- dns-wg - mailman.ripe.net

upcoming meeting ripe 51
by Jaap Akkerhuis 27 Sep '05

27 Sep '05

The minutes of the ripe-51 DNS-WG can found at the usual place: http://ripe.net/ripe/wg/dns/r50-minutes.html The draft agenda follows below. I'll be off ine the week before the RIPE meeting, so please send remarks etc. directly to the list. jaap Agenda Item Time Speaker Title ------------------------------------------------------------------------------------- Wednesday 16:00 -- 17:00 ------------------------------------------------------------------------------------- A 2 min Agenda bashing & Scribe B 10 min Chair Minutes ripe-50; Action points Reports C.1 5 min Olaf Kolkman -- NLnet Labs IETF DNSEXT WG C.2 5 min Marcos Sanz -- DENIC IETF CRISP WG C.3 5 min Scott Hollenbeck -- Verisign EPP: The next steps Proxied by Jaap Talks D 20 min Lorenzo Colitti -- Ripe NCC Effect of anycast on K-root: early results E 10 min Carsten Strotmann -- Men & Mice DNS Guru contest ------------------------------------------------------------------------------------- Thursday 11:00 -- 12:30 ------------------------------------------------------------------------------------- F 10 min Brett Carr -- RIPE NCC DNS restructuring update at RIPE NCC G 15 min Andrei Robachevsky -- Ripe NCC Deprecation of ip6.int H 15 min Johan Ihren -- Autonomica Key rollover Paper & Tools I 15 min Lars-Johan Liman -- Autonomica Ripe NCC secondary service policy J 15 min Jakob Schlyter -- SUNIC DNSSEC in Sweden K 10 min Peter Koch -- Denic Update to RIPE 203 Recommenda- tions for SOA values L 10 min Peter Koch -- Denic ENUM DNS predelegation checks Z 3 min AOB -------------------------------------------------------------------------------------

1 0

DNSSEC Signed Zones at the RIPE NCC
by Brett Carr 26 Sep '05

26 Sep '05

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Colleagues, As part of the project to deploy DNSSEC in the RIPE NCC Service region, we have been signing a number of zones over recent weeks. The following zones are currently signed: ripe.net ripencc.com ripencc.net ripencc.org ripe-ncc.com ripe-ncc.net ripe-ncc.org If you want to configure your resolvers to verify these zones using DNSSEC, you can get the key signing keys for these zones from: https://www.ripe.net/projects/disi/keys/ripe-ncc-dnssec-keys.txt. For information about how to use the keys, and further details about DNSSEC deployment at the RIPE NCC, see: http://www.ripe.net/projects/disi/keys/. Regards Brett Carr RIPE NCC -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQFDN/0pP/nJBHjtetsRAg+dAJ0fMl1aZPRr+r2P+SIZJQZVlQC7ogCfXpYK LsbPUyhiOoYPBthLRf7lDoc= =AQQB

1 0

NREN swapping secondary name-servers?
by João Pagaime 21 Sep '05

21 Sep '05

Hello all, My name is João Pagaime and I work for FCCN, the Portuguese NREN that also operates the ccTLD-PT We're about to move "edu.pt" to a standalone DNS zone, and I'm searching for a secondary name server outside AS1930 Is there any NREN interested in swapping seconday name service? We can provide for secondary name service along the lines layed out bellow Our general requirements guidelines for the edu.pt are the following: availability requirements------------------------ It would be nice to have no more than 12 hours down time every 3 months that's 99.4% of availability response time------------------------------------ Less that 140 ms "DNS round-trip-time", measured from the .PT primary name server "DNS round-trip-time" on this context is considered to be the time it takes to answer a DNS query. We use "dig" to get this value estimated zone size------------------------------ about 2MB (measured at the secondary server text file) estimated query load-------------------------------- 20 queries/sec update/transfer strategy----------------------------- AXFR with notifies (no need to actually respond to notify. SOA timers suffice) 3 updates every day zone access policy-------------------------------- restricted Thank you, João Pagaime

1 1

RIPE-51 contributions sought.
by Jaap Akkerhuis 13 Sep '05

13 Sep '05

Hi All, It is that time off the year again. Over a month or so you all will be gathering in ``sunny'' Amsterdam for the RIPE-51 meeting. The DNS working group meeting is at Wednesday 16:00-17:00 and Thursday 11:00-12:30, see the meeting plan at the usual place: http://www.ripe.net/ripe/meetings/ripe-51/meeting-plan.html Hereby we are seeking contributions of the agenda. Note that the success of the meeting is as usual depending on you contributions. jaap

1 0

Last call for DNSSEC policy proposal
by Jim Reid 12 Sep '05

12 Sep '05

Colleagues, you'll have seen the email from Henk earlier today about the NCC's policy proposal concerning DNSSEC deployment. We're following the new policy development process (PDP) even though this hasn't been formally adopted yet. The discussion phase is now over and Henk has updated the proposal to incorporate the comments that were made. The new documents are at: http://www.ripe.net/rs/reverse/dnssec/draft-dnssec-policy.html http://www.ripe.net/rs/reverse/dnssec/key-maintenance- procedure.html http://www.ripe.net/rs/reverse/dnssec/registry-procedure.html The next stage in the new PDP is the Last Call phase. So this message is to announce that the proposal has entered this phase. We now have 4 weeks to decide whether there is consensus for this proposal. Hopefully this decision can be endorsed by the WG Chairs during RIPE51.

1 0

DNSSEC deployment on the reverse tree.
by Henk Uijterwaal 12 Sep '05

12 Sep '05

Dear Colleagues, In June, Olaf Kolkman wrote: >The RIPE NCC has been involved with the development of the DNSSEC >protocol. Now that the protocol has become available, we plan to >implement DNSSEC on our domains in the reverse DNS tree. The >deployment of DNSSEC is the second and last phase of the Reverse DNS >restructuring project. [...] >We welcome your feedback on this poposal before 1 August 2005. Please >send your comments to the DNS Working Group Mailing List. The comment period was extended to 1 September and some comments were posted to the list. These have all been incorporated and the new documents are at: >You can find the proposed policy at: > ><http://www.ripe.net/rs/reverse/dnssec/draft-dnssec-policy.html>http://www.ripe.net/rs/reverse/dnssec/draft-dnssec-policy.html. > "DNSSEC Key Maintenance Procedure" > ><http://www.ripe.net/rs/reverse/dnssec/key-maintenance-procedure.html>http://www.ripe.net/rs/reverse/dnssec/key-maintenance-procedure.html > "Procedure for Requesting DNSSEC Delegations" > ><http://www.ripe.net/rs/reverse/dnssec/registry-procedure.html>http://www.ripe.net/rs/reverse/dnssec/registry-procedure.html I'm going to suggest to the chairs of the WG to do a last call on these documents and have them published as RIPE documents. Kind regards, Henk ------------------------------------------------------------------------------ Henk Uijterwaal Email: henk.uijterwaal(at)ripe.net RIPE Network Coordination Centre http://www.amsterdamned.org/~henk P.O.Box 10096 Singel 258 Phone: +31.20.5354414 1001 EB Amsterdam 1016 AB Amsterdam Fax: +31.20.5354445 The Netherlands The Netherlands Mobile: +31.6.55861746 ------------------------------------------------------------------------------ Look here junior, don't you be so happy. And for Heaven's sake, don't you be so sad. (Tom Verlaine)

1 0

RIPE Policy Development Process
by Paul Rendek 01 Sep '05

01 Sep '05

Dear Colleagues We are pleased to announce that Rob Blokzijl, RIPE Chair, has published a new RIPE Document, "Policy Development Process in RIPE", (ripe-350). This document formally describes the policy development process. The updated process is operational from today, 1 September 2005. A new RIPE web page describes all the active policy proposals and their status. Each proposal has a page showing its history, status and all supporting documentation. This page can be found at: http://www.ripe.net/ripe/policies/proposals/index.html A new mailing list <policy-announce(a)ripe.net> has been created for announcing policy proposals and tracking them through the policy development process. This is not a discussion list; discussions will continue to take place on relevant RIPE Working Group lists and at RIPE Meetings. You can subscribe to the policy-announce list at: http://www.ripe.net/mailman/listinfo/policy-announce List archives are available at: http://www.ripe.net/ripe/maillists/archives/policy-announce/ Kind regards Paul Rendek Head of Member Services and Communications RIPE NCC

1 0

DNSSEC Policy Development Process
by Daniel Diaz 31 Aug '05

31 Aug '05

Hi, Afaik, the RIPE NCC has polled the Community´s opinion about securing the reverse delegation tree in different ways and occassions and again afaik, there´s always been consensus on this to go forward. Olaf and other NCC colleagues have been working on this for years now (already when I still was at the NCC). After reading the policy, procedure and documents related, I agree with it and think this is a good staring point. As randy says, I see this more as an operational experience previous to full deployment but imho it´s also the closest the RIPE NCC (or any other RIR) can/could do at the moment. I also agree with Jim in taking .arpa as starting point. Imho, 'e164.arpa." could have been a better way to start and gain operational experience first (just for the size of it and the fact, as Jim points out, that it´s managed by the NCC). Still... I agree with the current RIPE NCC plans and procedures. Looking into the documents and procedures, it could be a good idea to produce a "clueless client" oriented document to make this more available to those willing to sign their zones etc... (my 2 cents). Regards. -- Daniel.Diaz DDL14-RIPE

1 0

DNSSEC Policy Development Process
by Jim Reid 30 Aug '05

30 Aug '05

Colleagues, you may recall Olaf posted a proposal to the list a few weeks ago. It was about changes to the in-addr.arpa delegation process to accommodate DNSSEC. In other words, updates to the templates and database to allow for keying material, additional checks at the NCC, etc, etc. I'm surprised and a little disappointed that nobody has commented on Olaf's proposal. Perhaps the timing was bad. Since the proposal emerged in the run-up to an IETF during the summer holidays, maybe everyone was too busy getting a sun tan or reading the latest IETF I- Ds. :-) Olaf suggested a deadline of early August for the consultation period. There's been no response on the list, so I'm reluctant to declare consensus without some feedback from the WG. It would not be wise to presume that the WG's silence implied unqualified consent. So, following a discussion with Peter and Jaap, your WG co-chairs have decided to extend the deadline for comments until the end of August. The WG chairs have a meeting on Aug 31st, so that would be a good opportunity to take the proposed policy forward. I would like to ask all members of the WG to read Olaf's proposal and comment on it before Aug 31st, even if it's just to say that you think the proposal is fine as it is. Your comments and feedback would be greatly appreciated. Thanks.

8 16

FYI
by Jaap Akkerhuis 30 Aug '05

30 Aug '05

A new Request for Comments is now available in online RFC libraries. BCP 109 RFC 4159 Title: Deprecation of "ip6.int" Author(s): G. Huston Status: Best Current Practice Date: August 2005 Mailbox: gih(a)apnic.net Pages: 3 Characters: 5353 SeeAlso: BCP0109 I-D Tag: draft-huston-ip6-int-03.txt URL: ftp://ftp.rfc-editor.org/in-notes/rfc4159.txt This document advises of the deprecation of the use of "ip6.int" for Standards Conformant IPv6 implementations. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Distribution of this memo is unlimited. This announcement is sent to the IETF list and the RFC-DIST list. Requests to be added to or deleted from the IETF distribution list should be sent to IETF-REQUEST(a)IETF.ORG. Requests to be added to or deleted from the RFC-DIST distribution list should be sent to RFC-DIST-REQUEST(a)RFC-EDITOR.ORG. Details on obtaining RFCs via FTP or EMAIL may be obtained by sending an EMAIL message to rfc-info(a)RFC-EDITOR.ORG with the message body help: ways_to_get_rfcs. For example: To: rfc-info(a)RFC-EDITOR.ORG Subject: getting rfcs help: ways_to_get_rfcs Requests for special distribution should be addressed to either the author of the RFC in question, or to RFC-Manager(a)RFC-EDITOR.ORG. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. Submissions for Requests for Comments should be sent to RFC-EDITOR(a)RFC-EDITOR.ORG. Please consult RFC 2223, Instructions to RFC Authors, for further information. Joyce K. Reynolds and Sandy Ginoza USC/Information Sciences Institute ... Below is the data which will enable a MIME compliant Mail Reader implementation to automatically retrieve the ASCII version of the RFCs. --NextPart Content-Type: Multipart/Alternative; Boundary="OtherAccess" --OtherAccess Content-Type: Message/External-body; access-type="mail-server"; server="RFC-INFO(a)RFC-EDITOR.ORG" Content-Type: text/plain Content-ID: <050829145515.RFC(a)RFC-EDITOR.ORG> RETRIEVE: rfc DOC-ID: rfc4159 --OtherAccess Content-Type: Message/External-body; name="rfc4159.txt"; site="ftp.isi.edu"; access-type="anon-ftp"; directory="in-notes" Content-Type: text/plain Content-ID: <050829145515.RFC(a)RFC-EDITOR.ORG> --OtherAccess-- --NextPart Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ IETF-Announce mailing list IETF-Announce(a)ietf.org https://www1.ietf.org/mailman/listinfo/ietf-announce --NextPart--

1 0