Interim on Split-DNS joint with DPRIVE-DNSOPS-ADD
agenda-interim-2022-add-01-add-01-04
Meeting Agenda | Adaptive DNS Discovery (add) WG | |
---|---|---|
Date and time | 2022-01-26 17:00 | |
Title | Interim on Split-DNS joint with DPRIVE-DNSOPS-ADD | |
State | Active | |
Other versions | markdown | |
Last updated | 2022-01-21 |
agenda-interim-2022-add-01-add-01-04
January 26, 2022 Joint Interim on Split-DNS ADD-DNSOPS-DPRIV
This is a joint interim with DNSOP, DPRIVE, ADD groups on the topic of Resolver Discovery in Split DNS environments
Meeting Materials, Links
Materials, Charter, Documents
Materials, Charter, Documents
- DNSOP Chairs: Benno Overeinder Suzzane Wolf, Tim Wicinski
- DPRIVE Chairs Brian Haberman, Tim Wicinksi
- ADD Chairs David Lawrence, Glenn Deen
- Area Directors: Warrent Kimari, Eric Vyncke
Session link, minutes, jabber, materials
- Meetecho Link remote participation
- Meeting Minutes
- Meeting Chat
- Materials
Interim Session times
- January 26, 2022, 1700-1830 UTC
Agenda
Administration
- IETF NOTE WELL
- Scribe selection
- Agenda bash
- Welcome from chairs
Introduction
Notes on this session:
- Split DNS is widely deployed operationally and there is a desire for users of it to have a discovery mechanism to discover DoH and DoT relevant resolvers so that they can make use of encrypted DNS.
- This is not organized as a referendum on Split DNS, nor a workshop on how to end the practice.
1. Background on this Discovery for Split DNS discussion
- Split DNS in this context means: Networks having different internal/external name mapping in their DNS name space.
- ADD WG has expressed consensus to work on the problem of DoH/DoT discovery in Split DNS environments
- ADD WG has not yet reached clear consensus at this point on how to address Split DNS discovery
- Issues outside of ADD's charter scope have been expressed as concerns including: (1) Validation of resolvers authority; (2) Validation of answers; (3) Potential Role of DNSSEC
- ADD WG Adopted Drafts on discovery in non Split DNS environments and are nearing WG Last Call:
(1) Discovery of Designated Resolvers;
(2) DHCP and Router Advertisement Options for the Discovery of Network-designated Resolvers (DNR)
2. Acknowledging Split DNS is widely deployed and likely here to stay, what is need for discovery?
2.1 Presentation: Proposed approaches on a few issues - Ben Schwartz et al. (20 minutes + discussion)
- Some items:
- Restricting the scope of discovery to resolers of split-horizon DNS names that are properly rooted in the global DNS.
- Clarification of Terminology for: (1) hybrid resolver/client; (2) authorized split horizon; (3) domain camping
- Using DNSSEC to confirm authority over the split-horizon domains
2.2 Open Mic Line: Discussion on what is important in scoping the discovery requirements
- Seed issues:
- Is validation of resolvers authority to answer queries for domains needed?
- Is answer validation needed for domains resolved in Split DNS environments?
- DNSSEC is generally not used for the non-global names in Do53 Split DNS environments, so why would it be different for Encrypted DNS?
2.3 Other considerations?
- Are there past IETF I-Ds/RFCs that need to be referenced?
- Question to group: Is there related work external to the IETF to be considered?
3.0 Other Discussion Topics
- From Mic Line
4.0 Planning & Wrap up
- 5 min - Wrap up
[agenda end]