NOTE: This charter is a snapshot of the 51st IETF Meeting in London, England. It may now be out-of-date. Last Modified: 31-Jul-01
Lars-Johan Liman <liman@autonomica.se>
Ray Plzak <plzak@arin.net>
Randy Bush <randy@psg.com>
Bert Wijnen <bwijnen@lucent.com>
Randy Bush <randy@psg.com>
General Discussion:dnsop@cafax.se
To Subscribe: dnsop-request@cafax.se
Archive: http://www.cafax.se/dnsop/maillist/
The DNS Operations Working Group will develop guidelines for the operation DNS name servers and the administration of DNS zone files. These guidelines will provide technical information relating to the implementation of the DNS protocol by the operators and administrators of DNS domains. The group will perform the following activities:
1. Define the processes by which Domain Name System (DNS) servers may be efficiently and correctly administered, configured, and operated on Internet networks. This will include root zone name servers, gTLD name servers, and the name servers of other DNS domains. As part of this effort, the group will produce documents explaining to the general Internet community what processes and mechanisms should be employed for the effective management and operation of DNS servers.
2. Publish (or assume sponsorship for) documents concerning DNSSEC procedures.
3. Publish (or assume sponsorship for) documents concerning the education of new/novice DNS "users" (FYI-RFCs).
4. Identify performance measurement tools and evaluate their effectiveness.
The group sees four main areas with related documents:
Root Name Server Operational Requirements draft-bush-dnsop-root-opreq-00.txt Editor: Randy Bush
Multiple servers sharing the same IP address
Editor: Masataka Ohta
Zone KEY RRSet Signing Procedure draft-ietf-dnssec-key-handling-00.txt Editor: Edward Lewis
Performance and measuring Editors: Randy Bush & Michael Patton
Jun 99 |
|
Publish revised Root Server Requirements. |
Jul 99 |
|
Publish revised version of Key Handling. |
Jul 99 |
|
Publish first version of Servers Sharing IP#. |
Sep 99 |
|
WG last call for Root Server Requirements. |
Sep 99 |
|
Publish first version of Performance and Measuring. |
Oct 99 |
|
Publish revised version of Key Handling. |
Oct 99 |
|
Publish revised version of Servers Sharing IP#. |
Nov 99 |
|
Submit Root Server Requirements to the IESG for consideration as Informational (BCP?). |
Dec 99 |
|
Publish 2nd revised version of Servers Sharing IP#. |
Jan 00 |
|
Publish revised version of Key Handling. |
Feb 00 |
|
Publish revised Performance and Measuring. |
Mar 00 |
|
WG last call for Key Handling. |
Mar 00 |
|
WG last call for Servers Sharing IP#. |
May 00 |
|
Publish revised Performance and Measuring. |
May 00 |
|
Submit Servers Sharing IP# to the IESG for consideration as Informational. |
Jun 00 |
|
Submit Key Handling to the IESG for consideration as BCP. |
Aug 00 |
|
WG last call for Performance and Measuring. |
Oct 00 |
|
Submit Performance and Measuring to the IESG for consideration as Informational. |
· Handling of DNS Zone Signing Keys
· Distributing Authorittative Name Servers via Shared Unicast Addresses
· Domain Name System (DNS) Security Key Rollover
· Root Name Servers with Inter Domain Anycast Addresses
· Requiring DNS IN-ADDR Mapping
RFC |
Status |
Title |
RFC2870 |
Root Name Server Operational Requirements |
DNSOP Working Group
IETF 51 - London - 7 August 2001
Prepared by Ray Plzak
1. Open meeting, welcome, and agenda bashing.
Russ Mundy requested time to provide a report on DNSSEC during agenda item
There were no objections.
2. Scribe and blue sheet.
Blue sheet passed around for attendance. Ray Plzak to act as scribe.
3. Reports from projects and workshops.\hfil\break.nl.nl. (Olaf Kolkman, Miek Gieben)\hfil\break NIST (Scott Rose)
a. Olaf presented his report. On July 7 they conducted a 1 day workshop. DNSSEC tasks such as key signing, zone delagation, key rollover were covered. Main conclusion - TSIG works, dnssec is difficult to troulbleshoot, and the documentation could be improved. They operated a secure registry. Dnssec can be taught in a day. Delagation from parent to child is still cumbersome. www..ripe.net/disi for further information.
b. Miek presented his report. Sig@parent works, but the resolver must be adopted to deal with that change. And if one is willing to do that, one can better go with the DS-idea from Olafur. Miek et al. will let sig@parent expire in favor for DS, more information: www.nlnetlabs.nl,
c. Scott presented his report. They conducted a 2 day workshop 26-27 Jun at NIST w/ TIS Labs. The workshop was aimed at .GOV administrators. They used bind 9.1.3 because sig and tsig problems with 9.1.1 Zone transfers with tsig are easy to do and teach. They ran into problems w/ low ttl values doing zone signing and key rollover. Will probably not be deployed in .gov until written policy is developed. They will probably have another one in the Sep - Dec 9.2 comes out.
d. Mark Kosters made a brief comment about the Verisign dnssec project. www.dnssec.research.netsol.com for more information.
e. Russ presented his report. NAI Labs have signed an operational zone tislab.com using current specifications for parent-child. They have also signed zone in carin.net. There is no apparent negative impact with the exception of a response to query from 1 site tripped a human initiated intrusion alarm. The site had received more responses than expected. Russ said that they are using 9.1.1 for ops.
4. draft-ietf-dnsop-keyhand-04.txt (Ed Lewis)
Update of this draft will be put on hold as there are so many problems under fix now that it doesn't make sense to updated the document now
5. draft-ietf-dnsop-rollover-01.txt (D. Eastlake, M. Andrews)
Put on hold until dnsext efforts in this area produce results.
6. draft-ietf-dnsop-resolver-01.txt (Olaf Kolkman)
Olaf presented his draft. There was one question about doing rollover in band. As it was quite complicated it was not answered. The question will be posed on list and answered there.
7. draft-ietf-dnsop-inaddr-required-02.txt (Daniel Senie)
Daniel was not present. There was no presentation. The chair summarized the draft. The chair is looking for strong support to make reverse lookup a requirement without reference to security. If none is evident on the list then the draft will be discarded.
8. draft-esibov-dnsop-suppress-queries-00.txt (Levon Esibov, Stuart Kwan)
No one present. There was no presentation. The chair summarized the draft. It is the opinion of the chair that this draft needs to be modified.
9. draft-crocker-unique-assign-01.txt (Dave Crocker)
Before Dave presented his draft the AD stated draft needs to go IAB/IESG as it does not belong in the WG. Chair removed discussion from agenda but encouraged the wg to stay after the meeting to listen to Dave present his draft
10. Ohta drafts (added item by the chair. not on original agenda because of oversight by the chair.)
Comments on test draft. The test is being conducted on the modified specification draft.
Randy Bush stated that testing is still going on but it needs to be scaled up to see how it scales. More participants are needed.
Ted Hardie stated that the specification draft raises possibility of hijacking attack. He requested that this be added to the test in order to see the operational performance characteristics. The magma wg could be adding some security in this area.
The working group agreed to move the specification draft forward as experimental.
11. Review of charter and discussion of the status of the working group. (Liman)
a. Performance and measuring draft. Remove and reinstate when ready.
b. Key handling postponed until dnsext work is stablized.
c. Chair will send milestones to list for comment
11. AOB
None.
12. Closing
Meeting adjourned.