Dear WG,
please find below the minutes of our Hiroshima meeting. Many thanks to John
for timely delivery and also to Wolfgang for jabber scribing.
-Peter
-----------------------------------------------------------------------------
dnsop WG minutes for IETF 76, Hiroshima, JP
-----------------------------------------------------------------------------
WG: DNS Operations (dnsop)
Meeting: IETF 76, Hiroshima
Location: ANA Crowne Plaza Hiroshima, "Orchid West"
Date: Wednesday, 11 November 2009
Time: 13:00 - 15:00 (UTC+9)
Chairs: Rob Austein <[email protected]> <[email protected]>
Peter Koch <[email protected]> <[email protected]>
Minutes: John Schnizlein
Jabber: xmpp:[email protected]
J-Scribe: Wolfgang Nagele
J-Script: http://www.ietf.org/jabber/logs/dnsop/2009-11-11.txt
Audio:
ftp://videolab.uoregon.edu/pub/videolab/video/ietf76/ietf76-ch8-wed-afnoon.mp3
[~59MB]
{meeting starts at 00:13:45}
WG URL: http://tools.ietf.org/wg/dnsop/
Material: https://datatracker.ietf.org/meeting/76/materials.html#wg-dnsop
-----------------------------------------------------------------------------
1) Administrivia
<http://www.ietf.org/proceedings/09mar/slides/dnsop-0.pdf>
No new IETF attendees, about 5 new to DNSOP WG
- Note Well
- Agenda : <http://www.ietf.org/proceedings/09mar/agenda/dnsop.txt>
no changes
2) Status Update [13:12]
Rob Austein stepping down as co-chair when a replacement is found.
3) Active Drafts [13:14]
3.1) DNSSEC Key Timing Considerations
<draft-morris-dnsop-dnssec-key-timing-01.txt>
<http://www.ietf.org/proceedings/09nov/slides/dnsop-8.pdf>
[Johan Ihren]
Request adoption as WG document
RFC 5011 coverage has been integrated
2 kinds of ZSK rollover: prepublication and double signature (during
algorithm change)
3 kinds of KSK roll: double KSK, double RRset (add and remove KSK+DS
together), double DS
questions:
should all rollover mechanisms be described in detail?
should we expand the algorithm rollover section?
Wes Hardaker: cannot choose, but document ramifications of each
Ed Lewis: used this in a key management plan - sent email to list of
problems found. Draft authors should check with those
already operating DNSSEC zones.
Jelte Jansen: should replace rather than expand algorithm section
which is wrong
Olaf Kaufman: overlap with 4641bis - keep tradeoff in that tutorial
document
Mark Andrews: should describe introduction and removal of algorithms
Rob Austein: yes, you should cover all of these
Adopt as WG document? How to resolve interaction between Olaf's 4642bis?
Johan: intend to avoid circular dependencies
Fredico Neves: why not include in 4641bis? A: they target different
audiences
Wes: the content is needed
Hum for WG doing some document on this content - unanimous
Whether to merge with olaf's bis draft or not punted to list.
3.2) Initializing a DNS Resolver with Priming Queries [13:33]
<draft-ietf-dnsop-resolver-priming-02.txt>
<http://www.ietf.org/proceedings/09nov/slides/dnsop-9.pdf>
[Peter Koch]
How many read? 10-ish
Open questions:
Q1 retry strategy?
Q2 parallel vs sequential priming?
Q3 may the sbelt be used before priming?
Q4 when to reprime?
Q5 completeness of response? response to non-EDNS based root (priming)
queries?
Bob Halley: answer no on Q3
No other comments, exhorted wg to comment on open issues.
Peter (as chair): we have an issue tracker which we hope to use for
these questions
4) Current & New Topics
4.1) DNSSEC Trust Anchor History Service [13:42]
<draft-wijngaards-dnsop-trust-history-02.txt>
skipped, no presentation
4.2) DNSSEC Signing Policy & Practice Statement Framework [13:44]
<draft-ljunggren-dps-framework-01.txt>
<http://www.ietf.org/proceedings/09nov/slides/dnsop-1.pdf>
[Fredrik Ljunggren]
DPS states practices and provisions employed or states requirements or
policy
target audience: registries, or sponsoring organizationor regulatory
authorities
outlines topics to be considered when implementing DNSSEC.
in the DNSSEC for root discussion - compare IANA and Verisign
How many read the draft? 5-ish
WG document?
Peter: has been used for the root and by several TLDs
Rob: after reading notes from Stockholm, the status seems similar now.
Shane Kerr: have heard lots of support
Rob: take question to the mailing list.
Matt Larson: we should adopt it.
Ed Lewis: have not read it - have written a CPS it is a pain. Do you
want to do this?
Volunteers to read and comment within 2 weeks:
Andrew Sullivan, Wes Hardaker, Sam Weiler, Jaap Akkerhuis,
Suzanne Woolf, Matt Larson, Chris Liljenstolpe,
<3 more people in the back>
Roy Arends: have read it, plan to use at Nominet
Olaf: will Nominet bring its experience back and contribute to the
document? Yes, if WG adopts.
Peter: this question is for the framework only, not that any TLD DPS
be published.
Jim Galvin: support it.
Adopted by "way more than" 5 raising hands in support.
4.3) Reverse DNS in IPv6 for Internet Service Providers [14:00]
<draft-howard-isp-ip6rdns-01.txt>
<http://www.ietf.org/proceedings/09nov/slides/dnsop-2.pdf>
[Lee Howard]
How can residential ISPs populate reverse DNS for IPv6
Changes (since Stockholm): only for residential (not commercial),
clarified why wildcard won't match, how to have DHCP update DNS,
concern about synchronizing rules for on-the-fly with multiple servers.
Informational rather than BCP
Removed recommendation not to populate reverse DNS
Added concern of mischievous hostnames in delegated DNS
How many read? 5-10
Jason Livinggood: think "residential" is too limiting - include Small
office
Ted Lemon: several recommendations based on current state of home
gateways, should be intended state or take them out.
Roque Gagliano: this is important - we get questions on this.
Rob: comment from Alain Durand: want that "operators are not required
to populate"
No consensus, needs further discussion
5) Other (non WG) Internet-Drafts [14:11]
5.1) Top Level Domain Name Specification
<draft-liman-tld-names-01.txt>
<http://www.ietf.org/proceedings/09nov/slides/dnsop-3.ppt>
<http://www.ietf.org/proceedings/09nov/slides/dnsop-3/dnsop-3.htm>
[Olafur Gudmundsson acting as proxy for Lars Johan Liman]
asked for feedback on formal (BNF-like) string rules on the screen
Markos Sanz: too little to understand
John Klensin: come to the plenary to learn more - this does about the
right thing.
Peter Koch: not convinced this is the right way to go. Don't see
justification for IETF to make these rules. This looks more like
policy than technical requirement.
Rob: ICANN wants something - how can we help. What alternative?
Peter: not normative - say that they must be alphabetic.
Klensin: to identify the boundary case, if this WG declines to make
policy statements, then remove any constraint and allow anything.
wnagele: for the mic: we can do this as a "quick fix", and then start
the real work to fix 1123, to relax rules further.
Olafur: want input even if this is not adopted as a WG document.
No consensus, the involved parties need to talk some more.
5.2) IDN TLD Variants Implementation Guideline [14:22]
<draft-yao-dnsop-idntld-implementation-01.txt>
<http://www.ietf.org/proceedings/09nov/slides/dnsop-4.pdf>
[Jiankang Yao]
5-10 people had read read the draft.
Doug Otis: similar to latin names - deal with it the same way as
phishing names
Stephane: there are several topics - not something we can solve
Ed Lewis: before the meeting a few of us worked on recasting this as a
simpler technical problem: make 2 zones look the same.
The policy issues of whether there should be variants is out of scope.
There does appear to be a technical topic of how to make two zones
have identical content. Exact framing of question and whether
the WG wants to adopt it, is taken to list.
5.3) DNS Proxy Bypass by Recursive DNS Discovery and LOCAL.ARPA [14:44]
<draft-bellis-dns-recursive-discovery-00.txt>
<http://www.ietf.org/proceedings/09nov/slides/dnsop-5.ppt>
<http://www.ietf.org/proceedings/09nov/slides/dnsop-5/dnsop-5.htm>
[Ray Bellis]
To solve the problem that many home gateways send DHCP for DNS as the
gateway, send query for "LOCAL.ARPA" that gives correct NS address.
Issues:
DNSSEC breakage
What if ISP does not support (or signs) LOCAL.ARPA?
10 people have read, five think should adopt.
Take adoption question to the WG list.
5.4) Self-termination Mechanism for Anycast DNS Service
<draft-shin-dnsop-self-termination-00.txt>
skipped
6) I/O with other WGs [14:54]
TSVWG
<draft-ietf-tsvwg-iana-ports-03.txt>
<http://www.ietf.org/proceedings/09nov/slides/dnsop-7.pdf>
[Joe Touch]
Update procedures for updating port registration and unify registries
Idea is to put all the protocol things (SRV names, Services, Ports) in
one table.
Adding procedures to change, transfer, withdraw - current is write-only.
Stewart Cheshire: SRV always has the underscore - clarifies SRV name
Olafur has an alternate proposal.
Will take to the list and get feedback to Joe.
The following I-Ds were not discussed, serve as reference and pointer
here only.
BEHAVE
<draft-xli-behave-dns46-for-stateless-00.txt>
<draft-ietf-behave-dns64-02.txt>
OTHER
<draft-yourtchenko-tran-announce-dns-00.txt>
7) A.O.B. [15:03]
Ondrej Sury: DNSSEC plugin for Firefox
<http://www.ietf.org/proceedings/09nov/slides/dnsop-6.pdf>
http://labs.nic.cz for alpha version: Linux, MacOS, Windows
Wes Hardaker: this is the third of these - very nice
One final announcement:
The room for "DNSSEC signed root" - Cattleya West
-----------------------------------------------------------------------------
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
