Runxia Wan | 30 Oct 06:27 2014

reviewing draft-wkumari-dnsop-root-loopback-00

Hi all,

I am reviewing draft-wkumari-dnsop-root-loopback-00 and draft-wkumari-dnsop-dist-root-01. I have some questions about some details of the draft:

First, when a resolver falls back to legacy operation, I guess there should be a retry interval for it to retry to work in the loopback operation (I mean the operation the draft described). But the draft does not mention how to set it. Is there any suggestion about the value of retry interval or is this something we should test about?

The other, as far as I concerned, every record in the zone file should be validated by resolver using DNSSEC. Even any one of them cannot be validated; the resolver should discard the zone file and try another server in the list. If the entire list is tried, it should log an error and fall back to legacy operation. May it lead the resolver to fall back to legacy operation often since error are likely to happen such as any unsigned TLDs or validation failure? And, with the increase size of zone file in future, may this validation for each TLD cause a degradation of QPS in resolver?



---------------
Runxia Wan(Brian) Research Engineer
BII Lab Beijing Internet Institute(BII) rxwan <at> biigroup.cn

_______________________________________________
DNSOP mailing list
DNSOP <at> ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
Paul Hoffman | 29 Oct 20:04 2014

Bi-weekly reminder of the documents for the WG

Greetings again. This is a reminder that the documents that this WG is working on, and may or may not be
working on in the future, is at
 https://svn.tools.ietf.org/svn/wg/dnsop/doclist.html
It helps the WG chairs to know which documents have enough people willing to review them to move them
forwards. If you would like to volunteer to be a reviewer for any of the documents, please let me know so I can
list you.

In the past two weeks, a few additional people have volunteered to review some of the documents. It would be
grand if more people would offer to review other documents as well. Also, the documents that are going to be
part of the new DPRIVE WG were removed from the list.

If you want to add a document to the list, contact the WG chairs.

--Paul Hoffman, secretary

_______________________________________________
DNSOP mailing list
DNSOP <at> ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Suzanne Woolf | 28 Oct 16:50 2014
Picon

call for adoption: draft-vandergaast-dnsop-edns-client-subnet

Dear DNSOP WG,

This draft documents the specification, use, and cautions regarding the "client-subnet" EDNS option.
Please consider adoption of this draft as a WG work item.

As some of you will remember, this is a successor to a draft that was considered in DNSEXT some time ago and
eventually expired without formal action. Since then, the option codepoint has been granted under the
appropriate registry policy (expert review) and the option is in significant operational use. 

The topic has come up more than once on the WG mailing list, with some vigorous discussion, so a couple of the
original authors and a couple of new people have revived the draft in the interests of documenting the
option, including specific behavior and cautions in its use.

The draft is available here: http://datatracker.ietf.org/doc/draft-vandergaast-dnsop-edns-client-subnet/

Please review to see if you think this document is suitable for adoption by DNSOP and comment to the list. 

Please state your view, your reasons, and (if you're in favor of adoption) whether you are willing to
contribute text, review, etc.

This call for adoption ends Tuesday 11-Nov.-2014, end of the day wherever you happen to be. This is the same
day as our WG meeting at IETF 91.

Thanks,
Suzanne Woolf
DNSOP co-chair
_______________________________________________
DNSOP mailing list
DNSOP <at> ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

fujiwara | 28 Oct 10:38 2014
Picon

status of DS query increase in JP

This graph is status of DS query increase in JP.
  http://member.wide.ad.jp/~fujiwara/dnssec-ipaddress-ratio.png

Ratio of DS queries was 5% or 6% at max, however, it is 3.4% now.

It seems that large scale ISP stopped DNSSEC validation this April.

How do I do about draft-fujiwara-dnsop-ds-query-increase ?
  https://tools.ietf.org/html/draft-fujiwara-dnsop-ds-query-increase-02

Regards,

--
Kazunori Fujiwara, JPRS <fujiwara <at> jprs.co.jp>

_______________________________________________
DNSOP mailing list
DNSOP <at> ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

fujiwara | 28 Oct 10:30 2014
Picon

Unclear points of DNS protocols

I submitted http://draft-fujiwara-dnsop-unclear-00.txt.
  https://tools.ietf.org/html/draft-fujiwara-dnsop-unclear-00

I would like to collect potential unclear points of DNS protocols.

Is it useful ?

For example, I want clear definitions of "Full-resolver" and "Referrals".

Please comment.

--

-- 
Kazunori Fujiwara, JPRS <fujiwara <at> jprs.co.jp>

_______________________________________________
DNSOP mailing list
DNSOP <at> ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Paul Vixie | 28 Oct 09:07 2014

Workshop on DNS Future Root Service Architecture, Hong Kong, December 8-9, 2014 (SAVE THE DATE)

Registration will open shortly for the Workshop on DNS Future Root Service Architecture.

> Location: Hong Kong, HK
> Date: December 8-9, 2014
> Hosted by: ISOC-HK
> Sponsors: ZDNS/BII and CNNIC
> Co-chairs: Warren Kumari and Paul Vixie
This two day workshop will focus on the DNS root service architecture issues raised by two current Internet Drafts:1. http://tools.ietf.org/html/draft-wkumari-dnsop-root-loopback-00
   Decreasing Access Time to Root Servers by Running One on Loopback
   W. Kumari, Ed.; P. Hoffman

2. http://tools.ietf.org/html/draft-lee-dnsop-scalingroot-00
   How to scale the DNS root system?
   Xiaodong Lee; Paul Vixie; Zhiwei Yan

These two drafts take very different approaches to the problem of increasing root zone availability to recursive name servers. In this workshop we will explore the differences and similarities, with an eye towards revising both drafts and clarifying their roles in the DNS root service architecture.

Invitations including travel support will be extended to root name server operators (bcc'd here), and to the I-D authors. The workshop will be open to any interested party, and presentations will be streamed live and stored via Youtube. There will be no cost for attending the workshop. Pre-registration will be required.

Information on how to register and on the proposed agenda will be sent shortly to this same distribution. For travel planning purposes, the meeting will run all day on December 8, with a social event that evening, and for half a day on December 9, finishing immediately after lunchtime.

--
Warren Kumari
Paul Vixie
_______________________________________________
DNSOP mailing list
DNSOP <at> ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
internet-drafts | 28 Oct 00:36 2014
Picon

I-D Action: draft-ietf-dnsop-edns-chain-query-01.txt


A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Domain Name System Operations Working Group of the IETF.

        Title           : Chain Query requests in DNS
        Author          : Paul Wouters
	Filename        : draft-ietf-dnsop-edns-chain-query-01.txt
	Pages           : 15
	Date            : 2014-10-27

Abstract:
   This document defines an EDNS0 extension that can be used by a DNSSEC
   enabled Recursive Nameserver configured as a forwarder to send a
   single DNS query requesting to receive a complete validation path
   along with the regular DNS answer, without the need to rapid-fire
   many UDP requests in an attempt to attain a low latency.

The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-dnsop-edns-chain-query/

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-dnsop-edns-chain-query-01

A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-edns-chain-query-01

Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
DNSOP mailing list
DNSOP <at> ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

internet-drafts | 28 Oct 00:36 2014
Picon

I-D Action: draft-ietf-dnsop-edns-tcp-keepalive-01.txt


A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Domain Name System Operations Working Group of the IETF.

        Title           : The edns-tcp-keepalive EDNS0 Option
        Authors         : Paul Wouters
                          Joe Abley
	Filename        : draft-ietf-dnsop-edns-tcp-keepalive-01.txt
	Pages           : 10
	Date            : 2014-10-27

Abstract:
   DNS messages between clients and servers may be received over either
   UDP or TCP.  UDP transport involves keeping less state on a busy
   server, but can cause truncation and retries over TCP.  Additionally,
   UDP can be exploited for reflection attacks.  Using TCP would reduce
   retransmits and amplification.  However, clients are currently
   limited in their use of the TCP transport as RFC 5966 suggests
   closing idle TCP sessions "in the order of seconds", making use of
   TCP only suitable for individual queries generated as a fallback
   protocol for truncated UDP answers.

   This document defines an EDNS0 option ("edns-tcp-keepalive") that
   allows DNS clients and servers to signal their respective readiness
   to conduct multiple DNS transactions over individual TCP sessions.
   This signalling facilitates a better balance of UDP and TCP transport
   between individual clients and servers, reducing the impact of
   problems associated with UDP transport and allowing the state
   associated with TCP transport to be managed effectively with minimal
   impact on the DNS transaction time.

The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-dnsop-edns-tcp-keepalive/

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-dnsop-edns-tcp-keepalive-01

A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-edns-tcp-keepalive-01

Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
DNSOP mailing list
DNSOP <at> ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

internet-drafts | 27 Oct 21:58 2014
Picon

I-D Action: draft-ietf-dnsop-rfc6598-rfc6303-02.txt


A New Internet-Draft is available from the on-line Internet-Drafts directories.
 This draft is a work item of the Domain Name System Operations Working Group of the IETF.

        Title           : Add 100.64.0.0/10 prefixes to IPv4 Locally-Served DNS Zones Registry.
        Author          : M. Andrews
	Filename        : draft-ietf-dnsop-rfc6598-rfc6303-02.txt
	Pages           : 5
	Date            : 2014-10-27

Abstract:
   RFC6598 specified that: "Reverse DNS queries for Shared Address Space
   addresses [100.64.0.0/10] MUST NOT be forwarded to the global DNS
   infrastructure."

   This document formally directs IANA to add the associated zones to
   the "IPv4 Locally-Served DNS Zones Registry" to prevent such queries
   accidently leaking to the global DNS infrastructure.

The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-dnsop-rfc6598-rfc6303/

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-dnsop-rfc6598-rfc6303-02

A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-dnsop-rfc6598-rfc6303-02

Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
DNSOP mailing list
DNSOP <at> ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

IETF Secretariat | 27 Oct 21:47 2014
Picon

IPR Disclosure: Verisign Inc.'s Statement about IPR related to draft-bortzmeyer-dns-qname-minimisation-02


Dear Stephane Bortzmeyer:

 An IPR disclosure that pertains to your Internet-Draft entitled "DNS query name
minimisation to improve privacy" (draft-bortzmeyer-dns-qname-minimisation) was
submitted to the IETF Secretariat on 2014-10-27 and has been posted on the "IETF
Page of Intellectual Property Rights Disclosures"
(https://datatracker.ietf.org/ipr/2469/). The title of the IPR disclosure is
"Verisign Inc.'s Statement about IPR related to draft-bortzmeyer-dns-qname-
minimisation-02."");

The IETF Secretariat

_______________________________________________
DNSOP mailing list
DNSOP <at> ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Tim Wicinski | 27 Oct 18:43 2014
Picon

Draft Agenda for IETF91


Hi

We've submitted the following agenda for dnsop in Honolulu.  As usual, 
these tend to go a flurry of activity.

However, for the first time in several meetings, I do not think we have 
anything which is highly contentious, though I may be overlooking something.

thanks, and see you in HI
tim

----
WG:                     DNS Operations (dnsop)
Meeting:                IETF 91, Honolulu
Location:               Hilton Hawaiin Village, Coral 4
Date:                   Tuesday, 11 November 2014
Time:                   1520-1720 PDT, Afternoon Session II
Chairs:                 Tim Wicinski <tjw.ietf <at> gmail.com>
                         Suzanne Woolf <suzworldwide <at> gmail.com>

- Introduction

- Agenda Bashing, Blue Sheets, etc (10 min)

- Updates of Old Work, Chairs (10 min)

- New Old Business

     DNS Cookies, with Data, Eastlake/Andrews (15min)
         draft-eastlake-dnsext-cookies

     QNAME minimisation, next steps Bortzmeyer (10min)
         draft-ietf-dnsop-qname-minimisation

- New Business

     TCP Connection Close, Bellis  (10min)
         draft-bellis-dnsop-connection-close
         (alternative to draft-ietf-dnsop-edns-tcp-keepalive)

     DNS Transport over TCP, Dickinson (15min)
         draft-dickinson-dnsop-5966-bis

     DNSSEC Negative Trust Anchows, Livingood  (15 min)
         draft-livingood-dnsop-negative-trust-anchors

     Reverse DNS in IPv6 for Internet Service Providers, Howard (10min)
         draft-howard-dnsop-ip6rdns

- Newer Business
     Root Servers Running on Loopback, Kumari (10 min)
         draft-wkumari-dnsop-root-loopback

     Spartacus: DNS, HTTP, JSON (10 min)
         draft-dickson-dnsop-spartacus-system

_______________________________________________
DNSOP mailing list
DNSOP <at> ietf.org
https://www.ietf.org/mailman/listinfo/dnsop


Gmane