April 2016 - dns-wg - mailman.ripe.net

RIPE 72 DNS WG Agenda
by Dave Knight 29 Apr '16

29 Apr '16

Colleagues, Here’s the agenda for the RIPE 72 meeting of the DNS working group in Copenhagen. We expect to send an update regarding the participants in the panel discussion closer to the meeting, but otherwise the following should be just about definitive. Dave On behalf of the chairs === Session one, Thursday 26 May, 14:00-15:30 === A. [05] Administrivia - Agenda bashing - Review of action items - Approval of previous minutes B. [30] RIPE NCC Report, Anand Buddhdev C. [25] Root Zone ZSK Size Increase, Duane Wessels Verisign, in its role as Root Zone Maintainer, plans to increase the size of the root zone Zone Signing Key (ZSK) in 2016. The ZSK has been a 1024-bit RSASHA256 key since the initial deployment of DNSSEC to the root zone in 2010. In the latter half of 2016, the ZSK size will be increased to 2048-bits. In this presentation we will outline the schedule for the change, describe various technical and non-technical details for implementing the change, describe how the change will affect root zone response sizes, and our plans for emergency fallback to a 1024-bit in the unlikely event it should be necessary. D. [25] QNAME Minimization in Unbound, Ralph Dolmans This talk is about the QNAME minimisation implementation in Unbound. QNAME minimisation is a technique to improve DNS privacy by limiting the amount of privacy sensitive data exposed to authoritative nameservers. Although resolving using QNAME minimisation is not strictly forbidden in the original DNS RFCs, not all nameservers handle these queries the way they should. Unbound is shipped with an implementation that will resolve queries "as usual" when broken nameservers are detected. Also covered in this talk is the effect of QNAME minimisation on the number of queries, and some side benefits of QNAME minimisation. E. [05] Followup from Plenary topics - What’s so hard about DNSSEC?, Paul Ebersman === Session two, Thursday 26 May, 16:00-17:30 === F. [25] BIND 9.11 Release Update, Vicky Risk BIND 9.11, the first new major version in over 2 years, will be in alpha testing during RIPE, and is scheduled for release this summer. This version will include a new database api, contributed by RedHat, a new provisioning mechanism called Catalog zones, improvements to RNDC, an IPv6 bias, and the DNSSEC negative trust anchor, among other things. We will also give an update on BIND performance testing at ISC, and would like to discuss a possible change in the open source licensing for BIND. G. [05] DNS Privacy Public Resolver Proposal, Allison Mankin/Sara Dickinson Proposal that RIPE operate the first DNS over TLS privacy-enhanced public recursive to provide service to the community and to research additional privacy enhancing mechanisms. H. [55] Panel on DNSSEC Algorithm Flexibility, Ondřej Surý et al A panel with representatives of DNS Operators and DNS Hosters, discussing the challenges of introducing new and deprecating old DNS features and DNS(SEC) algorithms. The panel will discuss the deployment of new DNS standards at the customer DNS servers. The proposed moderator is Ondřej Surý, the members of the panel are yet to be determined and will be announced in a separate update closer to the meeting. I. [05] AOB

1 0

Additional DNS service capacity for ripe.net zone
by Romeo Zwart 26 Apr '16

26 Apr '16

Dear all, Over the last year we have seen an increase in the frequency of excessive traffic towards the RIPE NCC DNS infrastructure. Our servers generally absorb peak loads without an impact on our DNS services. However, to be better prepared for extreme traffic floods, we will work with an external party to provide additional DNS service capacity for serving the ripe.net zone. More detail can be found here: https://labs.ripe.net/Members/romeo_zwart/update-on-ripe-ncc-authoritative-… We always welcome your feedback. Please send any comments that you have to: <romeo.zwart(a)ripe.net> or alternatively post to the list. Kind regards, Romeo Zwart

2 2

IDN registration question
by Shane Kerr 22 Apr '16

22 Apr '16

All, This isn't strictly about DNS in the RIPE region, and is perhaps 4000 years out of date, but I don't really know where to ask. I noticed that VeriSign supports IDN registration using Egyption hieroglyphs: https://www.verisign.com/assets/idn/idn-egyptian-hieroglyphs.html However, their own web site doesn't seem to allow me to register a name using that character set, calling it "temporarily unavailable". I tried a few registrars but I get things like "𓎟𓀀 contains invalid characters" or the like, some say things like "ӎ߰Ӏ.com is not available" (clearly their character handling needs some tweaking, since they're munging my requested domain name). Neither DuckDuckGo nor Google seemed to help me find a list of which registrars support which languages or character sets. Does anyone have any tips, or do I need to start my own registrar? I'm also happy to use another TLD, but the Egyptian ccTLD seems more concerned with Arabic than hieroglyphs. Cheers, -- Shane

8 10

Last call for presentations and Draft programme for RIPE 72
by Benno Overeinder 02 Apr '16

02 Apr '16

Colleagues, A list of currently accepted RIPE 72 presentations is now published at: https://ripe72.ripe.net/programme/meeting-plan/draft-programme/ There are still few slots remaining for a final RIPE 72 programme and RIPE Programme Committee will accept new proposals until 15 April 2016. This is our last call for you to submit your proposals. You can find the CFP for RIPE 72 below, or at https://ripe72.ripe.net/submit-topic/cfp/, for your proposals for plenary session presentations, tutorials, workshops, BoFs (Birds of a Feather sessions) and lightning talks. Please also note that speakers do not receive any extra reduction or funding towards the meeting fee at the RIPE Meetings. Kind regards, Benno Overeinder RIPE PC Chair https://www.ripe.net/participate/meetings/ripe-meetings/pc -------------------->>><<<-------------------- Call for Presentations A RIPE Meeting is an open event where Internet Service Providers, network operators and other interested parties get together. Although the meeting is mostly technical, it is also a chance for people to meet and network with others in their field. RIPE 72 will take place from 23-27 May 2016 in Copenhagen, Denmark. The RIPE Programme Committee (PC) is now seeking content proposals from the RIPE community for the plenary sessions, BoFs (Birds of a Feather sessions), panels, workshops, tutorials and lightning talks at RIPE 72. See the full descriptions of the different presentation formats, https://ripe72.ripe.net/submit-topic/presentation-formats/. Proposals for plenary sessions, BoFs, panels, workshops and tutorials must be submitted for full consideration no later than 15 April 2016. Proposals submitted after this date will be considered depending on the remaining available space in the programme. The PC is looking for presentations covering topics of network engineering and operations, including but not limited to: - IPv6 deployment - Managing IPv4 scarcity in operations - Commercial transactions of IPv4 addresses - Data centre technologies - Network and DNS operations - Internet governance and regulatory practices - Network and routing security - Content delivery - Internet peering and mobile data exchange Submissions RIPE Meeting attendees are quite sensitive to keeping presentations non-commercial, and product marketing talks are strongly discouraged. Repeated audience feedback shows that the most successful talks focus on operational experience, research results, or case studies. For example, presenters wishing to describe a commercial solution should focus on the underlying technology and not attempt a product demonstration. Presenters should indicate how much time they will require. In general, the time allocated for the different presentation formats is as follows: - Plenary presentations: 20-25 minutes presentation with 5-10 minutes discussion - Tutorials: up to two hours (Monday morning) - Workshops: one hour (during evening sessions) to two hours (Monday morning) - BoFs: approximately one hour - Lightning talks: 10 minutes The following general requirements apply: - Proposals must be submitted using the meeting submission system, https://ripe72.ripe.net/submit-topic/submission-form/. - Lightning talks should also be submitted using the meeting submission system (https://ripe72.ripe.net/submit-topic/submission-form/) and can be submitted any time up to and including the meeting week. The allocation of lightning talks will be announced on short notice---in some cases on the same day but often one day prior to the time slot allocated. - Presenters who propose a panel or BoF are encouraged to include speakers from several (perhaps even competing) companies and/or a neutral facilitator. - All presentation proposals will only be considered by the PC if they contain at least draft presentation slides (slides may be updated later on). For panels, proposals must contain a clear description, as well as the names of invited panellists, presenters and moderators. - Due to potential technical issues, presenters/panellists should be physically present at the RIPE Meeting. If you have any questions or requests concerning content submissions, please email pc [at] ripe [dot] net. -- Benno J. Overeinder NLnet Labs http://www.nlnetlabs.nl/

1 0