Folks, since no more comments were received I here enclose the final version of the minutes. ---------- ---------- Antonio_Blasco Bonito E-Mail: bonito@nis.garr.it GARR - Network Information Service c=it;a=garr;p=garr;o=nis;s=bonito c/o CNUCE - Istituto del CNR Tel: +39 50 593246 Via S. Maria, 36 Fax: +39 50 904052 I-56126 PISA Telex: 500371 CNUCE I Italy Url: http://www.nis.garr.it/nis/staff/bonito.html ---------- ---------- -----------------------cut here--------------------- RIPE 22 DNS Working Group minutes Amsterdam 12 October 1995 Chairman: Antonio Blasco Bonito (ABB) Scribe: Benoit Grange (BG) Participants ------------ Antonio-Blasco Bonito GARR-NIS Guy Davies Unipalm PIPEX Sabine Dolderer RZ Uni-Karlsruhe, DENIC Oliver Doll EUnet Deutschland GmbH Armand Dominque FCCN/RCCN Francis Dupont INRIA Krzysztof Dzwigala NASK Benoit Grange INRIA / NIC France David Hujer SPT TELECOM, A.S. Avgust Jauk ARNES Klaus Landefeld Nacamar Data Comm. Bohumila Mullerova CESNET Ireneusz Neska NASK Peder Chr. Norgaard Telebit Communications A/S Christian Panigl UniVie/ACOnet Marc Pichon TRANSPAC Franck Pradal France Telecom Eva Ptackova SPT TELECOM, A.S. Pulak Rakshit Cable Online Ltd Nick Reid RIPE NCC Valeria Rossi CILEA Oliver Smith Demon Internet Ltd Milan Sterba HP Czech republic Thierry Scortatore FRANCE TELECOM Bernard Tuy CNRS / UREC Pierre Verbaeten KU Leuven Eric Wassenaar NIKHEF Ton Windgassen EU.IBM Preliminaries ------------- Rob Blokzijl presented the apologies from the working group chairman, Leonid Yegoshin (LY), who had a visa problem and asked ABB to chair the group. The agenda was reorganized and agreed. 1) Reports about DNS Failures -------------------------- [This item should have been covered by LY, but because he was not there some of us reported current problems] BG talked about the known problem with uncesessary glues that appear in zone transfers. This happens on most old implementations (BIND prior to 4.9) as shipped my most of the vendors. DNS Operation suffer from old implementation that have known bugs and proble ms. The usual suggestion is to install a recent version of BIND, which happens to be a beta version. It was noted that, altough that effectively eliminates the problem, many DNS administrators are not willing to use a beta version. The working group agreed on sending a letter to the ISC to ask to put BIND 4.9.3 in final so that doubts about it are solved. [ACTION on ABB] Many expressed concern about how delegation changes are done at the Internic. Today Internic accepts any change to current delegation (normal and reverse) and also to glue records. This leads to situation where some bad data is introduced, either as an error, or as some malicious action. Eg: 'ns.ripe.net' (193.0.0.193) is primary for 'ripe.net' and a lot of important zones. John Doe wants to create a 'johndoe.com' zone and submits a request to Internic mentionning both 'banana.johndoe.com' (198.1.2.3) as primary and 'ns.ripe.net' with a WRONG address 193.0.0.93 because of a typo. Internic creates the 'johndoe.com' zone and CHANGES the glue record for 'ns.ripe.net'. All delegations to 'ns.ripe.net' are affected because Internic accepted unnecessary glue record from John Doe and blindly accepted to change an existing name server IP address. The working group recommends that Internic does not accept unneccessary glue records and double checks any change to existing glue records. [ACTION on Geert Jan de Groot] Some people do not watch their name servers: it happens that some name servers are left unattended and fail without anyone noticing. This has an impact on the performance and reliability of the overall name service. People should watch their name servers and their zones on their primary and secondaries. At least the 'host' command can be used in the following way: host -C -A -L 1 <zonename> to do this at regular intervals. During the plenary session someone remembered the existance of RFC1713 A. Romao, "Tools for DNS debugging", which is usually referred to as the guide for DNS administrators and suggested to ask the author to include such recommendation. [ACTION on ABB] 2) 'in-addr.arpa' automatic checking and delegation (D. Kessens) ------------------------------------------------------------- David briefly talked about the tool he wrote which is being used at RIPE- NCC. This tools checks if the reverse zone is correctly configured as per RIPE requirements. Usage: Send an e-mail message to 'auto-inaddr@ripe.net' containing the 'inet-num' object with 'rev-svr:' attributes listing the desired name servers (1 name server per line). Send an empty message to get help. The final editing of the zone file is still done manually and the operators also checks the author of the update. After a short discussion the group agreed that some authentication mechanism be added in order to avoid malicious changes to current delegation, specially when the reverse delegation process will be completly automated. [ACTION on RIPE-NCC] This tool could also be used to check for normal delegations, but only after some rewriting because some of the checks are specific to reverse delegation or RIPE requirements. Sources are on ftp://ftp.ripe.net/tools/inaddrtool-VERSION Another tool to check delegation exist under http://www.nic.fr/ZoneCheck Sources of this tool will be freely available by the end of the year. [ACTION on BG] 3) Future developments of the name servers --------------------------------------- It was reported that: Paul Vixie got RU-BIND and will somehow merge the two programs. IBM has donated code to do dynamic updates, and an other source is available as well. 4) About the recent changes of the root name servers ------------------------------------------------- All root name servers have been renamed as '<letter>.root-servers.net'. If you want to know the "old name" of a name server, query for the TXT record associated with the name. A new primary for the root zone will be created and managed directly from IANA, and the primary for the '.com', etc. zones will remain managed by Internic. 5) Charging for domain names, etc. ------------------------------- TLD administrators are increasingly contacted by multinational company which wants to create a bunch of domains in different countries. Different countries have different policies and procedures. The requestor often challenge the TLD aministrator with questions about differences in naming and registration policies. A European TLD forum might be useful to have a better understanding of the matter. The first move should be to collect how TLD management is done over Europe. As a starting point the working group decided to set up a questionnaire. The main reason to collect such information is to help the TLD administrators in their task by knowing the guidelines followed by other countries. If they wish TLD administrators have then the possibility to keep themselves aligned to the mean behaviour (best current practice?), to reduce disputes about registration requests. During the meeting Guy Davies (GD) started collecting a lot of proposed questions. He will organise the questionnaire and submit it to the list for review and later send it to the European TLD admins. [Action on GD] DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT-DRAFT