Retiring ns.ripe.net
Dear colleagues, We have published a RIPE Labs article on how we believe it is now time to retire the secondary DNS service for member’s reverse DNS delegations, ns.ripe.net: https://labs.ripe.net/author/anandb/retiring-nsripenet/ We are proposing to retire the secondary DNS service by the end of 2024 and we're asking for your input and feedback on this proposal. Please share any feedback on the DNS Working Group mailing list by 16 May 2024. Once we’ve collected your feedback, we will discuss this topic in the DNS Working Group session at RIPE 88 on Wednesday, 22 May 2024. Paul de Weerd Manager Global Information Infrastructure team RIPE NCC
Paul de Weerd wrote on 02/05/2024 16:49:
We are proposing to retire the secondary DNS service by the end of 2024 and we're asking for your input and feedback on this proposal. Please share any feedback on the DNS Working Group mailing list by 16 May 2024.
definitely a good move to retire this. Could you consider having a different the end-of-service date so that it doesn't fall into industry holiday / change freeze periods? There will be a lot of change freezes in effect thoughout december and early january, and this might affect peoples' ability to fix any problems caused by the service disappearing. Nick
On 2024 May 02 (Thu) at 17:28:32 +0100 (+0100), Nick Hilliard wrote: :Paul de Weerd wrote on 02/05/2024 16:49: :> We are proposing to retire the secondary DNS service by the end of :> 2024 and we're asking for your input and feedback on this proposal. :> Please share any feedback on the DNS Working Group mailing list by 16 :> May 2024. : :definitely a good move to retire this. : Agreed. :Could you consider having a different the end-of-service date so that it :doesn't fall into industry holiday / change freeze periods? There will be a :lot of change freezes in effect thoughout december and early january, and :this might affect peoples' ability to fix any problems caused by the service :disappearing. : Doubly agreed. Semi-related, and apology for the micro-managing, do you think it would make sense to lower the TTL on those zones from 1 day to something shorter during the change? -- When all other means of communication fail, try words.
On 2 May 2024, at 20:45, Peter Hessler <phessler@theapt.org> wrote:
Semi-related, and apology for the micro-managing, do you think it would make sense to lower the TTL on those zones from 1 day to something shorter during the change?
Zones don't have TTLs; RRSets have TTLs. In the case of a secondary zone the TTLs are specified by the zone administrator (and the administrator of the zone's parent for the NS and DS RRSets above the zone cut) not the administrator of the secondary server. Unless you're in an unusual hurry there's often no benefit in lowering TTLs anywhere, anyway. Ordinarily what you try to do in these situations is keep operating the secondary zone after the relevant NS RRSets have been changed until there's no remaining traffic, since there is variation in how published TTLs are implemented in downstream dependent systems and waiting for zero is better than trying to predict what that variation might be. Once you're tired of waiting for the traffic to reach zero you remove the zone and rely on the negative responses to signal that the zone has moved. When the traffic still hasn't stopped to zero long after that you retire the nameserver address and plan not to respond to DNS traffic on it ever again. Pretty sure the DNS people at the NCC already know more about all of this than most of the rest of us. Joe
I would argue that any sane person would not leave the DNS change to the last moment and migrate the nameservers months before. I mean right away. For people, who ignore June-December contacts, it doesn’t really matter when the delegations are being removed. They will either yell (or don’t notice) anyway. Ondrej -- Ondřej Surý (He/Him)
On 2. 5. 2024, at 18:28, Nick Hilliard <nick@foobar.org> wrote: Could you consider having a different the end-of-service date so that it doesn't fall into industry holiday / change freeze periods? There will be a lot of change freezes in effect thoughout december and early january, and this might affect peoples' ability to fix any problems caused by the service disappearing.
Ondřej Surý wrote on 03/05/2024 12:23:
I would argue that any sane person would not leave the DNS change to the last moment and migrate the nameservers months before. I mean right away. oh for sure, but there's a wide variety of reasons which would cause migration not to happen by the due date, or at all. All other things being equal, there's not that much reason to choose Dec 31 over e.g. Nov 18.
If there's a reason for the RIPE NCC to keep retirement inside the 2024 calendar / financial year, that's ok and can be worked into a proposed date with adequate notice. Otherwise agreed that anyone affected should migrate asap. Nick
Hi Paul, I think it was about bloody time that the NCC starts to look as services like this and sunsets them .. So, good to hear that this is finally going to stop. And I would suggest to do this before the end of the year freeze period instead of killing it between xmas and new year as well. Regards, Erik Bais On 02/05/2024, 17:51, "dns-wg on behalf of Paul de Weerd" <dns-wg-bounces@ripe.net <mailto:dns-wg-bounces@ripe.net> on behalf of pdeweerd@ripe.net <mailto:pdeweerd@ripe.net>> wrote: Dear colleagues, We have published a RIPE Labs article on how we believe it is now time to retire the secondary DNS service for member’s reverse DNS delegations, ns.ripe.net: https://labs.ripe.net/author/anandb/retiring-nsripenet/ <https://labs.ripe.net/author/anandb/retiring-nsripenet/> We are proposing to retire the secondary DNS service by the end of 2024 and we're asking for your input and feedback on this proposal. Please share any feedback on the DNS Working Group mailing list by 16 May 2024. Once we’ve collected your feedback, we will discuss this topic in the DNS Working Group session at RIPE 88 on Wednesday, 22 May 2024. Paul de Weerd Manager Global Information Infrastructure team RIPE NCC -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/dns-wg <https://lists.ripe.net/mailman/listinfo/dns-wg>
On 3 May 2024, at 10:29, Erik Bais <erik@bais.name> wrote:
I think it was about bloody time that the NCC starts to look as services like this and sunsets them ..
Don’t muck about Erik! Tell us what you *really* think. +1 to the orderly closure of ns.ripe.net.
Paul I’d echo other people’s concerns about disabling anything between December and early January. It’s the worst time of the year for anything like that! Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ https://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 I have sent this email at a time that is convenient for me. I do not expect you to respond to it outside of your usual working hours.
Dear all,
We are proposing to retire the secondary DNS service by the end of 2024 and we're asking for your input and feedback on this proposal.
I agree with the proposal. I also agree with the recommendation to stop the service at a different time than the end of the year holidays. I saw there are 663 broken delegations. I understand most of these (if not all) are such that ns.ripe,net cannot download the zone from the master. I am wondering whether there are also cases when the master does not even have the ns.ripe.net configured as NS - I suspect there are. Anyway, in case of the broken delegations I would recommend to consider decommissioning them from the very beginning (1 July 2024). This means that ns.ripe.net (and other servers involved, e.g. transfer servers) would ignore these zones (i.e. these zones would be deleted from their configuration). This would free up some of the NCC resources. The difference would be that ns.ripe.net would answer with REFUSED instead of SERVFAIL. I would go even further, I would delete the delegation to ns.ripe.net from the parent zone (usually the /8 for IPv4) - this way there would be much less unanswerable traffic going to ns.ripe.net. I think it would be better to not touch the domain objects at this time, and process them together with the correct delegations. Best regards, Janos
Paul de Weerd Manager Global Information Infrastructure team RIPE NCC
Please take care: retiring a nameservice might suggest a spoofing attempt downstairs - and the Hollidays would be an ideal time to make good use of it. Kind regards Peter Dambier
Dear colleagues, Let me start by thanking you for the feedback so far on our proposal to retire the ns.ripe.net service, as detailed in the RIPE Labs article we published last week. Your input helps us better understand the needs and requirements of the membership and the larger community. We acknowledge the concerns raised about the planned time for actually shutting down the service and want to address them here. First, if the members reach consensus on the proposal and we decide to shut down the service, we will work hard to ensure all users are migrated before the end of 2024. When everybody has moved away, we can safely take down the service. But in the case where there are still zones actively (and correctly) being served from ns.ripe.net, we will not take the service down during the end-of-year freeze that many organisations observe, instead postponing that for a few days into January. We will provide a more precise timeline with the exact date of service end if we decide to go ahead with our proposed plan. I hope this covers the concerns raised. If you have any further thoughts or suggestions, or want to advocate for keeping the service running, please share your thoughts on the list! Best regards, Paul de Weerd RIPE NCC On Thu, 2 May 2024 at 17:49, Paul de Weerd <pdeweerd@ripe.net> wrote:
Dear colleagues,
We have published a RIPE Labs article on how we believe it is now time to retire the secondary DNS service for member’s reverse DNS delegations, ns.ripe.net: https://labs.ripe.net/author/anandb/retiring-nsripenet/
We are proposing to retire the secondary DNS service by the end of 2024 and we're asking for your input and feedback on this proposal. Please share any feedback on the DNS Working Group mailing list by 16 May 2024.
Once we’ve collected your feedback, we will discuss this topic in the DNS Working Group session at RIPE 88 on Wednesday, 22 May 2024.
Paul de Weerd Manager Global Information Infrastructure team RIPE NCC
Dear colleagues, Thank you for the feedback we received on our proposal to retire the ns.ripe.net service, as detailed in the RIPE Labs article published on 2 May. Your input on the mailing list and at the DNS Working Group session at RIPE 88 helped us see if there were any problems with our approach. After reviewing the mails and hearing feedback at the Working Group session, we have general agreement for the move and have decided to go ahead with the proposed plan with some amendments to the timeline. We have updated the RIPE Labs article with our amended timeline: https://labs.ripe.net/author/anandb/retiring-nsripenet/ As always, if you have any further thoughts or suggestions, please let us know on the list. Best regards, Paul de Weerd Manager Global Information Infrastructure team RIPE NCC On Thu, 2 May 2024 at 17:49, Paul de Weerd <pdeweerd@ripe.net> wrote:
Dear colleagues,
We have published a RIPE Labs article on how we believe it is now time to retire the secondary DNS service for member’s reverse DNS delegations, ns.ripe.net: https://labs.ripe.net/author/anandb/retiring-nsripenet/
We are proposing to retire the secondary DNS service by the end of 2024 and we're asking for your input and feedback on this proposal. Please share any feedback on the DNS Working Group mailing list by 16 May 2024.
Once we’ve collected your feedback, we will discuss this topic in the DNS Working Group session at RIPE 88 on Wednesday, 22 May 2024.
Paul de Weerd Manager Global Information Infrastructure team RIPE NCC
participants (10)
-
Erik Bais -
Janos Zsako -
Jim Reid -
Joe Abley -
Michele Neylon - Blacknight -
Nick Hilliard -
Ondřej Surý -
Paul de Weerd -
Peter Dambier -
Peter Hessler