Dear all, please find below the draft minutes for our RIPE 48 sessions. Thanks to Timur Bakeyev and Alessandro Bassi from the RIPE NCC for being the scribes. Please read these minutes and send in any necessary corrections either to the list or, if minor, to the chairs at dns-wg-chair@ripe.net. We plan to have the minutes taken to the wg's files by July, 25th. There's also an action items list at http://www.ripe.net/ripe/wg/dns/action-list.html -Peter ======================================================== RIPE Meeting: 48 Working Group: DNS Working Group Status: 2nd Draft Revision Number: 3 * content to the Chair of the working group. * format to webmaster@ripe.net. ======================================================== DNS Working Group, Session 1 (DRAFT) RIPE 48 Amsterdam Date: Tuesday, 4 May 2004 Time: 16:00 - 17:30 Location: Grand Ballroom Chair: Jim Reid Scribe: Timur Bakeyev, RIPE NCC - Administrivia. Introduction Session is going to be Web casted as well as reflected in Jabber. Request to participants to hold their question till the end of presentation. Thanks to Nominet, who sponsored the chair of this group. Swap of the presentations: Instead of "DNSSEC forum" by Suzanne Woolf -> "DNS an MCI, another type of large DNS server" by Andre Koopal. - "Proposed new charter", Peter Koch http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-charter.p... The DNS Working Group discusses current DNS related issues in technology and operations. The WG encourages deployment of DNS and DNS-related protocol components by collecting experience and documenting current practice and recommendations. It therefore provides a mechanism for exchanging practical and operational experience with organizations like CENTR and the IETF. The WG discusses DNS software implementations, especially security and scalability aspects as well as performance and interoperability considerations. DNS quality and other factors that may affect the stability of the DNS system are also discussed by the WG. The DNS WG provides a forum for the Registry and Registrar community. It discusses the technical and operational issues arising from registration policies with a specific focus on the deployment of new and emerging features. Charter was approved by the meeting. - "CENTR news", Kim Davies; CENTR http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-centr.pdf - "Implementation of the BACK ORDER service", Andrzej Bartosiewicz; NASK http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-backorder... This will be launched on 1st June, 2004. System of options - similar to stock exchange options. - "EPP implementation", Patrycja Wegrzynowicz; NASK http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-backorder... XML based Extensive Provision Protocol Q: Can you explain the slide: Registrar buys option for the Registrant. What are the terms used? A: Registrar is the agent of Registrant. Q: (Jim) What is the reaction of the customers on the new schema and how Registrars like it? A: As for Registrants, they hardly even notice the change. It's more attractive to the Registrars. They are quite happy :) - "Deploying IDNs in the .no domain", Jarle Greipsland; NorID. http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-idns-no.p... Q: (Jaap) What do you exactly register in your forms - UNICODE, Punycode or just US encoding? A: When register you have to fill out both in the forms. On update you can supply any of them. Q: And what is your Whois server accepts? A: It is either US-ASCII, ISO-Latin1 or UTF8. Q: And the input for the request? A: US-ASCII or Latin1 by default, but you can supply switch to use UTF8. Q: (Carsten) Speaking about legal terms - what is registration contract about? Is it about IDN in UTF8 or in Punycode? A: Both versions are on contract. Q: So, the contract actually is about bundle of two names? A: Yes, both names are defined there(Get two for the price of one:) - "IDN deployment in Germany", Marcos Sanz; DENIC http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-idn-de.pd... Q: (Peter) That binary queries, you talked about - did you take a look onto second level labels or all the labels? A: All the labels(of course in .de) Q: And for those queries your DNS server received - did you try to cross check whether that binary, UTF, Latin1 names, what ever you found there - were that names actually registered within .de? A: I didn't do it systematically, but yes, most of them there registered? Q: Question remains, what names where queried before they have chance to be registered? A: Random words, general terms... In the last week we saw, that people mostly tried to reach that MAY exist on their opinion. - ".info support for German script", Desiree Miloshevic; Afilias http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-idn-launc... Q: There have been reports, that there is a project to make IDN available without software upgrade? A: That was misinterpretation of our announces in the press. C: (Jaap) Charset names, used for IDNs should be standardized, possibly through the IANA or other Internet official bodies... - "DNS at MCI", Andre Koopal; MCI http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-mci.pdf Q: (Peter) You are acting as a secondary for customers. What happens when primary(at your customer) disappears? That should lead to the lame delegations and query storms... A: We do remove them from the configs after certain amount of time. No special actions are taken against query storms, though. C: (Jaap) You've said, that you don't use Bind 9 for NL TLD, because it's too picky about the standards. But that's the goal - to enforce standards for those lame delegations! Q: (Olaf) Are you sure that Bind 9 doesn't accept '/' in the domain names? A: Not really, maybe some other quite popular symbol, but the problem exists.. Q: (Jim) Are you making efforts to move to Bind 9? A: Not right now, at least. C: (Peter) there is clearly problem with disappearing customers for DNS integrity. Registrars refuse to remove them on ISPs requests. What can be done in such situation? What is the common practice? Would it be OK to make it an action point for WG? R: (Jim) That's a good idea! Peter, you've just volunteered to bring in to the DNS WG :) [ACTION 48.1] on Peter Koch: Collect experience with lameness problems, initiate BCP style document and wishlist for support by TLD registries. ======================================================== DNS Working Group, Session 2 (DRAFT) RIPE 48 Amsterdam Date: Thursday, 6 May 2004 Time: 9:00 - 12:30, Location: St. Johns II Chair: Peter Koch (09:00 - 10:30), Jim Reid (11:00 - 12:30) Scribe: Alessandro Bassi, RIPE NCC - "IETF Reports", Sam Weiler; TIS Labs http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-ietf.pdf Last IETF was held in Seoul, apparently was quite "boring". Next meeting in August, in San Diego. DNS discovery for IPv6: a summary comparing the alternatives must be done before august, otherwise the item will be removed. DNSOP: business as usual, several drafts in progress, several ones stopped or in stand by. DNSEXT: 9 open drafts DNSSEC: No recent problems. It has to be noted that there are no major protocol issues in the last year DNSEXT: most milestones are advanced to draft standards. There is an RFC 3597 interoprability testing coordinated by Jakob Schlyter Mailing list: https://www.rfc.se/mailman/listinfo/interop3597 or interop3597-request@rfc.se - "K-Root operations update", Dave Knight; RIPE NCC http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-kroot-upd... Status: Global instances are in London and A'dam. Recently two more secondary have been installed in Frankfurt and Athens. Web site has been renewed completely, and a stats page has been added. More stats will come in the near future. The current query load is 7000 queries/second. Of these, the great majority is directed to London and Amsterdam. Future plans: - to have 4 more instances of primary servers, two in the US and two in Asia. - to deploy IPv6. Q: (Jim) Has any traffic analysis been done? Are the Greeks using the Athens server? A: Those kind of stats will be available in a couple of months. - "Reverse DNS status report", Olaf Kolkman; RIPE NCC http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-rdns-upda... New reverse DNS, for more fine-grain control, multiple interfaces, and simplification of policies. Today, because of the current policies, there might be inconsistencies and confusion. Policies will change drastically. Status: the cleanup (prerequisite) was made the first week of April. April 26, the new interface and new policy were put live. Marvin will die the 1st of July. the DNSSEC implementation has been deferred. In the new policy, there is no need for assignment (as before), and anybody authorized can do the Rev DNS. Another change is mnt-by, which becomes mandatory. When submitting the request, points will be added for warnings and errors; over a certain limit, the request will be rejected. Q: (Jim) Any plans to introduce TSIG ... A: No plans Q: Do people care about it? Why not? A: (Peter): Zone transfer restrictions are useless anyway for most zones. Restrictions can be IP based. [ACTION 48.2] An action item was created on Mans Nilsson to write up a proposal for the use of TSIG for zone transfers, when ns.ripe.net acts as a secondary. [ACTION 48.3] Olaf Kolkman was kindly asked to send to the list a pointer to the predelegation checks currently applied and to initiate review of those checks and, if necessary, propose changes. - "DNS-MODA", Jim Reid http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-moda.pdf There is a growing frustration with the IETF process, something different is needed. Something similar to what W3C is, so a W3C for DNS, no profit, impartial. MODA will not be a standards-making body, or introduce proprietary solutions, but will work with IETF to improve the current procedures. Q: (Geoff Huston) This is alien to what IETF does. IETF also hates Intellectual Rights problems, and being considered like a rubber stamp to somebody else's solution, especially if it's half-baked ideas. IETF must discuss things. A: The idea is to speed things up, not to have IETF as rubber stamp body. The work that comes out of MODA will be well-thought out and shouldn't be half-baked. Q: (Geoff Huston) IETF has a bad record in working with industry. IETF task is to work on new things; the risk is exacerbating problems and making alliances outside. Q: (Patrik) W3C is not a good example. For instance, let's take HTTP (IETF) and XML (W3C), there were lots of problems not to make the same thing twice and work on the same issues. Also, what is the decision making process of MODA? It is not clear at the moment. A: True enough: those processes will be determined by the membership. Q: (Rob Blokzijl) I agree in what Patrick just said, In IETF there's an open, unconditional participation. MODA is more like a closed Club. MODA is needed, but it's a bad idea to throw out the free participation. some re-thinking is needed. Q: (Patrik Faltstrom) If there is a need for MODA, then IETF does not work. You have to say it clearly. A: we are trying to to be collaborative and cooperative, not seeking confrontation. . Q: (Rob Blokzijl) There is no logo yet? And, what is the IETF reaction to this idea? A: The important thing was to announce MODA at this meeting and so start the efforts to recruit members. The web site and logo will come later. Discussions have been held with the IETF about MODA for some time. While there's been no formal response yet, the signs are good. Though both parties will need to see how things work out in practice. - "DNS AAAA measurements: How many sites have problems with IPv6",David Malone; CNRI http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-malone.pd... Q: (Jim) Delegation -> capture the info and document it. Write a document about how to avoid config problems. [ACTION 48.4]: David agreed to write a document about this for the WG to consider. - "6over4 reverse Delegation",Geoff Huston; ICANN http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-sixxto4.p... Individual draft submitted. Keith Moore submitted also some work in the past, with ideas ranging from reasonable to bizarre. Q: (Bernard Tuy) which kind of draft did you submit? A: Individual submission. Not against all the work that has already been done, but there has been a request to the reverse delegation community to do some more work on it. - "Reverse delegation in ip6.int", Andrei Robachevsky; RIPE NCCC http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-reverse-i... Q: (Peter) You suggested to remove ip6.int delegation. What is the current load? A: around 3 queries per minute. == BREAK == - "ISC News", Joao Damas; ISC http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-isc.pdf Advancement on Bind 9.3 Q: (Bernard Tuy) What does OARC mean? A: Operation Analysis Research Centre. Q: (Jim) What is the timescale for the release of 9.3? Does it depend on IETF work on DNSSEC? A: No, it does not. It will probably be next week. NLNet update - "DNSSEC forum",Suzanne Woolf; ISC http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-dnssec-ro... DNSSEC specs are done, but deployment is less formal and less well documented. There are problems in deployment. Privacy issues also still have to be tackled. Q: (Peter Koch) You mentioned a discussion of zone walking, which may be considered a deployment obstacle. Any solutions? A: Not yet. We are identifying issues but we don't know how serious they are and what needs to be done. A: (Olaf Kolkman) A protocol change at this point would mean that we'll be back to the drawing board. Changing the protocol would mean a delay of one year. There is no obvious solution in sight. - "Query load variation on ccTLD servers during delegation phases", Mans Nilsson; KTH http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-f2f.pdf Problems, delay introduced because of IANA. Q: (Doug Barton) First, some good news, we are working on v6; the board meeting in May will discuss it. About the delay, when was the request submitted? A: Well, not yet submitted Q: Then I accept your apologies for not blaming IANA to be late when no request have been submitted. Normally it takes 2 days. - "DNS Survey",Peter Koch; Universitaet Bielefeld http://www.ripe.net/ripe/meetings/ripe-48/presentations/ripe48-dns-survey.pd... Looking into the .de; Bind 8 by number has only 30%, but 60% by delegation, and 72% by weighted delegation. Q: (Jim) Why lots of people are still running Bind 8? A: Not really lots. Some of them are very large providers. There is a concern about load. Also, Bind until version 9.2 has a protocol problem, fixed with 9.3; so maybe, in the near future figures will change. - AOB Patrik Faltstrom is standing down as DNS WG co-chair. He will probably have some role in the ENUM WG that is expected to be formed. Jim thanked Patrik for his efforts in the DNS WG. He said that since this created a vacancy for a co-chair, he invited anyone who was interested in becoming a co-chair to get in touch. ========================================================