Re: New draft charter for the RIPE DNS WG
"Brad" == Brad Knowles <brad.knowles@skynet.be> writes:
>> Jim and I have discussed this and we thought the charter should >> be adjusted to better reflect what the WG has been dealing with >> during the past couple of meetings and is going to do in the >> near future. Brad> I think that you've come up with a much better charter Brad> for this group. Thank you, though Peter deserves all the credit for coming up with the revised charter. Brad> Out of curiosity, do you think that the group should Brad> also help sponsor the development of open source tools to Brad> help monitor DNS-related issues, or evaluate DNS-related Brad> tools (either open source or commercial)? Yes, absolutely. These are clearly things that will be of interest to the WG membership and the DNS community as a whole. Do you feel there's nothing in the revised charter which addresses your points? If not, please suggest some text we could add or at least discuss. Your question of sponsorship is a good one. But there's a problem about how the term is defined. If you mean sponsor in the the sense of encourage or nurture, then I would say yes, that's definitely something the WG can and should do. If you mean hand over money, I'd have to uhm and ahh. The WG has no money or budget and I'd be pleasantly surprised if the members would be willing to put their hands in their pockets. Deciding how any money raised got spent would also present an administrative headache. These are not intractable problems. My view is that if the WG decided it did want to fund tool development or support, Peter and I would have to try and find a way of making that happen. Some guidance from the WG would be welcome: maybe this should be an agenda item for RIPE43? One thing I would ask people on this list to do is give more feedback and suggestions on what the WG should and should not do. Peter and I have outlined our ideas for the future of the WG and had little response so far. This is disappointing. I'm not sure if we should interpret the silence as approval for our ideas or if there's little interest in them from the WG membership.
At 2:14 AM -0700 2002/07/11, Jim Reid wrote:
Yes, absolutely. These are clearly things that will be of interest to the WG membership and the DNS community as a whole. Do you feel there's nothing in the revised charter which addresses your points? If not, please suggest some text we could add or at least discuss.
Well, what about having the RIPE NCC actually using DNS debugging tools like doc, dnswalk, etc... to monitor domains served by RIPE (including reverse delegations), and making this information publicly available (or at least available to RIPE members)?
Your question of sponsorship is a good one. But there's a problem about how the term is defined. If you mean sponsor in the the sense of encourage or nurture, then I would say yes, that's definitely something the WG can and should do.
I was thinking about some of the kinds of tools that the NetNews WG has developed (e.g., flow maps, nhns, etc...), or the Tools WG, or the Test Traffic WG.
If you mean hand over money, I'd have to uhm and ahh.
I'd have to talk to my employers, but I might be able to get them to donate some of my time to work on things like this, if there was some sort of "official" sponsorship from RIPE or RIPE NCC, with official recognition, etc.... Absolutely no guarantees, of course. But they might just go for it, if they got something in return, especially if that might potentially lead to future consulting work.
The WG has no money or budget and I'd be pleasantly surprised if the members would be willing to put their hands in their pockets.
Actually being paid money for the work would also help. ;-)
One thing I would ask people on this list to do is give more feedback and suggestions on what the WG should and should not do.
Despite other comments I have made, I believe that the WG should first focus on things like determining what the current best practice is, and then documenting and advocating that. This would be with regard to DNS Operations, DNS Policy, etc.... However, I also believe that the DNS WG should work with the RIPE NCC to help implement these best practices, at least insofar as RIPE and the RIPE NCC has influence or the ability to do so. This would also include the development or sponsoring the development of tools to help implement these best practices. In other words, I take a rather activist view. -- Brad Knowles, <brad.knowles@skynet.be> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania.
On Thu, 11 Jul 2002, Brad Knowles wrote:
Well, what about having the RIPE NCC actually using DNS debugging tools like doc, dnswalk, etc... to monitor domains served by RIPE (including reverse delegations), and making this information publicly available (or at least available to RIPE members)?
I believe that you are referring to these? : Reverse domains (weekly): http://www.ripe.net/ripencc/pub-services/stats/revdns/index.html Forward domains in the RIPE region (monthly): http://www.ripe.net/ripencc/pub-services/stats/hostcount/index.html Regards, -- Bruce Campbell RIPE Systems/Network Engineer NCC www.ripe.net - PGP562C8B1B Operations/Security
At 10:57 AM +0200 2002/07/12, Bruce Campbell wrote:
Reverse domains (weekly): http://www.ripe.net/ripencc/pub-services/stats/revdns/index.html
This is a start, but there's not enough information here. We see how many zones are "OK" vs. "not OK", but we don't see how many zones have problems like lame delegations, SOA serial number mis-matches, mis-matches in zone content even though the serial number is the same, which servers don't have proper reverse DNS set up for their IP address, what I like to call orphan delegations (where additional servers are listed as being authoritative within the zone but are not listed in the delegation data), etc.... No DNS debugging tool I know of catches all these problems, but we could work on that. We also don't see tests like which servers are public caching recursive nameservers, what versions of what nameservers are running (both by doing a version.bind query and by doing fingerprinting of the server) or otherwise exhibit behaviour that would be considered insecure. Moreover, while this information is being made publicly available, it does not appear that any pro-active use of this information is being made (i.e., e-mail messages being sent to the owners of the zone as well as the owners of the server(s) in question, etc...). Even if this deeper level of investigation & reporting were done for just the TLD zones that are in the geographical area belonging to RIPE, I think that this would be a very good thing.
Forward domains in the RIPE region (monthly): http://www.ripe.net/ripencc/pub-services/stats/hostcount/index.html
Again, there's just not enough detail here. -- Brad Knowles, <brad.knowles@skynet.be> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania.
On Fri, 12 Jul 2002, Brad Knowles wrote:
At 10:57 AM +0200 2002/07/12, Bruce Campbell wrote:
Reverse domains (weekly): http://www.ripe.net/ripencc/pub-services/stats/revdns/index.html
This is a start, but there's not enough information here. We see how many zones are "OK" vs. "not OK", but we don't see how many zones
Although this would be interesting to discuss in detail, I'd suggest doing so under a different subject line ;) ( ie, the RIPE NCC would be happy to make reasonable changes to the DNS statistics gathering that is performed, but I don't think an in-depth technical discussion is appropriate under this particular thread. )
Moreover, while this information is being made publicly available, it does not appear that any pro-active use of this information is being made (i.e., e-mail messages being sent to the owners of the zone as well as the owners of the server(s) in question, etc...).
However, this item is appropriate under the charter thread. You are correct, there is no really active usage made of the results (indeed, the urls quoted predate my time at the NCC). Hence, perhaps the WG would like to consider that as a charter item? -- Bruce Campbell RIPE Systems/Network Engineer NCC www.ripe.net - PGP562C8B1B Operations/Security
At 4:13 PM +0200 2002/07/12, Bruce Campbell wrote:
( ie, the RIPE NCC would be happy to make reasonable changes to the DNS statistics gathering that is performed, but I don't think an in-depth technical discussion is appropriate under this particular thread. )
Fair enough. Done. -- Brad Knowles, <brad.knowles@skynet.be> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania.
At 4:13 PM +0200 2002/07/12, Bruce Campbell wrote:
However, this item is appropriate under the charter thread. You are correct, there is no really active usage made of the results (indeed, the urls quoted predate my time at the NCC). Hence, perhaps the WG would like to consider that as a charter item?
I would definitely like to consider active (and pro-active) use of information like this as part of the DNS WG. Even if the DNS WG only recommends policy on what should be done and the actual implementation of that policy is performed by the RIPE NCC (i.e., the DNS WG itself does not actually make active or pro-active use of this information), that would be fine by me. I think that we'll all agree that the DNS really needs to be seriously cleaned up, and if we don't do what we can to help spur that process along, then who will? -- Brad Knowles, <brad.knowles@skynet.be> "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania.
participants (3)
-
Brad Knowles -
Bruce Campbell -
Jim Reid