Minutes interim-2020-dnsop-01: Tue 16:00

Meeting Minutes Domain Name System Operations (dnsop) WG
Title Minutes interim-2020-dnsop-01: Tue 16:00
State Active
Other versions markdown
Last updated 2020-04-18

Meeting Minutes

# DNS Operations (DNSOP) Working Group
## interim-2020-dnsop-01

* Date: 14 April 2020
* Time: 1400-1600 UTC
* Webex:

* Jabber:  dnsop@jabber.ietf.org
* EtherPad: https://etherpad.ietf.org:9009/p/interim-2020-dnsop-01

### Chairs
* Tim Wicinski tjw.ietf@gmail.com
* Suzanne Woolf suzworldwide@gmail.com
* Benno Overeinder benno@nlnetlabs.nl

### IESG Overlord
* Warren Kumari warren@kumari.net

### Document Status
* https://github.com/DNSOP/wg-materials/blob/master/dnsop-document-status.md

### Datatracker
* https://datatracker.ietf.org/wg/dnsop/documents/

# Agenda

## Administrivia
    * Agenda Bashing, Blue Sheets, etc,  10 min
    * Updates of Old Work, Chairs, 10 min

## Current Working Group Business

###  Service binding and parameter specification via the DNS
    - https://datatracker.ietf.org/doc/draft-ietf-dnsop-svcb-httpssvc/
    - Ben Schwartz, 15 min
    - Chairs Action: ?

Stephen Farrell:  Keep the ALPN port;

Paul Vixie: I proposed removing port number. add a warning that operators
should avoid using non-default ports for general Internet use. Non-default
ports may be firewalled in client networks, so may appear to work in testing
but may not work for some clients/users.

Ben Schwartz: We can fix this with 1-2 sentences

Chairs Action:  Want to encourage Interop testing, and WGLC before 108

### DNS Query Name Minimisation to Improve Privacy (bis)
    - https://datatracker.ietf.org/doc/draft-ietf-dnsop-rfc7816bis/
    - Ralph Dolmans, 15min
    - Chairs Action: How close to WGLC?

Ralf Weber: don't minimize forwarding; don't recommend complex mechanisms

Jim Reid: query limiting - wording on labels

Stehane Bortzmeyer: number of queries - SHOULD is reasonable (also, see section
7.1 of RFC 1035)

Paul Vixie: 1) auth misconfig hard to detect, mixed-mode authority and the
delegation has disappeared. with qtype=NS, answer in answer section. 2) rate
limiting have ddos implications.

Joe Abley: not all qtypes are equal. choice of qtype - use 1 qtype and use SOA
as an option.

Ralph Dolmans: maybe small set of qtypes

Joe Abley: any benefit to a small set?

Paul Vixie: Agree with Joe, SOA should be in the mix

Mark Andrews: Forwarders should be trusted, but can't trust beyong forwarder

Warren Kumari: Why are we not using the original qtype

Ralph Dolmans: Pick the most common qtype the upstream would use

Ralph Dolmans: Unbound switched from NS to A, NS queries are sometimes blocked,
but A are not.

Erik Nygren: A vs AAAA query. A may stick out more.

Chairs Action: New Version, then working toward WGLC

## New Working Group Business

### Avoid IP fragmentation in DNS
    - https://datatracker.ietf.org/doc/draft-fujiwara-dnsop-avoid-fragmentation/
    - Kazunori Fujiwara, 15 min

Joe Abley: this is useful

Ralf Weber: Useful

Paul Vixie: No intent to design Path MTU Discovery. Allow someone to do that.

Chairs Action: CfA sent

### The Delegation_Only DNSKEY flag
    - https://tools.ietf.org/html/draft-pwouters-powerbind-03
    - Paul Wouters, 10 min

Ben Schwartz: Likes DNSSEC transparency, Why does it need to be machine

Paul Wouters: How to put into resolvers? Send Q to list

Peter van Dijk: Authorative should check during loading; does not protect child
apex delegation.

Ralf Weber: resolver has to do work. technical solution to political problem.

Joe Abley: adding complexity must have problem to solve

Paul Wouters: Large outside subset to never trust DNSSEC.

Wes Hardaker: DNSSEC transparency because don't trust DNSSEC properly

Joe Abley: World is not as clean as it seems

Warren Kumari: Not sure how this behaves

Paul Wouters: Log all DS changes once this is set

Wes Hardaker: currently have to log every signed record for DNSSEC
transparency. with this bit, only log DS records

Matthijs Mekking:

Chairs Action: Will send out CfA

### Parameterized Nameserver Delegation with NS2 and NS2T
    - https://datatracker.ietf.org/doc/draft-tapril-ns2/
    - Tim April, 15 min

Sam Weiler:  Child/Parent/both no restrictions. new record type that only
appears on the parent is a can of worms.

Matt Pounsett: if redesigning NS, remove the current ambiquity.

Joe Abley:  Can allow clients to never use old policy

Peter van Dijk: Agree with Sam/Joe, as a resolver implementor, this is scary.

Alexander Dupuy: If done, present in parent, and in authority sections.

Paul Hoffman:  Similiar to work done in ADD queue

Ralf Weber: Stub/resolver different than resolver/authorative

Ben Schwartz: Work like this is blocking current dprive work

Chairs Action: Need work and discussion with ADD/DPRIVE/DNSOP chairs

### DNS Catalog Zones & A Data Model for Configuring DNS Zone Provisioning
    - https://datatracker.ietf.org/doc/draft-toorop-dnsop-dns-catalog-zones/
    - Willem Toorop, 15 min

Wes Hardaker: would be good to suceed; should look at RFC6168

Paul Vixie:  supports; Will drop metazone in favor of this

Chairs Action: Catalog Zones - CfA

Chairs Action: Yang - Needs work

## Reference

### BlueSheets

Attendees are asked to visit and enter your Name+Affiliation in the Blue-Sheet
section of the DNSOP Etherpad.

### Mic Line Queue

The Mic Line will use the WebEx chat channel.  To get in the queue type q+ to
leave type q-. Please don't type questions or other things into the WebEx chat
channel as that will make managing the queue very hard for the chairs.  Please
use the Jabber channel for side conversations.

When you connect into WebEx you should start off as auto-muted so you'll
need to unmute yourself to speak when called.

### Helpful Info & Prep

The IETF has prepared a couple of documents to help get everyone ready.



Attendee List
Warren Kumari, Google
Stephen Farell, Trinity College Dublin
Hugo Salgado, .CL
Ralph Dolmans, NLnet Labs
Donald Eastlake, Futurewei
Paul Ebersman, Neustar
Joe Abley, PIR
Joao Damas, APNIC
Willem Toorop, NLnet Labs
John Border, Hughes
Kazunori Fujiawra, JPRS
Mike Bishop, Akamai
Ted Hardie, Google
Murray Kucherawy, Facebook
Tim Wicinski, unaffialted
Stéphane Bortzmeyer, AFNIC
Sean Turner, sn3rd
Shumon Huque, Salesforce
Peter van Dijk, Open-Xchange PowerDNS
Keith Mitchell, DNS-OARC
Ben Schwartz, Google
Sam Weiler, W3C/MIT
John Dickinson Sinodun IT
Vittorio Bertola, Open-Xchange
David Kinzel, Shaw Communications
Ralf Weber, Akamai Technologies
Scott Hollenbeck, Verisign
Michael Gibbs, Verisign
Ash Wilson, Valimail
Eric Orth, Google
Michael Hausding, SWITCH
Jerry Lundström, DNS-OARC
Witold Kręcicki, ISC
Puneet Sood, Google
Paul Vixie, Farsight
Jim Popovitch, DomainMail, LLC (just curious)
Shinta Sato, JPRS
Ladislav Lhotka, CZ.NIC
Joey Salazar, ARTICLE19
Dick Franks, unaffiliated
Zaid AlBanna, Verisign
Tim April, Akamai Technologies
Mallory Knodel, CDT
Matthijs Mekking, ISC
Roland van Rijswijk-Deij, NLnet Labs
Fredereico Neves, Nic.br
Cathy Aronson, ARIN
Mark Andrews, ISC
Pieter Lexis, Open-Xchange PowerDNS
Jeff Osborn, ISC
Duane Wessels, Verisign
Shane Kerr, NS1
Erik Nygren, Akamai
Matthew Pounsett, DNS-OARC
Bernie Innocenti, Google
Petr Špaček, CZ.NIC
James Gould, Verisign
Vladimir Cunat, cz.nic
Denesh Bhabuta, DNS-OARC
daniel migault
Jim Reid, RTFM llp
Alexander Dupuy, Google
David Blacka, Verisign
Robert Story, USC/ISI
Chi-Jiun Su, Hughes Network Systems
Mauricio Vergara Ereche, ICANN
Claire Pershan, unaffiliated
Michael Richardson, Sandelman Software Works
Wes Hardaker, ISI
Kaustubha Govind, Google Chrome
Marc Groeneweg, SIDN
Hugo Kobayashi, NIC.br
Paul Wouters, Red Hat
Paul Hoffman, ICANN
Benno Overeinder, NLNet Labs
Suzanne Woolf, PIR
Dan McArdle, Google/Chrome