Draft minutes of ripe22-dnswg
Better late than never... Here are the drafts minutes scribed by Benoit Grange and edited by me. Please send corrections/additions to the list before 951110. ---------- ---------- Antonio_Blasco Bonito E-Mail: bonito@nis.garr.it GARR - Network Information Service c=it;a=garr;p=garr;o=nis;s=bonito c/o CNUCE - Istituto del CNR Tel: +39 50 593246 Via S. Maria, 36 Fax: +39 50 904052 I-56126 PISA Telex: 500371 CNUCE I Italy Url: http://www.nis.garr.it/nis/staff/bonito.html ---------- ---------- --------------------cut here------------ DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT RIPE 22 DNS Working Group minutes Amsterdam 12 October 1995 Chairman: Antonio Blasco Bonito (ABB) Scribe: Benoit Grange (BG) Preliminaries ------------- Rob Blokzijl presented the apologies from the working group chairman, Leonid Yegoshin (LY), who had a visa problem and asked ABB to chair the group. The agenda was reorganized and agreed. 1) Reports about DNS Failures -------------------------- [This item should have been covered by LY, but because he was not there some of us reported current problems] BG talked about the known problem with uncesessary glues that appear in zone transfers. This happens on most old implementations (BIND prior to 4.9) as shipped my most of the vendors. DNS Operation suffer from old implementation that have known bugs and proble ms. The usual suggestion is to install a recent version of BIND, which happens to be a beta version. It was noted that, altough that effectively eliminates the problem, many DNS administrators are not willing to use a beta version. The working group agreed on sending a letter to the ISC to ask to put BIND 4.9.3 in final so that doubts about it are solved. [ACTION on ABB] Many expressed concern about how delegation changes are done at the Internic. Today Internic accepts any change to current delegation (normal and reverse) and also to glue records. This leads to situation where some bad data is introduced, either as an error, or as some malicious action. Eg: 'ns.ripe.net' (193.0.0.193) is primary for 'ripe.net' and a lot of important zones. John Doe wants to create a 'johndoe.com' zone and submits a request to Internic mentionning both 'banana.johndoe.com' (198.1.2.3) as primary and 'ns.ripe.net' with a WRONG address 193.0.0.93 because of a typo. Internic creates the 'johndoe.com' zone and CHANGES the glue record for 'ns.ripe.net'. All delegations to 'ns.ripe.net' are affected because Internic accepted unnecessary glue record from John Doe and blindly accepted to change an existing name server IP address. The working group recommends that Internic does not accept unneccessary glue records and double checks any change to existing glue records. [ACTION on Geert Jan de Groot] Some people do not watch their name servers: it happens that some name servers are left unattended and fail without anyone noticing. This has an impact on the performance and reliability of the overall name service. People should watch their name servers and their zones on their primary and secondaries. At least the 'host' command can be used with the '-C' option to do this at regular intervals. During the plenary session someone remembered the existance of RFC1713 A. Romao, "Tools for DNS debugging", which is usually referred to as the guide for DNS administrators and suggested to ask the author to include such recommendation. [ACTION on ABB] 2) 'in-addr.arpa' automatic checking and delegation (D. Kessens) ------------------------------------------------------------- David briefly talked about the tool he wrote which is being used at RIPE- NCC. This tools checks if the reverse zone is correctly configured as per RIPE requirements. Usage: Send an e-mail message to 'auto-inaddr@ripe.net' containing the 'inet-num' object with 'rev-svr:' attributes listing the desired name servers (1 name server per line). Send an empty message to get help. The final editing of the zone file is still done manually and the operators also checks the author of the update. After a short discussion the group agreed that some authentication mechanism be added in order to avoid malicious changes to current delegation, specially when the reverse delegation process will be completly automated. [ACTION on RIPE-NCC] This tool could also be used to check for normal delegations, but only after some rewriting because some of the checks are specific to reverse delegation or RIPE requirements. Sources are on ftp://ftp.ripe.net/tools/inaddrtool-VERSION Another tool to check delegation exist under http://www.nic.fr/ZoneCheck Sources of this tool will be freely available by the end of the year. [ACTION on BG] 3) Future developments of the name servers --------------------------------------- It was reported that: Paul Vixie got RU-BIND and will somehow merge the two programs. IBM has donated code to do dynamic updates, and an other source is available as well. 4) About the recent changes of the root name servers ------------------------------------------------- All root name servers have been renamed as '<letter>.root-servers.net'. If you want to know the "old name" of a name server, query for the TXT record associated with the name. A new primary for the root zone will be created and managed directly from IANA, and the primary for the '.com', etc. zones will remain managed by Internic. 5) Charging for domain names, etc. ------------------------------- A European 'TLD' forum might be useful, and the first move should be to collect how TLD management is done over Europe. Different countries have different policies, etc. Some multinational company which wants to create a bunch of domains in different countries needs more information on how this can be done and who should be contacted. The working group decided to set up a questionnaire and Guy Davies (GD) collected a lot of questions. He will organise the questionnaire and submit it to the list for review and later send it to the European TLD admins. [Action on GD] DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT
A European 'TLD' forum might be useful, and the first move should be to collect how TLD management is done over Europe. Different countries have different policies, etc. There's no need to collect such information: see below. Some multinational company which wants to create a bunch of domains in different countries needs more information on how this can be done and who should be contacted. In that case they simply ask the contact person for the top level domain(s) involved and they'll get the document with the conditions. But they should count on the document being available *only* in the national language, with no authoritative translation being or ever being made available in any other language. This will be the case in particular in those countries where e.g. a prerequisite is that a domain requestor be registered with some official body like a Chamber of Commerce in the country. Political questions like how the conditions are or have been established are irrelevant for companies, providers, or anyone else requesting a domain registration. To put it another way: such questions won't be answered. -hostmaster
A European 'TLD' forum might be useful, and the first move should be to collect how TLD management is done over Europe. Different countries have different policies, etc. There's no need to collect such information: see below.
Some multinational company which wants to create a bunch of domains in different countries needs more information on how this can be done and who should be contacted. In that case they simply ask the contact person for the top level domain(s) involved and they'll get the document with the conditions. But they should count on the document being available *only* in the national language, with no authoritative translation being or ever being made available in any other language. This will be the case in particular in those countries where e.g. a prerequisite is that a domain requestor be registered with some official body like a Chamber of Commerce in the country. Political questions like how the conditions are or have been established are irrelevant for companies, providers, or anyone else requesting a domain registration. To put it another way: such questions won't be answered.
-hostmaster
I take this as a suggestion to correct the minutes: actually the main reason to collect such information which emerged during the WG was to help the TLD administrators in their task by knowing how other countries do that and having the possibility to keep themselves aligned to the mean behaviour if they wish, in order to reduce as much as possible disputes about registration requests. ---------- ---------- Antonio_Blasco Bonito E-Mail: bonito@nis.garr.it GARR - Network Information Service c=it;a=garr;p=garr;o=nis;s=bonito c/o CNUCE - Istituto del CNR Tel: +39 50 593246 Via S. Maria, 36 Fax: +39 50 904052 I-56126 PISA Telex: 500371 CNUCE I Italy Url: http://www.nis.garr.it/nis/staff/bonito.html ---------- ----------
I take this as a suggestion to correct the minutes That's one thing. Another purpose the message was meant for is to make clear that *only* technical issues in the questionnaire will be answered. actually the main reason to collect such information which emerged during the WG was to help the TLD administrators in their task by knowing how other countries do that and having the possibility to keep themselves aligned to the mean behaviour if they wish, in order to reduce as much as possible disputes about registration requests. I'd say that TLD administrators are very capable of communicating. So in case they need to align anything with other TLD administrators, they can be assumed to know the way to contact those other administrators. The only thing that *might* be useful in this context is an up-to-date list of (e-mail addresses of) TLD administrators; but the InterNIC in fact already has that information in its whois service. And spreading the same info over different entities without there being any automatic update procedure between them will only lead to problems: one easily tends to forget in which places certain information is stored, so the info in one or more of those places may get out of date. So please keep such information in *one* place only! And about "mean behaviour": it's an illusion that such a thing exists. Some countries have very strict rules, others are much more "liberal", to put it mildly. -hostmaster
I take this as a suggestion to correct the minutes That's one thing. Another purpose the message was ...
-hostmaster
Would you please identify yourself??! I have rather bad feelings about having to follow a discussion where one part is a ghost named "hostmaster". It's quite OK to use that *mail address* in a Reply-To: field, and maybe even in the From: field, but in that case I definitely think you should identify yourself as a person in the signature. Best regards, /Liman #------------------------------------------------------------------------- # Lars-Johan Liman ! Internet: liman@sunet.se # Ebone/NORDUnet/SUNET Operations Centre ! BITNET : LIMAN@SEARN # Royal Institute of Technology, Sweden ! HTTP : //www.sunet.se/~liman # ! Voice : Int +46 8 - 790 65 60 #-------------------------------------------------------------------------
Would you please identify yourself??! I have rather bad feelings about having to follow a discussion where one part is a ghost named "hostmaster". The NL Naming Authority is not a ghost, but a *function*. And it doesn't really matter who in a particular case is speaking on behalf of the NL Naming Authority: the official e-mail address hostmaster@cwi.nl is linked to the function and is always used in the From: field when the message is an official message/reply/statement by the NL Naming Authority. Like in this case. Besides, the standards require that when the From: line differs from the e-mail address of the person who sent the mail, a Sender: line be present. And that's the case in all mails with hostmaster@cwi.nl in the From: line. That's what we call "implicit identification". -hostmaster
The NL Naming Authority is not a ghost, but a *function*.
I realise that, of course.
And it doesn't really matter who in a particular case is speaking on behalf of the NL Naming Authority:
Yes, it does, or rather, it matters that I know whom I'm addressing when I write this *reply* message. I want to know if I'm addressing the same person that I addressed in the previous message regarding the same matter, or if I have to describe the entire problem once again, which is often the case with e.g. tax authorities, which usually implement the same principle. As I said - I have no problems using a function alias as a technical means of reaching you, and the mail alias is an important way of signalling which hat I want you to wear when you read the message, but I want to know with whom I'm dealing. As an analogy, consider the case when you call by phone e.g. to the tax authorities. You dial a number to their swichboard (the *function* number), but you would probably be a bit annoyed if the person that you finally got connected to didn't present him-/herself with his/her name, wouldn't you? And when you called them again a week later, you would still call the switchboard number, but you would address yourself to the person you talked to the week before, who presumably knows the case. Furthermore, if I would like to move this conversation to another media, e.g. phone, I can easily get a phone number that presumably reaches you in one way or the other, but getting a phone number for "hostmaster" is somewhat more difficult.
the official e-mail address hostmaster@cwi.nl is linked to the function and is always used in the From: field when the message is an official message/reply/statement by the NL Naming Authority. Like in this case.
... which I have no problem with.
Besides, the standards require that when the From: line differs from the e-mail address of the person who sent the mail, a Sender: line be present. And that's the case in all mails with hostmaster@cwi.nl in the From: line. That's what we call "implicit identification".
True. My mail agent unfortunately filters this out (my fault, my problem), therefore I missed this information, and I hereby apologize for the "assault". My point of view still stands, as a principle - one should identify oneself, even if one represents a "function" - but I see now when I take a close look that you did just that in a perfectly good manner. Again, my apologies. Cheers, /Liman
Yes, it does, or rather, it matters that I know whom I'm addressing when I write this *reply* message. I want to know if I'm addressing the same person that I addressed in the previous message regarding the same matter, or if I have to describe the entire problem once again, which is often the case with e.g. tax authorities I wouldn't compare naming authorities with tax authorities... :-) After all the latter category costs you a *lot* more money than the former category... :-( As I said - I have no problems using a function alias as a technical means of reaching you, and the mail alias is an important way of signalling which hat I want you to wear when you read the message, but I want to know with whom I'm dealing. OK, clear. Besides, the standards require that when the From: line differs from the e-mail address of the person who sent the mail, a Sender: line be present. And that's the case in all mails with hostmaster@cwi.nl in the From: line. That's what we call "implicit identification". True. My mail agent unfortunately filters this out (my fault, my problem), therefore I missed this information Ah, I see. Anyway, all messages about this issue were sent by undersigned, but I would like to emphasize again that they were sent in the function of NL Naming Authority and therefore should not be (mis)taken as my personal opinion. Piet Beertema
Hi Blasco, Just a small typo... :
Antonio_Blasco Bonito writes :
Usage: Send an e-mail message to 'auto-inaddr@ripe.net' containing the 'inet-num' object with 'rev-svr:' attributes listing the desired name
It should say (or I should have said) 'rev-srv:', although the tool has no problem with this typo ... I made the same mistake myself too often so the tool will accept both. Kind regards, David Kessens
participants (5)
-
Antonio_Blasco Bonito -
David.Kessens@ripe.net -
Lars-Johan Liman -
NL Naming Authority -
Piet Beertema