS software implementations, especially security and scalability aspects as well as performance, interoperability, and operational procedures needed by newly developed and deployed DNS features." That covers new things for DNSSEC whilst being general. At 05:14 PM 7/10/02 +0200, Peter Koch wrote:
Dear DNS WG members,
the working group charter posted at http://www.ripe.net/ripe/wg/dns/ is a bit out of date and no longer really accurate:
The Domain Name System working group discusses current BIND versions. It is also concerned with potential pollution of the DNS and with domain name related issues.
Jim and I have discussed this and we thought the charter should be adjusted to better reflect what the WG has been dealing with during the past couple of meetings and is going to do in the near future. Together with the meeting agendas this may help (new) participants to decide whether to attend and contribute ideas and questions. So, this is our suggestion for an updated charter:
The Domain Name System (DNS) working group discusses current DNS related issues in technology and operations. It supports deployment of newly developed DNS and DNS related protocol components by collecting experience and documenting current practice and recommendations. It is therefore also a feedback channel to the IETF. The WG also discusses DNS software implementations, especially security and scalability aspects as well as performance and interoperability. It does not try to ``support'' all these software products. Bugs in specific products are only discussed if they affect critical infrastructure or interoperability at a large scale (differential analysis). The DNS WG works as a contact for the Registry and Registrar community, watching DNS quality. It discusses registration policies only to the extent technical questions are concerned (e.g. pre delegation checks & quality control).
Please send comments to this list.
-Peter
I would just like to remind all that the more RIPE/NCC get diversified in their focus, the less gets done in the areas that realy matter to us. I am not disagreeing with the outline i just feel we need to evaluate how much of what is discussed at the meetings is IP relavent. We can not complain at the NCC about high wait times on requests if we the community are distracting the NCC with none core function projects and fact finding. Regards, Stephen Burley WorldCom EMEA Hostmaster SB855-RIPE ----- Original Message ----- From: "Rodney Thayer" <rodney@declarator.net> To: <dns-wg@ripe.net> Sent: Wednesday, July 10, 2002 4:23 PM Subject: Re: New draft charter for the RIPE DNS WG
That sounds fine, except the WG also discusses operational and procedural issues, for example how to sign zones.
How about, as a replacement sentence...
"The WG also discusses DNS software implementations, especially security and scalability aspects as well as performance, interoperability, and operational procedures needed by newly developed and deployed DNS features."
That covers new things for DNSSEC whilst being general.
At 05:14 PM 7/10/02 +0200, Peter Koch wrote:
Dear DNS WG members,
the working group charter posted at http://www.ripe.net/ripe/wg/dns/ is a bit out of date and no longer really accurate:
The Domain Name System working group discusses current BIND versions. It is also concerned with potential pollution of the DNS and with domain name related issues.
Jim and I have discussed this and we thought the charter should be adjusted to better reflect what the WG has been dealing with during the past couple of meetings and is going to do in the near future. Together with the meeting agendas this may help (new) participants to decide whether to attend and contribute ideas and questions. So, this is our suggestion for an updated charter:
The Domain Name System (DNS) working group discusses current DNS related issues in technology and operations. It supports deployment of newly developed DNS and DNS related protocol components by collecting experience and documenting current practice and recommendations. It is therefore also a feedback channel to the IETF. The WG also discusses DNS software implementations, especially security and scalability aspects as well as performance and interoperability. It does not try to ``support'' all these software products. Bugs in specific products are only discussed if they affect critical infrastructure or interoperability at a large scale (differential analysis). The DNS WG works as a contact for the Registry and Registrar community, watching DNS quality. It discusses registration policies only to the extent technical questions are concerned (e.g. pre delegation checks & quality control).
Please send comments to this list.
-Peter
Stephen, Can you be a bit more specific and tell us what parts of the proposed charter cover non-core items, please? Or is it the entire DNS WG?... ;-) Thanks in advance. Pierre. On Thu, 11 Jul 2002, Stephen Burley wrote:
I would just like to remind all that the more RIPE/NCC get diversified in their focus, the less gets done in the areas that realy matter to us. I am not disagreeing with the outline i just feel we need to evaluate how much of what is discussed at the meetings is IP relavent. We can not complain at the NCC about high wait times on requests if we the community are distracting the NCC with none core function projects and fact finding.
Regards,
Stephen Burley WorldCom EMEA Hostmaster SB855-RIPE
[snip]
On Thu, Jul 11, 2002 at 10:32:55AM +0100, Stephen Burley wrote: Stephen, I'm not sure to what extent the hostmaster function of the NCC provides the cycles to make the WG go. My impression is that the majority of the work comes from the members, the chairs, and non-directly-registration-related NCC staff. Hence my contention would be that an expanded charter will not change the wait-queue time. Niall
I would just like to remind all that the more RIPE/NCC get diversified in their focus, the less gets done in the areas that realy matter to us. I am not disagreeing with the outline i just feel we need to evaluate how much of what is discussed at the meetings is IP relavent. We can not complain at the NCC about high wait times on requests if we the community are distracting the NCC with none core function projects and fact finding.
-- Enigma Consulting Limited: Security, UNIX and telecommunications consultants. Address: Floor 2, 45 Dawson Street, Dublin 2, Ireland. http://www.enigma.ie/
On Thu, Jul 11, 2002 at 10:32:55AM +0100, Stephen Burley wrote:
Stephen,
I'm not sure to what extent the hostmaster function of the NCC provides the cycles to make the WG go.
My impression is that the majority of the work comes from the members, the chairs, and non-directly-registration-related NCC staff. Hence my contention would be that an expanded charter will not change the wait-queue time.
Niall
I would just like to remind all that the more RIPE/NCC get diversified in their focus, the less gets done in the areas that realy matter to us. I am not disagreeing with the outline i just feel we need to evaluate how much of what is discussed at the meetings is IP relavent. We can not complain at
As i said in the email i am not against the charter i just wanted to clarify that we will not take resources from the NCC like the Test Traffic white elephant did (though i am sure Daniel would disagree ;). Stephen Burley WorldCom EMEA Hostmaster SB855-RIPE ----- Original Message ----- From: "Niall Richard Murphy" <niallm-ripe@enigma.ie> To: "Stephen Burley" <stephenb@uk.uu.net> Cc: <dns-wg@ripe.net> Sent: Thursday, July 11, 2002 1:11 PM Subject: Re: New draft charter for the RIPE DNS WG the
NCC about high wait times on requests if we the community are distracting the NCC with none core function projects and fact finding.
-- Enigma Consulting Limited: Security, UNIX and telecommunications consultants. Address: Floor 2, 45 Dawson Street, Dublin 2, Ireland. http://www.enigma.ie/
At 5:14 PM +0200 2002/07/10, Peter Koch wrote:
Jim and I have discussed this and we thought the charter should be adjusted to better reflect what the WG has been dealing with during the past couple of meetings and is going to do in the near future.
I think that you've come up with a much better charter for this group. Out of curiosity, do you think that the group should also help sponsor the development of open source tools to help monitor DNS-related issues, or evaluate DNS-related tools (either open source or commercial)? I ask because I am the current maintainer for "doc" (a DNS debugging tool) and I am (theoretically) also a co-maintainer for dnswalk (another DNS debugging tool). I say theoretically because I have not yet started to actively work with the dnswalk code, and I don't think that Dave Barr has done anything with it since moving the project to SourceForge. If I could get some sponsorship for some work like this, that would help me justify to my employer my work in this field, and would help me deliver improved tools to the community. In addition, I am aware of some upcoming commercial tools that I think that at least some DNS WG members might be interested in. What about inviting spokespeople from the respective companies to attend future meetings, and perhaps get involved with the DNS WG (if they are not already)? -- Brad Knowles, <brad.knowles@skynet.be> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania.
On Wed, Jul 10, 2002 at 05:14:29PM +0200, Peter Koch wrote: Folks,
The Domain Name System (DNS) working group discusses current DNS related issues in technology and operations. It supports deployment of newly developed DNS and DNS related protocol components by collecting experience and documenting current practice and recommendations.
All good. Perhaps some people would complain that "best" should be prefixed to "current practice", but I'm not one of those people :-)
The DNS WG works as a contact for the Registry and Registrar community, watching DNS quality.
What is the overlap between this and the technical function of CENTR, for example?
Please send comments to this list.
Looks good Peter. Niall -- Enigma Consulting Limited: Security, UNIX and telecommunications consultants. Address: Floor 2, 45 Dawson Street, Dublin 2, Ireland. http://www.enigma.ie/
Hi, Niall: > The DNS WG works as a contact for the Registry and Registrar community, > watching DNS quality. What is the overlap between this and the technical function of CENTR, for example? I was also wondering about this a bit. There is the ENTR technical workgroup and he DNR forum. The first group is not an RIPE thingy at all. They happen to meet often at RIPE meetings, because it is convenient. The intention, as far as can judge, is to bring registry techies together to discuss, exchange information for problems at registrie. And since the core business of a registry (at least, that is my personal opinion) is the maintenance of the zonefile, there is overlap with the dns-wg. But this group does more, registry systems etc. And for the dns part, they are more on the operating end of the spectrum. The DNR-Forum is a Centr/Ripe thingy, but, as Rob always says, Ripe is only just accomodating the meeting (see also the charter, http://www.ripe.net/ripe/wg/dnr/index.html). Again there is an overlap with the dns-wg but the focus of his is more towards registrar/registry interaction (nice way of saying politics). So, one way to answer your question would be to say that DNS-wg is more concerned with the dns protocol sec then with other things surrounding it. jaap
Hello Jaap,
the core business of a registry (at least, that is my personal opinion) is the maintenance of the zonefile, there is overlap with
well, the registries do a lot of database, whois, "IP", lawyers and politics work and one side effect is they produce a zone file.
So, one way to answer your question would be to say that DNS-wg is more concerned with the dns protocol sec then with other things surrounding it.
That's it. The emphasis on "quality" really meant DNS technical and operational quality, like lame delegations, server redundancy, TTL values, future KEY issues and so on. It's not about the accuracy of the whois data or the quality of the registration policy documents. These nevertheless important topics are covered e.g. in the DNR forum. So, do you think that particular sentence needs rewording? -Peter
Hi Peter, > the core business of a registry (at least, that is my personal > opinion) is the maintenance of the zonefile, there is overlap with well, the registries do a lot of database, whois, "IP", lawyers and politics work and one side effect is they produce a zone file. My point is that all if all the database lawyers work etc. is senseless if the net result doesn't end up in a zonefile. Why register something if it isn't used? But that is a nice subject for a bar-bof. > So, one way to answer your question would be to say that DNS-wg is > more concerned with the dns protocol sec then with other things > surrounding it. That's it. The emphasis on "quality" really meant DNS technical and operational quality, like lame delegations, server redundancy, TTL values, future KEY issues and so on. It's not about the accuracy of the whois data or the quality of the registration policy documents. These nevertheless important topics are covered e.g. in the DNR forum. So, do you think that particular sentence needs rewording? If somebody can come up with a better wording, yes. I came up with: The DNS WG pomotes the quality of the DNS for the Internet community. but I think that some better wordings can be found. jaap
At 01:07 PM 7/11/02 +0100, Niall Richard Murphy wrote:
On Wed, Jul 10, 2002 at 05:14:29PM +0200, Peter Koch wrote:
Folks,
The Domain Name System (DNS) working group discusses current DNS
related
issues in technology and operations. It supports deployment of newly developed DNS and DNS related protocol components by collecting experience and documenting current practice and recommendations.
All good. Perhaps some people would complain that "best" should be prefixed to "current practice", but I'm not one of those people :-)
Not to borrow too much from RIPE's (dis)functional distant cousin, IETF, but it would generally make sense to have a WG enumerate, through consensus, what the relevant "current practice" is before declaring, as a WG, what the "best current practice" is. If of course that's something the WG wishes to address. DNS timeouts might be the wrong topic. How within the RIPE community you address the issue of TLD's dropping off the internet transiently, from odd-numbered counties within the UK, like .to did last night, might be relevant.
At 7:24 AM -0700 2002/07/11, Rodney Thayer wrote:
DNS timeouts might be the wrong topic. How within the RIPE community you address the issue of TLD's dropping off the internet transiently, from odd-numbered counties within the UK, like .to did last night, might be relevant.
Distribution of RIPE-area TLDs across a robust set of servers that are geographically diverse, and making this a "Best Current Practice" advocated by the WG, and then taking the next step and making this an actual RIPE requirement (and something that RIPE NCC could help make happen), is something that I think would be *VERY* good. I think the benefit to the Internet community as a whole could be almost unbelievable. -- Brad Knowles, <brad.knowles@skynet.be> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania.
Brad Knowles wrote:
Distribution of RIPE-area TLDs across a robust set of servers that are geographically diverse, and making this a "Best Current Practice" advocated by the WG, and then taking the next step and making this an actual RIPE requirement (and something that RIPE NCC
what do you mean by "RIPE requirement" in this context? I do not see any means by which the NCC, the WG or RIPE could or should try to "enforce" anything in that field. Anyway, the NCC already contributes to this BCP by providing DNS secondary service for TLDs (even more recently). The aspect of topological diversity is approached by the ``shared secondary servers(?)'' project, which I think is led by DE-NIC under the umbrella of CENTR. So, should we try to learn more about these efforts? -Peter
At 9:45 AM +0200 2002/07/12, Peter Koch wrote:
what do you mean by "RIPE requirement" in this context? I do not see any means by which the NCC, the WG or RIPE could or should try to "enforce" anything in that field.
Well, at least for those zones that are delegated from the RIPE NCC, warnings could be sent to the delegees, and if those warnings are not acted on and the problem solved (within a specified period of time), then the delegation could be removed -- no information is better than bad information.
Anyway, the NCC already contributes to this BCP by providing DNS secondary service for TLDs (even more recently).
For the TLDs, notices could be sent to the owners of the zone, as well as the owners of the problem servers, and requests could be made to the root server operators to de-list the problematical servers, or to otherwise request that they enforce the policies. If there aren't any complaint procedures to request this kind of action, and/or policies that the TLD zone administrators and TLD server operators are required to follow, then I would suggest that we could help create them and then work to get them implemented.
The aspect of topological diversity is approached by the ``shared secondary servers(?)'' project, which I think is led by DE-NIC under the umbrella of CENTR. So, should we try to learn more about these efforts?
That would be something we should learn more about, and perhaps provide any additional support or assistance that we can. -- Brad Knowles, <brad.knowles@skynet.be> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania.
Brad Knowles wrote:
Well, at least for those zones that are delegated from the RIPE NCC, warnings could be sent to the delegees, and if those warnings are not acted on and the problem solved (within a specified period of time), then the delegation could be removed -- no information is better than bad information.
the zones delegated by the RIPE NCC almost all are zones within the IN-ADDR.ARPA tree. My personal opinion is that there's not much educational gain by revoking such delegations. Let's take this as a suggestion that the WG could discuss operational standards for this kind of zones and encourage monitoring (and notifying).
well as the owners of the problem servers, and requests could be made to the root server operators to de-list the problematical servers, or to otherwise request that they enforce the policies.
Brad, please. The root server operators currently are not in charge of ``delisting the problematical servers''. It's even hard enough to have a TLD delegation changed if you are the officially registered TLD contact (which is, of course, not a fault of the root NS operators).
If there aren't any complaint procedures to request this kind of action, and/or policies that the TLD zone administrators and TLD server operators are required to follow, then I would suggest that we could help create them and then work to get them implemented.
-Peter
At 09:45 AM 7/12/02 +0200, pk@TechFak.Uni-Bielefeld.DE wrote:
Brad Knowles wrote:
Distribution of RIPE-area TLDs across a robust set of servers that are geographically diverse, and making this a "Best Current Practice" advocated by the WG, and then taking the next step and making this an actual RIPE requirement (and something that RIPE NCC
what do you mean by "RIPE requirement" in this context?
There are technical details about operating the infrastructure that might merit further codification. For example, who do you contact if a tld "disappears"? what ripe object do you look up? my point is, perhaps the technical part of this (e.g. making sure there is a ripe object, and a spec on how to use them) is a proper WG topic.
participants (7)
-
Brad Knowles -
Jaap Akkerhuis -
Niall Richard Murphy -
Peter Koch -
Pierre Baume -
Rodney Thayer -
Stephen Burley