* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days

Dnsop Status Pages

Domain Name System Operations (Active WG)
Ops Area: Ignas Bagdonas, Warren Kumari | 1999-Jun-03 —  
Chairs
 
 
 


IETF-103 dnsop minutes

Session 2018-11-05 1350-1550: Chitlada 1 - Audio stream - dnsop chatroom

Minutes

minutes-103-dnsop-00 minute



          # DNS Operations (DNSOP) Working Group
          
          ## IETF 103
          
          * Date: 5 November 2018
          * Time: 13:50-15:50 ICT (0650-0850 UTC)
          * Room: Chitlada 1
          
          * Chairs: Tim Wicinski
          * Chairs: Suzanne Woolf
          * Chairs: Benno Overeinder
          
          * Minutes: Thomas Peterson
          
          * Secretary: Paul Hoffman
          * IESG Overlord: Warren Kumari
          
          * [Document
          Status](https://github.com/DNSOP/wg-materials/blob/master/dnsop-document-status.txt)
          * [DataTracker](https://datatracker.ietf.org/wg/dnsop/documents/)  ---
          
          ## Agenda
          
          ### Administrivia
          * Agenda Bashing, Blue Sheets, etc,  10 min
          * Updates of Old Work, Chairs, 10 min
          
          Next up for DNSOP WG adoption: draft-wessels-dns-zone-digest
          
          Warren Kumari - ipv4.arpa draft
          
          Paul Hoffman: KSK roll side meetings on Wednesday afternoon at 4pm and
          Friday morning at 9am
          
          ### Current Working Group Business
          
          * draft-ietf-dnsop-serve-stale,   Lawrence, 15 min
          
          Stuart Cheshire: I think this is a really good idea, we did something
          similar at iOS 12. iOS behaviour is similar, and works inconjunction
          with Happy Eyeballs. It would be nice if the client could signal to
          the resolver that it could wait for correct answers. Could we discuss
          cache-refresh before expiration?
          
          David Lawrence: Draft now specifies refresh.
          
          Ondrej Sury: Believe this is a good idea, but options should be dropped
          due to security implications. Suggest to document existing implementations
          like Unbound.
          
          Wes Hardaker: Supports this document, and higher TTLs are
          determental. What would you do with EDNS options? The values in timer
          recommendations are less important that defining acceptable ranges.
          
          Paul Wouters: Options are terrible idea, but serve-stale is great idea.
          
          Mukund Sivaraman: RFC2181 should remain to treat it as 0 as it assumes
          an error.
          David Lawrence: Both options (cache for 68 years or constant refresh)
          are terrible
          
          Giovane Moura: Resolvers already deployed in the world already do this,
          e.g. OpenDNS
          
          Chris Lemmons: EDNS makes things more complex, other means should provide
          access to debug information
          
          John Ihren: Who is in the best position to serve stale? The zone owner. Go
          with long TTL, but change update TTL behaviour.
          
          Mark Andrews: We should add a second TTL, a serve stale TTL, and another
          to signify how often things need refreshing. It would require using
          EDNS1 to ensure server support.
          
          David Lawrence: Do you see this as an eveolution?
          
          Mark: We should bite the bullet. EDNS makes signalling a new field to
          client easy. We should give authoritative ability to serve stale for
          and update interval.
          
          * draft-ietf-dnsop-aname,  Chairs,  15 min
          
          Ray Bellis (in discussing draft-bellis-dnsop-http-record-00): CNAME/DNAME
          is a orthoganal problem, as it does not cover "CNAME at the apex". Point
          of HTTP record is to get traction from browser vendors as they dislike
          SRV, as well SRV no good for wildcards. Browsers also islike priority and
          labels. Hopefully minimal changes to browsers. No changes to authoritive
          infrastructure, RDATA identical structure as PTR. Recursors change small -
          optional ability to fill in A/AAAA, and in being optional negates expert
          review. HTTP is just a resource record.
          
          Wes Hardaker: We need to ensure we are looking far ahead, this may bite
          us again in future. This should be solved generically.
          Ray Bellis: Then just get a new record type for it
          
          Mark Andrews: SRV and Port 0 is same as HTTP. Types should not become
          class independant. SRV is perfectly fine.
          Tim: But HTTP people won't touch SRV.
          Wes Hardaker: This would help in the secnario of multiple responses
          Ray Bellis: Have a multiple query types draft in the works.
          
          * draft-ietf-dnsop-rfc7816bis, Hofmann,  15 min
          
          Ondrej Surry: BIND has sponsored work to implement QNAME, release being
          prepared
          
          Petr Spacek: Had QNAME on for ~2 years
          
          Ralph Dolmans: We name QNAME minimisation by default
          
          * draft-ietf-dnsop-7706bis, Hofmann, 15 min
          
          Mukund Sivaraman: This draft is a fine idea, we want resolvers
          closer. Questions about scaling, as every resolver will need a copy of
          a root, which needs testing. Copy of root on a blackhole local network
          resolver.
          
          Wes Hardaker: Issue of running on localhost/1918 address space. Presented
          that draft is more secure and better for privacy. Some roots have turned
          on transfers.
          
          Ondrej Surry: ICANNN have sponsored local copy of root into BIND, and
          will send example configuration.
          
          Paul: If there is language that precludes non-root zone, please call
          it out.
          
          John Levine: Are you providing copies of root with expiring signatures?
          
          Ralf Weber: Why not move this directly into the resolver?
          Paul: This answers resolves getting answers as if it were root, however
          flags may differ
          Ralf: Would you consider moving to the resolver doing this itself?
          Paul: No opposition
          
          Tony Finch (via Jabber): Do we need this when we have NSEC + Prefetch +
          Serve Stale?
          Paul: Aggressive prefetch could do that, which doens't yet exist.
          Petr Spacek: We have explored this, zone is more efficient to get in bulk.
          
          Dan York: At ICANNN this is called "hyper-local".
          
           ### New Working Group Business
          * draft-mayrhofer-did-dns,  Mayrhofer, 10 min
          
          Jim Reid: In the past changes to EnumService, IANA refused to update
          register despite valid use case. Please be careful how you articulate
          to area managers.
          
          * draft-hoffman-dns-special-labels, Hofmann, 15 min
          
          Ondrej Surry: Thank you for doing this, but it's so boring
          
          Petr Spacek: Also grateful but boring
          
          * draft-lhotka-dnsop-iana-class-type-yang, lhotka, 10 min
          
          Ondrej Surry: Who will be doing the updates?
          Ladislav: The idea IANA maintains this model as per the IANA
          considerations
          
          Ian Farrer: Vote of support for the work
          
          Wes Hardaker: The more we have structs and enums available, the
          better. RFC 6168 is worth looking into.
          
          * draft-hoffman-resolver-associated-doh, 15 min
          
          Dan York: Requesting eyes on
          draft-york-dnsop-deploying-dnssec-crypto-algs-01
          
          



Generated from PyHt script /wg/dnsop/minutes.pyht Latest update: 24 Oct 2012 16:51 GMT -