Proposed criteria for adding new zones to DNSMON
Dear colleagues, The new DNSMON (https://atlas.ripe.net/dnsmon/) service has been available for several months now, and we would like to propose criteria for adding new zones going forward. Please note that we’ve provided this just as a starting point for consultation with the DNS community, and are asking for feedback about this proposal. First, we believe we should only add these TLDs when we receive a request from the TLD operators themselves, rather than from third parties. If we do receive requests to add a TLD from a third party, we will only do so after first checking with the TLD operator and receiving an official request from them at atlas@ripe.net. Second, we propose allowing the addition of ccTLDs operated by our members for countries within the RIPE NCC’s service region. The new DNSMON infrastructure is capable of handling this number of potential requests. Third, we propose adding up to five gTLDs under the control of any given operator, and only if the operator is a member of the RIPE NCC. We believe these criteria for including new zones will continue to make DNSMON a valuable tool for our members and the wider community. Once the DNS Working Group has provided feedback on these criteria, the RIPE NCC will provide a full service description for DNSMON that includes these criteria and that will be included in the DNSMON documentation. We look forward to hearing your thoughts, and ask you to please respond to this list with any feedback you have preferably before mid-September. Kind regards, Kaveh Ranjbar Chief Information Officer RIPE NCC
[ Disclaimer: I am not a DNS expert, just looking at things from a membership pov ] Kaveh Ranjbar wrote: [...]
Second, we propose allowing the addition of ccTLDs operated by our members for countries within the RIPE NCC’s service region.
I can easily see the rationale for the requirement of RIPE NCC Membership of the operator, but I do not immediately see the reason for the additional restriction based on geography. Just curious. Regarrds, Wilfried
On 12 Aug 2014, at 15:03, Wilfried Woeber <Woeber@CC.UniVie.ac.at> wrote:
I can easily see the rationale for the requirement of RIPE NCC Membership of the operator, but I do not immediately see the reason for the additional restriction based on geography.
Let's learn to walk first before trying to run. :-) <No hats> My personal opinion is the service should primarily be focused on the NCC's service region with key infrastructure stuff like the root and parts of .arpa as special cases. In theory this will provide enough room for other organisations to offer DNS monitoring services in the other RIR service regions or for different market segments. It would be unwise if DNSMON cherry picks the majority of potential (paying) customers and/or turns into a monopolistic juggernaut that distorts the market. A cautious approach here seems prudent. FWIW, when the NCC began offering TLD monitoring services "for free" a few years ago, it caused a member to abandon their plans to launch a commercial service and write off their investment. Other entrants are now emerging: DNS hosting providers, DNS-OARC's tldmon, (g)TLD registry operators, etc. Some of these might be more than unhappy if DNSMON has eaten their lunch. I think we also have to be particularly careful about the gazillions of new gTLDs. These could overwhelm the current DNSMON platform and/or present scaling problems. Limiting service to a handful of these TLDs in the service region should keep things on a tight leash, at least for now. If it later turns out those concerns were misplaced, a more liberal approach can be introduced when there's evidence to support that. It will also be good to assess the reporting and WG oversight of DNSMON. The NCC may well want the WG to be the one to say yes or no whenever a new "customer" comes along. Personally I think it's crucial the WG has a role in defining the scope of the service. YMMV. At present DNSMON largely operates in a vacuum with an open door "policy" which hasn't been agreed or documented. From that PoV, Kaveh's proposal is a very welcome step in the right direction. I hope the WG can quickly reach consensus on something similar to this draft once the summer holidays are over.
Hi Jim, thanks for your PoV. I largely agree with you reasoning, with one exception: Jim Reid wrote:
On 12 Aug 2014, at 15:03, Wilfried Woeber <Woeber@CC.UniVie.ac.at> wrote:
The NCC may well want the WG to be the one to say yes or no whenever a new "customer" comes along.
IMHO, this is a very bad idea. For more than one reason, e.g. timeliness of decision, definition of criteria, potential for arbitrary outcome based on whatever, lack of interest/involvement,...
Personally I think it's crucial the WG has a role in defining the scope of the service.
Agreed. But this sounds pretty much like AP, where the community defines the rules or "policy", and the NCC implements it. "Sharing" the responsibility for decisions seems to be cumbersome, at least.
YMMV. At present DNSMON largely operates in a vacuum with an open door "policy" which hasn't been agreed or documented. From that PoV, Kaveh's proposal is a very welcome step in the right direction.
Strongly seconded.
I hope the WG can quickly reach consensus on something similar to this draft once the summer holidays are over.
:-) Wilfried.
On 14 Aug 2014, at 14:45, Wilfried Woeber <Woeber@CC.UniVie.ac.at> wrote:
The NCC may well want the WG to be the one to say yes or no whenever a new "customer" comes along.
IMHO, this is a very bad idea. For more than one reason, e.g. timeliness of decision, definition of criteria, potential for arbitrary outcome based on whatever, lack of interest/involvement,...
Wilfried, I'm sorry if my response gave you that impression because that's not what was envisaged. Well, not in my mind at any rate... You are of course absolutely right the WG should have no say in operational matters. And not just for the reasons you outlined. Micromanagement by mailing list simply can't work. So the WG won't be doing that. :-) What I hope we arrive at is a situation where a framework is agreed by the WG. The NCC implement that and report on how things are going at regular intervals. If/when the framework needs to be tweaked -- say for a new class of customer or to add more gTLDs per NCC member -- this comes to the WG. The WG will not need to be consulted at all when a new customer that already meets the current criteria asks for DNSMON. If that customer does not meet the prevailing criteria, that's when the WG should be in the position of making the yes/no decision by either changing the criteria or not. The WG shouldn't be asked to decide if Customer X gets added or not. I expect the discussion would be something like "Customer X meets category foo. DNSMON does not serve that category. Should the NCC include foo? Here's what a yes/no answer will mean.".
Personally I think it's crucial the WG has a role in defining the scope of the service.
Agreed. But this sounds pretty much like AP, where the community defines the rules or "policy", and the NCC implements it.
That's the objective here too.
"Sharing" the responsibility for decisions seems to be cumbersome, at least.
Indeed and that's why this is not what is expected to happen to DNSMON. The WG would do the "policy" aspects and document them -- which IMO shouldn't need the full force of the PDP sledgehammer -- and the NCC be left to implement those as it sees fit. I hope this clarifies things or offers something for the WG to chew on.
On 7 Aug 2014, at 13:11, Kaveh Ranjbar <kranjbar@ripe.net> wrote:
We look forward to hearing your thoughts, and ask you to please respond to this list with any feedback you have preferably before mid-September.
Kaveh, I think this is a good starting point. Thanks. However I think the proposed framework misses statements of the obvious: The NCC will provide regular status reports on DNSMON to the DNS WG. Changes to this framework will be discussed and agreed by the DNS WG.
participants (3)
-
Jim Reid -
Kaveh Ranjbar -
Wilfried Woeber