[15:05:26] --- robertml has joined
[15:08:37] --- robertml has left
[15:09:52] --- robertml has joined
[15:31:34] --- robertml has left
[15:37:17] --- oern2 has joined
[15:45:57] --- oern2 has left
[15:51:37] --- JoernClausen has joined
[15:56:04] --- jjmbcom has joined
[16:09:55] --- robertml has joined
[16:15:30] --- Thierry has joined
[16:15:54] --- ag2 has joined
[16:17:36] --- Thierry has left: Replaced by new connection
[16:17:40] --- Thierry has joined
[16:19:39] --- wouter has joined
[16:20:07] --- Jelte Jansen has joined
[16:20:16] --- david has joined
[16:22:36] <wouter> is the jabber scribe for this meeting.
[16:23:54] --- j.schoenwaelder@jabber.eecs.iu-bremen.de has joined
[16:24:10] <wouter> Rob Austin informs the room that we are starting late. Food and drink is too far away and dnsext ended late
[16:24:26] <wouter> The room is filling slowly
[16:25:11] --- pk has joined
[16:25:18] --- yone has joined
[16:25:21] --- jakob has joined
[16:25:22] --- fujiwara has joined
[16:25:44] --- marka has joined
[16:26:27] --- pk has left
[16:27:37] --- dblacka has joined
[16:29:12] --- ggm has joined
[16:29:25] --- Ted Lemon has joined
[16:29:55] --- wgriffin has joined
[16:30:30] <wouter> Peter Koch opens DNSOP WG
[16:30:35] --- msj has joined
[16:30:38] <wouter> Notes the lack of food.
[16:30:52] <wouter> Note well IPR needs to be disclosed is displayed.
[16:30:53] --- onakayu has joined
[16:30:56] <Jelte Jansen> wow
[16:31:03] <Jelte Jansen> sound is much much better here
[16:31:10] --- jinmei has joined
[16:31:12] --- shigeya has joined
[16:31:13] <wouter> WG request tracker , people are encouraged to use it
[16:31:18] <wouter> Japp is the scribe
[16:31:22] --- terry has joined
[16:31:29] <marka> http://www.dnsop.org/
[16:31:49] <wouter> s/Japp/Jaap
[16:31:58] <j.schoenwaelder@jabber.eecs.iu-bremen.de> yes
[16:31:59] <Jelte Jansen> (akkerhuis)
[16:32:00] --- pawal has joined
[16:32:00] --- Simon Josefsson has joined
[16:32:05] <j.schoenwaelder@jabber.eecs.iu-bremen.de> audio is fine
[16:32:11] <Jelte Jansen> i am
[16:32:14] <Jelte Jansen> sound is great
[16:32:17] <ag2> ok
[16:32:19] <wouter> Sound check.
[16:32:20] <rstory> except for the clicking
[16:32:24] --- Suz has joined
[16:32:26] <wouter> Quick review of documents on the agenda
[16:32:32] <wouter> RFC 4339 plushied
[16:32:40] <Jelte Jansen> well it's ten times better than the sound at dnsext
[16:32:42] <wouter> \ipv6 host conf og DNS servers
[16:32:46] --- jaap has joined
[16:32:49] --- psavola has joined
[16:32:51] --- gmarzot has joined
[16:32:57] <wouter> Docs on the way to RFC ed q
[16:33:01] --- koji has joined
[16:33:12] <wouter> ipv6-dnbs-issues-12 (a)
[16:33:14] --- ogud has joined
[16:33:24] <wouter> and (b) dnssec-operational-practices
[16:33:28] <wouter> -08.
[16:33:40] --- geoff has joined
[16:33:49] <wouter> Stuff is resolved for (a).
[16:34:02] <wouter> (b) just entered the queue.,
[16:34:15] <wouter> Although discuss from security AD, but resolved
[16:34:25] <wouter> Docs in or past WGLC
[16:34:36] <wouter> is bad-dns-res-05
[16:34:44] <wouter> Rob hopes to kick away this week
[16:34:58] <wouter> also serverid-06: approx 3 microns away from being done
[16:35:11] <wouter> Needs coauthohr to decide name on it, he decides, it is done.
[16:35:27] <wouter> 6to4-reverse-dns-04. Waiting for writeup from chairs.
[16:35:52] <wouter> Jaap asks if serverid is WGLC?
[16:35:58] --- Thierry has left
[16:36:14] <wouter> It is. since it is informational, no feedback about IESG LC yet
[16:36:27] <wouter> WLC ends 2006 03 24 24:00 UTC
[16:36:37] <wouter> s/WLC/ WG last call
[16:36:57] <wouter> Only a couple of people commented on the maillist.
[16:37:18] <wouter> Asks rooms for volunteer reviewers. Will take names (forgotten last time)
[16:37:41] --- kent has joined
[16:37:44] <wouter> George is asked if he talked to Goeff.
[16:37:55] <wouter> George asks for Goeff an issue on the mike.
[16:38:03] <wouter> Comment: eat our own dog food.
[16:38:27] <wouter> someone feels so strongly to use dynamic DNS update, they should write it up
[16:39:22] <wouter> George admits it was a bit nasty, but it was useful at the time (passwords to own DNS data)
[16:39:35] <wouter> 185 uses of the service
[16:40:18] <wouter> Scaling: george does not know. It was not designed for that, it is a transition mechanism.
[16:40:51] <wouter> Reviewers needed, Peter asks
[16:40:59] --- jakob has left
[16:41:03] <wouter> Please look at the security considerations.
[16:41:26] --- weiler has joined
[16:41:32] --- jakob has joined
[16:41:35] <wouter> George loves the draft and writers of dnsop-serverid.
[16:41:41] <wouter> Reviwers needed.
[16:41:55] <wouter> Olaf is noted for reverse dns
[16:41:58] <wouter> Suzanne
[16:42:15] <Suz> who was the third for reverse dns?
[16:42:17] <wouter> Lingering drafts
[16:42:24] <weiler> kill it
[16:42:28] <Jelte Jansen> i think i heard simon or something?
[16:42:40] <wouter> dnsop-inaddr-required
[16:43:03] <wouter> This is the first lingering draft
[16:43:22] <Jelte Jansen> so i guess that's simon josefsson as the third (correct me if i'm wrong)
[16:43:33] <wouter> Discussed on mailist, but discussion circulated.
[16:43:55] <wouter> Author of draft not in room
[16:44:21] <wouter> Need a list of open issues: above of reverse mapping for authentication can be one, which can then be handled and closed.
[16:44:55] <wouter> Use of request tracker to handle the issue
[16:45:00] <wouter> Sam Weiler heads for the mike\
[16:45:09] --- dcrocker has joined
[16:45:25] <wouter> The submitter let it expire, and had no committment.
[16:45:31] <wouter> Sam does not want to review it for that.
[16:45:47] <wouter> Peter says that editor had committment, but other reasons
[16:46:13] <wouter> Show of hands for reviewers and open issuers list
[16:46:25] --- jjmbcom has left
[16:46:32] <wouter> Names are : Red Carr. About 5 people raise
[16:46:37] <wouter> Andrew sullivan.
[16:46:40] <wouter> Matt Larrson
[16:46:49] <wouter> Gemake Tatia?
[16:46:52] <wouter> Mark Andres
[16:46:53] <wouter> ted Lemon
[16:46:59] <Jelte Jansen> maybe they should do a tally on who made the most on-list comments and volunteer them :)
[16:47:19] <jinmei> Gemake Tatia? => JINMEI Tatuya
[16:47:21] --- bert has joined
[16:47:24] <wouter> Sorry
[16:47:51] <wouter> Second lingering draft: dnsop-respsize. Expired.
[16:48:02] <jinmei> no problem, no one has ever pronounced my name correctly (first time:-)
[16:48:07] <wouter> Authors have received comments in priovate but failed to make updated version. Authors in room.
[16:48:16] <wouter> Sakaya Hatakto (?)
[16:48:46] <Jelte Jansen> i think sound just died, or we have broken mic
[16:48:48] <wouter> Please send him any comments if you have, he apologizes
[16:49:01] <wouter> plenty of mike/sound in the room
[16:49:04] <weiler> Akira Kato, perhaps?
[16:49:10] <wouter> Probably.
[16:49:25] <Jelte Jansen> only a humming on the line, i hear voices way way in the back
[16:49:27] <wouter> Reviews: Andres solluvivan again., Olafur, Jaap
[16:49:35] <wouter> Also Bratt Carrson, Liemann.
[16:49:48] <wouter> And some more I missed. Sorry for bad spelling of your name(s).
[16:49:55] <weiler> Brett Carr, Lars-Johan Liman
[16:50:07] <wouter> WG Charter Discussion
[16:50:11] --- levigner has joined
[16:50:13] <wouter> Thanks Sam.
[16:50:34] <Jelte Jansen> you're doing great, names can be corrected by people who have been here before
[16:50:44] <wouter> Pekka: does that preclude recursive servers? Yes, they are 'resolvers'.
[16:50:59] <wouter> Peter: all servers are included in this.
[16:51:01] <robertml> My sound is messed up.
[16:51:10] <Jelte Jansen> i think someone kicked over the sound station or accidentally stepped on the volume slider
[16:51:15] <weiler> and you're dealing with non-native speaker to non-native speaker translation issues.
[16:51:29] <wouter> Server operators may need guidance as well
[16:51:30] <weiler> we have amplification in the room. I see blinky level lights on the audio mixer.
[16:51:35] --- geir_egeland has joined
[16:51:49] <Jelte Jansen> it's not coming over the remote line :)
[16:51:59] <weiler> and the audio streaming box has a brightly glowing blue LED on it.
[16:52:03] <wouter> Item 4 has been added to the charter. Review of existing DNS frameworks
[16:52:16] <robertml> weiler: it's just odd mp3 - like a DMA isn't being cleared properly.. so some windows machine with too much to do maybe?
[16:52:21] <Jelte Jansen> sound was perfect up to two minutes ago
[16:52:27] <robertml> mp3ish weird sound
[16:52:33] <wouter> Item 4: look at use in other Wgs and use of DNS.
[16:52:58] <wouter> Pekka: review the frameworks today, or the upcoming apps.
[16:53:00] --- j.schoenwaelder@jabber.eecs.iu-bremen.de has left
[16:53:09] <wouter> DDNS, SRV or new ones?
[16:53:15] --- Fang has joined
[16:53:19] <wouter> Peter: We can interpret that any way that best fits.
[16:53:27] <wouter> Current and future usage
[16:53:36] <wouter> Most important ENUM
[16:54:20] <wouter> No not two new drafts immediately.
[16:54:40] <wouter> Rob: roles of WG
[16:54:45] --- liman has joined
[16:54:49] <wouter> sometimes area diore
[16:55:06] <wouter> area director wants wider review. And this group may get
[16:55:15] <wouter> We need to leave room for a couple of those.
[16:55:29] <Jelte Jansen> (the original sound link has good sound but the stream cannot handle it, every second is repeated)
[16:55:32] <wouter> In item 4 we will get more reviews and need more volunteers.
[16:55:49] <Jelte Jansen> and seeing my jabber message lag, i think the ietf is having bandwith problems
[16:55:52] <weiler> should we reboot the mp3 box?
[16:55:55] <wouter> Does anyway feel the charter is too narrow?\
[16:56:04] <wouter> ED lewis: 2 items.
[16:56:08] <wouter> 1: resolver is not there.
[16:56:27] <wouter> how do searching. Weree to be
[16:56:32] <weiler> re: bandwidth. well, I was getting >800MB/s through bittorrent during dnsext.
[16:56:37] <wouter> 2. performance to measure server
[16:56:54] <Ted Lemon> Ah, so it's *your* fault, Sam! :')
[16:57:15] <david> Considering the amount of bandwidth available into the hotel I would doubt any bandwidth issues
[16:57:19] <wouter> 1. search path issues? retransmit intervals? freqecnies? Yes all three of those are meant
[16:57:31] <weiler> sorry: 800KB/s, not MB.
[16:57:42] <Jelte Jansen> very strange, the 'local' link has bad sound, but the original link skips and repeats (but with good sound)
[16:57:55] <wouter> the item 4i s about protocols, and the rest serverside stuff. And he sees no resolver topics
[16:58:13] <wouter> configurations and default values. Not protocol related.
[16:58:23] <wouter> He will send suggestions to the list
[16:58:47] <wouter> 2. perf. ?Is that about sponsoring such measurements?
[16:59:00] --- JoernClausen has left
[16:59:07] <wouter> quite a few organisations want DNS and want certain performance
[16:59:07] --- sharonchisholm has joined
[16:59:20] <wouter> How to define how to measurement guidelines
[16:59:34] <wouter> So measurement methodology
[16:59:40] <wouter> not the actual measurements.
[16:59:41] --- patrik has joined
[16:59:46] <wouter> Antew Hong"
[17:00:02] --- gordon.lennox has joined
[17:00:09] <wouter> Many documents have terminology issues with DNS
[17:00:22] <Ted Lemon> That's Alain Durand, btw.
[17:00:32] <wouter> Some doc to clarify the terminology. DNS server, recursive server, etv instead of asking Rob
[17:00:34] --- narten has joined
[17:00:46] <wouter> Thx. Ted
[17:00:50] <Ted Lemon> np
[17:00:59] <wouter> Peter is not sure this WG is the place or the only place.
[17:01:06] <wouter> Asks Olaf or DNSEXT WG for comment/
[17:01:20] <Jelte Jansen> i don't know about other remote listeners, but both sound links aren't listenable, so by my count you can try to reset the mp3 box if it might help
[17:01:26] <wouter> Olaf: as soon as such a draft exists as a personal submission he will let it land in DNSEXT WG.
[17:02:13] <wouter> Will get review in DNSEXT. Where it is rooted is not that important.
[17:02:24] <wouter> Anone else about charter?
[17:02:27] --- Jeff Yeh has joined
[17:02:51] <wouter> The screen is restored and we continue with:
[17:02:57] <robertml> jelte: I shut down my player, because it's just utter crap.
[17:03:02] <wouter> LC on the charter will be done, after comments are taken in
[17:03:26] <wouter> Going through milestones.
[17:03:48] --- fneves has joined
[17:03:55] <wouter> Other inet drafts: two
[17:04:09] <wouter> 1: krishnaswamy dnssec-split-view-02
[17:04:15] <wouter> suresh will do presentation.
[17:04:15] --- wgriffin has left
[17:04:28] <wouter> 2: is andrews about full-service-...
[17:04:35] <wouter> Presentation by Suresh.
[17:04:44] <wouter> Not much traffic on list.
[17:04:58] <wouter> Why do people use split views?
[17:05:22] <wouter> - firewalls/NATS, network mgt, VPNs, and bad notion of security
[17:05:37] <wouter> and probably more.
[17:05:58] <wouter> Is split view good idea? Maybe.\
[17:06:01] <david> I have filed a ticket with the noc for the audio feed and they are going to work at it
[17:06:13] <wouter> We cannot stop using it
[17:06:22] <wouter> We should WG care about split views
[17:06:43] <wouter> one name gives two different legit answers and both may be right
[17:06:56] <wouter> Can go wrong easily
[17:07:14] <wouter> What is in draft: a way to configure
[17:07:23] <wouter> so that bad things are n
[17:07:31] <wouter> minimally happening (hopefully)
[17:07:54] <wouter> Important, widely deployed, we want DNSSEC deployed
[17:08:00] <wouter> Summary.
[17:08:20] <wouter> We need more reviews and comments on the list.
[17:08:46] <wouter> Rob asks if volunteers.
[17:08:54] <wouter> Right topic?
[17:09:03] <wouter> Comments, Mark trips over projector
[17:09:28] --- jinmei has left
[17:09:36] <wouter> Mark: give guidance to admins, lots of scenarios, cover all reasonable ones.\
[17:09:59] <wouter> Rob ponders if it kills it.
[17:10:13] <wouter> Mark, Sam, Matt Larson, Jacob, Wes reviewers
[17:10:19] --- arifumi@2entwine.net has joined
[17:10:28] --- jinmei has joined
[17:10:35] <wouter> Also, Jeff simson, Andrew Sullivan, Scott Rose. And in the back
[17:10:38] <wouter> David Blacka
[17:10:47] <wouter> Olaf.
[17:10:59] <wouter> Someone who shouts his name too
[17:11:00] <weiler> Geoff Sisson; someone from NLnet labs (via Olaf)
[17:11:08] <weiler> Howard Eland
[17:11:23] <wouter> Not yet a WG doc until reviewers do so
[17:11:54] <wouter> Mark gives a presentation
[17:12:14] <wouter> Q. Should there be a registry of zones which need to bve created
[17:12:28] <weiler> oh, look, another document trying to be killed.
[17:13:00] <Jelte Jansen> ah! sound seems to be back
[17:13:22] <wouter> For people who did not read: it suggests that recurs nameservers, should authoritatively a query for a default list of items (nxdomain) list has 10.xxxx and 1692.168... and so.
[17:13:25] <weiler> maybe the audio stream was being dumped into AS112.
[17:13:55] <wouter> Also for iterative full service reesolvers.\
[17:14:08] <wouter> Should IANA maintain a list of zones, how to get ON and to get OFF
[17:14:13] <ag2> slides?
[17:14:18] <geoff> Sam: which don't you like: proposal or specific draft?
[17:14:31] <wouter> ON will make the namespace polluted, taking OFF will take a long time.
[17:14:46] <wouter> Some nods agree, no nods against.
[17:14:50] <weiler> no specific objection -- just following my general pattern of trying to get rid of drafts from dnsop.
[17:14:51] <wouter> Peter sees no movement at all.
[17:15:00] <wouter> For people that read the draft.
[17:15:12] <wouter> 1. draft good idea?
[17:15:29] <wouter> 2? is the list so stable no maintenance and hardcoded in list.
[17:15:37] <wouter> update would be updating the RFC.
[17:15:45] <weiler> can we add gtld-servers.net to the list?
[17:15:57] <wouter> or have IANA registry and rules for updates. And text in security considerations.
[17:16:27] <wouter> Hum hardcoded , hum IANA registry.
[17:16:33] <wouter> dont care hum.
[17:16:43] <wouter> Results in confused Peter
[17:16:57] <wouter> Resonance versus volume.
[17:17:39] <wouter> Some space is open.
[17:17:54] <wouter> Olafur asks q. Do people see harm in registry?
[17:18:07] <wouter> he sees additions in the future.
[17:18:41] <wouter> But IETF standards action to get it done is right. High barrier, Olaf agrees with Olafur.
[17:18:56] <wouter> Olaf: Flexibility with registrry buys you future.
[17:19:05] <wouter> Noboy wants weaker than standards action.
[17:19:22] <wouter> In terms of work is the same. Registry is single place to look for the list./
[17:19:47] <wouter> Goeff asks for a nice list to be distributed.
[17:19:59] <wouter> Some hardcoded list? File that is periodically updated?
[17:20:21] <wouter> Rob: root.hints not updated often.
[17:20:30] <wouter> Goeff wants registry, for changes.
[17:20:56] <wouter> Sam Weiler: thinks changes, it will be useful for picking implementers same code points
[17:21:14] <wouter> It does not need to be unique list, only need to repeat list with extra items.
[17:21:32] <wouter> Stnda
[17:21:47] <wouter> Sam: no registry, need the action anyway.
[17:21:55] <wouter> Olaf: registry is place
[17:22:03] <wouter> David Conard
[17:22:38] <wouter> As an indiviual: I would like to track down easily the values.
[17:22:51] <wouter> Fendstrom. Sam why not a registry?
[17:23:07] <wouter> Sam: He sees no need for one, but has no objection to one.
[17:23:26] <liman> s/Fendstrom/Faltstrom/
[17:23:30] <wouter> Fend: are you saying that the extra cost is not good?
[17:23:37] <wouter> oospi.
[17:23:45] <wouter> Sam: Sees no benefit for the extra cost.
[17:23:56] <wouter> Chairs see consesnsus in the room.\
[17:23:59] <wouter> Mark continues.
[17:24:06] <wouter> IP4 spaces
[17:24:43] <wouter> RFC 1918. 0.in-addr.arpa, 127..arpa, 254.169..arpa 2.0.192 arpa arpa
[17:24:56] <wouter> Any people screaming on this list?
[17:25:08] <wouter> why not 255/8?
[17:25:20] <wouter> That is abig piece of class E.
[17:25:33] <wouter> ipv6 list
[17:25:51] <wouter> local unicasyt addresses, ::arpa, 1::arpa
[17:26:12] <wouter> d.f.ip6.arpa, (locally assigned local addresses. Link local address.
[17:26:36] <wouter> we dont want link local propagated out, they are ambigous Mark says.
[17:26:48] <wouter> Mike, Alain Durand.
[17:27:05] <wouter> Would like to have DNS services internal to network.
[17:27:36] <wouter> By default these will be nameerrors, but you can override this Mark says.
[17:27:45] --- dcrocker has left
[17:27:46] <wouter> Mark says these lists will be defaults only, you can override.
[17:27:57] <wouter> These lists are nameerrored out of the box config
[17:28:13] <wouter> You can override if you use them/
[17:28:24] <wouter> If you use them you need to set it up anyway
[17:28:40] <wouter> Alain: difficult setup to maintain
[17:28:52] <wouter> Sees operational iffues
[17:28:54] <wouter> issues
[17:29:31] <wouter> Some more text on this could be added to the doc.
[17:29:42] <wouter> Alain is volunteered for text.
[17:30:09] <wouter> Peter solicits feedback
[17:30:33] <wouter> Do not want to the list too big
[17:31:17] <wouter> Mark leaves. Take names on peop ewviers.
[17:31:39] <wouter> Frederico, Matt, David Conrad as individual, Goeff Sisson, Brett, Olafur,
[17:31:45] <wouter> And two mroe\
[17:31:49] <wouter> Alain
[17:32:10] <wouter> Peter apologizes for being ahead of schedule.
[17:32:18] <Jelte Jansen> hehe
[17:32:21] <wouter> Current and New Topics
[17:32:27] <Jelte Jansen> someone's hungry :)
[17:32:37] <wouter> :-) Social is tonight.
[17:32:58] <wouter> Please raise voice about inscure delegations
[17:33:20] <wouter> Next presentation, this is Jakob
[17:33:28] <wouter> about DNSSEC validation performance
[17:33:58] <wouter> What is the performance hit on ISP resolver if they enable DNSEC validation today?
[17:34:11] <wouter> for .SE today
[17:34:24] <wouter> with ISC BIND 9.3.2. and Nominum CNS
[17:34:33] <wouter> not unbound, too slow anyway
[17:34:57] <wouter> Test setup. Query to resolver(slow machine), to internet
[17:35:12] <wouter> 1 hour of queries collected, afternoon peak hours
[17:35:22] <wouter> queries anonymised.
[17:35:36] <wouter> loat 966 queries per second
[17:35:46] <wouter> 1st test without and with validation
[17:35:48] --- geoff has left
[17:35:51] --- geoff has joined
[17:36:18] <wouter> DNS faster than BIND.
[17:36:36] --- Jeff Yeh has left: Computer went to sleep
[17:36:39] <wouter> Diff Bind vs CNS not impolrtant, more perf frop.
[17:36:43] <wouter> perf drop
[17:36:52] <wouter> CNS change is 64% of orig performance.
[17:37:03] <wouter> BIND is 98% or orig performace. It did not lose speed
[17:37:08] --- geoff has left
[17:37:21] <wouter> Typical load, so it does not matter for ISP
[17:37:38] <wouter> Observations: No major hits with BIND.
[17:37:52] <wouter> DNS faster anyway than BIND, but loses a bit with validation
[17:38:27] <wouter> Comments from the audience
[17:38:39] <wouter> (CNS faster all the time)
[17:39:05] <wouter> One product got updated, but without source code.
[17:39:10] <wouter> (laughter)
[17:39:19] <wouter> People feel this is useful.
[17:39:32] <wouter> Jakob leaves the floor
[17:39:43] <wouter> Peter has mike.
[17:39:59] <wouter> Next topic is /Open Resolvers/
[17:40:23] <wouter> Discusssion on list.
[17:40:34] <wouter> Many people aware of problem. Man y hands
[17:40:58] <wouter> Many people may not know you are running open recursive nameserver. Some do know
[17:41:31] <wouter> WG work on doc for help for those servers?
[17:41:44] <wouter> Open discussion.
[17:42:05] <wouter> Make a BCP on how or how not to manually/default configure and open nameservber, No not open
[17:42:14] <wouter> laughter. People line up on the mike
[17:42:26] <wouter> Rob Austein, not chair-mode:
[17:43:06] <wouter> Wants backing from IESG that open nameserver is not such a good idea anymore. That it is not such a sane default anymore. Rob chair again.
[17:43:13] <Jelte Jansen> i concur to rob
[17:43:22] <wouter> Olaf. Already a doc in BCP 38
[17:43:33] --- Jeff Yeh has joined
[17:43:39] <wouter> That deployment would have lessened.
[17:43:53] <wouter> Olaf: doc is a good idea, for peopl to refer too.
[17:43:59] <wouter> Mark: we need a document.
[17:44:15] <wouter> Affects authoritative nameservers as well.
[17:44:29] <wouter> Restrict where they accept queries from, does not solve all
[17:44:33] <robertml> Of 19000 name servers who had asked a question to one of my TLD name servers within a short period of time, I later testede them and 33% of those were open.
[17:44:59] <wouter> ISP is doing BCP 38?
[17:45:11] --- sharonchisholm has left
[17:45:20] <wouter> Mundy: what do you mean, how to configure?
[17:45:47] <wouter> That gets to particular code bases, we do not want that. Peter sorry, did not mean that.
[17:46:01] <wouter> Provide guidance for default configs
[17:46:23] <wouter> Conrad as indiv again: OK to have an appendix, for popular nameservers.
[17:46:41] <wouter> state that default should be closed unless explicitly configured.
[17:46:46] <wouter> Jaap (scribe:) on mike:
[17:46:58] <wouter> Peter talks:
[17:47:09] <wouter> we have terminology problem here.
[17:47:37] <wouter> BCP 38 nobody opposed that, may be good, but DNS op may give additinoal guidance
[17:47:51] <wouter> And attackers may look for other attack vectors
[17:48:41] <wouter> Jaap Akkerhuis: points out that other people have produced reports.
[17:48:43] <Jelte Jansen> sound broke again
[17:48:56] <wouter> Three are named. We may be a bit late.
[17:48:59] <Jelte Jansen> oh wait, never mind
[17:49:07] <wouter> Extra work for nothing
[17:49:28] <wouter> Are we fast enough or does anyone have the need or wish to have such a doc with IETF in the title.
[17:49:44] <wouter> Mark: Ahm
[17:49:58] <wouter> Having IETF in the title is an advantage
[17:50:16] <wouter> Rob: Like it quickly\
[17:50:35] <wouter> Not a new problem, years ago.
[17:51:08] <wouter> As a note to the rest of IETF, this can happend to you too
[17:51:25] <wouter> Andrew: BCP 38 lack of uptake, They will ignore this advice as well
[17:51:58] <wouter> David Hankins: could make them not open out of the box.
[17:52:05] <wouter> not the same.
[17:52:23] <wouter> BCP 38 solves, discussion BCP 38 halted by Peter
[17:52:35] --- kent has left: Disconnected
[17:53:00] --- msj has left
[17:53:04] <wouter> Peter (no hat): related problem EDNS 0 receiving a bad reputation, is harmful, because we want EDNS0 potential to be used
[17:53:26] <wouter> Dont want EDNS0 shut down on firewalls
[17:53:44] <wouter> DNSSECbis does nto work without EDNS0. (period)
[17:54:01] <wouter> ENUM will not work without EDNS0 and increased packet sizes either.
[17:54:10] <wouter> Who will say that open servers are nice?
[17:54:19] <wouter> Jaap jokes.
[17:54:42] <wouter> Mark: have their uses. Be nice if we could actually do thin
[17:54:59] <wouter> equiv things
[17:55:19] --- xiaodong.lee has joined
[17:55:28] <wouter> Olafur: good uses for testing operational debugging
[17:55:36] <wouter> and for new versions of software
[17:55:45] <wouter> protocol test
[17:55:51] <wouter> maybe not sie widely
[17:55:56] <wouter> research target
[17:56:10] <wouter> Recursive off will pound on the auth servers
[17:56:31] <wouter> Not only amplifier but also other stuff? Spoof/poisoning?\
[17:56:59] <wouter> <?>: sees cases where historical reasons to continue use
[17:57:17] <jakob> jinmei at the mike
[17:57:46] <wouter> Service alrea
[17:57:51] <wouter> Service how to migrate it
[17:57:54] <wouter> Thx jacob :)
[17:58:07] <wouter> : Agrees with speaker that it can be useful, but default is off
[17:58:37] <wouter> Sam Weiler: if we overdo the attack will go somewhere else.
[17:58:56] <wouter> Just the pain of changing it , and attack moves around.
[17:59:06] <wouter> Mark: Guidance to distribute keys for roaming
[17:59:19] <wouter> How to bootstrap that environment.
[17:59:33] <wouter> People have open because they do not know where customers are.
[17:59:39] --- ag2 has left
[17:59:55] <wouter> Matt Larson: about moving problem. You are hard pressed for a 4k response for a lot of auth servers.
[18:00:04] --- geoff has joined
[18:00:07] <wouter> Recursive you can get it anywhere.
[18:00:07] --- gordon.lennox has left
[18:00:16] <wouter> The amplification factor is smaller then.
[18:00:22] <wouter> Mark: 'Yet'
[18:00:49] <wouter> Suzanne: Moving the pain, but we don't want inadvertant people doing this instead of on purpose useful
[18:00:58] <wouter> Suzanne: I am Bill Manning
[18:01:11] <Jelte Jansen> hehehe
[18:01:15] <geoff> I agree with Sam's comment but attacks via open resolvers dramatically lowers the barriers to entry
[18:01:19] <weiler> wouter is Bill Manning
[18:01:31] <wouter> Ssh, don't reveal this! :-)
[18:01:39] <Suz> we're all Bill Manning
[18:01:45] <wouter> Peter continues,
[18:01:46] <weiler> bill manning asks.....
[18:01:50] <geoff> Much cheaper than creating/buying botnet, the current next best thing
[18:02:01] <geoff> (that I know of)
[18:02:10] <wouter> Who is willing to be editor/co editor of the document?
[18:02:19] <weiler> bill manning
[18:02:48] <wouter> Mark asks about shcedule which is ASAP
[18:02:59] <wouter> Matt held up arm. Joeao(?)
[18:03:04] <wouter> Freederico
[18:03:10] <wouter> Fame and glory?
[18:03:29] <wouter> Or blame, three editors chosen. Reviewers?
[18:03:35] <wouter> A number of fast cycles.
[18:03:51] <wouter> Jakob, Sam, Ted Lemon, Jaap, Jeff. Matt cant be both
[18:03:58] <wouter> Patrick
[18:04:10] <wouter> COnrad already loves the doc
[18:04:17] <wouter> Andrew and Howard
[18:04:22] <wouter> And John Crane
[18:04:28] <wouter> Perhaps Roy?\
[18:04:33] <wouter> We have a number
[18:04:42] <wouter> Does WG want to do the doc?
[18:05:05] <wouter> Hum: nobody opposes the doc in the WG
[18:05:25] <wouter> Roy volunteers.
[18:05:31] <weiler> as an editor, I believe.
[18:05:32] <robertml> well, hums doesn't get picked up by the mikes anyway..
[18:05:34] <wouter> It happens to be for open resolver stuff
[18:05:51] <wouter> Next topic
[18:06:00] <wouter> We are absolutely on schedule
[18:06:06] <wouter> I/O with other WGs
[18:06:20] <weiler> I/O, I/O, it's off to the social we go...
[18:06:23] <wouter> The Universal Deployment of EDNS0 (and world domination)
[18:07:02] <wouter> : We have enough feedback for contact point between two groups
[18:07:21] <wouter> lets continue like now. (? group and speaker, but people are happy)
[18:07:26] <wouter> Patrick is happy
[18:07:45] <wouter> Patrick spoke. and for his WG
[18:07:46] <Suz> and declining to warn us in detail of why we might not be happy soon
[18:07:48] <david> Your AD is happy as well!
[18:08:07] <wouter> A.O.B point on agenda.
[18:08:12] <wouter> Any on Jabber?
[18:08:14] --- msj has joined
[18:08:22] <wouter> Rob:
[18:08:35] <wouter> Peter again, goes to indiv Mike
[18:08:48] --- msj has left
[18:09:11] <wouter> hats off: Terminology point. A draft on glue addresses some terms, but not dnsop in the name.
[18:09:32] <wouter> Indiv submissions. Perhaps we can look at it. Where to go with it?
[18:10:03] <wouter> It is about different glue policies. He asks for feedback on the document. A more informal plea for looks at it.
[18:10:08] --- weiler has left
[18:10:16] <wouter> Peter hat = on.
[18:10:22] --- jakob has left
[18:10:26] --- onakayu has left
[18:10:29] --- xiaodong.lee has left
[18:10:30] <wouter> Blue sheets are handled.
[18:10:31] --- terry has left
[18:10:35] --- koji has left
[18:10:37] --- Suz has left
[18:10:46] --- jinmei has left
[18:10:47] --- ogud has left
[18:10:47] <wouter> Peter thanks everyone for coming.
[18:10:50] --- Jeff Yeh has left
[18:10:55] --- jinmei has joined
[18:10:55] --- pawal has left: Logged out
[18:11:00] --- robertml has left
[18:11:01] --- dblacka has left
[18:11:06] --- Ted Lemon has left
[18:11:12] --- shigeya has left: Logged out
[18:11:15] --- jinmei has left
[18:11:19] --- patrik has left
[18:11:44] --- david has left
[18:11:44] --- fujiwara has left: Logged out
[18:11:48] --- rstory has left
[18:11:59] --- Fang has left
[18:13:23] --- liman has left
[18:13:29] --- marka has left
[18:15:43] --- wouter has left: Logged out
[18:17:11] --- jaap has left
[18:18:50] --- msj has joined
[18:18:59] --- arifumi@2entwine.net has left
[18:19:31] --- narten has left
[18:20:43] --- msj has left
[18:22:09] --- yone has left
[18:23:55] --- geir_egeland has left
[18:25:30] --- geoff has left
[18:28:15] --- levigner has left
[18:29:32] --- ggm has left
[18:29:43] --- fneves has left
[18:33:11] --- gmarzot has left
[18:36:53] --- psavola has left
[18:37:17] --- bert has left: Replaced by new connection
[18:37:18] --- bert has joined
[19:10:19] --- bert has left
[19:11:53] --- msj has joined
[19:13:18] --- msj has left
[19:53:46] --- ogud has joined
[19:55:05] --- levigner has joined
[19:56:18] --- Jelte Jansen has left
[20:23:35] --- msj has joined
[20:23:56] --- msj has left
[20:29:04] --- ogud has left
[20:30:49] --- levigner has left
[23:50:51] --- levigner has joined
[23:57:42] --- levigner has left: Replaced by new connection
[23:57:42] --- levigner has joined
[23:57:42] --- levigner has left