Minutes interim-2020-dnsop-01: Tue 16:00
|Meeting Minutes||Domain Name System Operations (dnsop) WG|
|Title||Minutes interim-2020-dnsop-01: Tue 16:00|
DNS Operations (DNSOP) Working Group
- Date: 14 April 2020
- Time: 1400-1600 UTC
- Webex: https://ietf.webex.com/ietf/j.php?MTID=m706bba8b48e3db3db02d72f0941b2630
- Jabber: firstname.lastname@example.org
- EtherPad: https://etherpad.ietf.org:9009/p/interim-2020-dnsop-01
- Tim Wicinski email@example.com
- Suzanne Woolf firstname.lastname@example.org
- Benno Overeinder email@example.com
- Warren Kumari firstname.lastname@example.org
* Agenda Bashing, Blue Sheets, etc, 10 min * Updates of Old Work, Chairs, 10 min
Current Working Group Business
Service binding and parameter specification via the DNS
- https://datatracker.ietf.org/doc/draft-ietf-dnsop-svcb-httpssvc/ - Ben Schwartz, 15 min - Chairs Action: ?
Stephen Farrell: Keep the ALPN port;
Paul Vixie: I proposed removing port number. add a warning that operators should avoid using non-default ports for general Internet use. Non-default ports may be firewalled in client networks, so may appear to work in testing but may not work for some clients/users.
Ben Schwartz: We can fix this with 1-2 sentences
Chairs Action: Want to encourage Interop testing, and WGLC before 108
DNS Query Name Minimisation to Improve Privacy (bis)
- https://datatracker.ietf.org/doc/draft-ietf-dnsop-rfc7816bis/ - Ralph Dolmans, 15min - Chairs Action: How close to WGLC?
Ralf Weber: don't minimize forwarding; don't recommend complex mechanisms
Jim Reid: query limiting - wording on labels
Stehane Bortzmeyer: number of queries - SHOULD is reasonable (also, see section 7.1 of RFC 1035)
Paul Vixie: 1) auth misconfig hard to detect, mixed-mode authority and the delegation has disappeared. with qtype=NS, answer in answer section. 2) rate limiting have ddos implications.
Joe Abley: not all qtypes are equal. choice of qtype - use 1 qtype and use SOA as an option.
Ralph Dolmans: maybe small set of qtypes
Joe Abley: any benefit to a small set?
Paul Vixie: Agree with Joe, SOA should be in the mix
Mark Andrews: Forwarders should be trusted, but can't trust beyong forwarder
Warren Kumari: Why are we not using the original qtype
Ralph Dolmans: Pick the most common qtype the upstream would use
Ralph Dolmans: Unbound switched from NS to A, NS queries are sometimes blocked, but A are not.
Erik Nygren: A vs AAAA query. A may stick out more.
Chairs Action: New Version, then working toward WGLC
New Working Group Business
Avoid IP fragmentation in DNS
- https://datatracker.ietf.org/doc/draft-fujiwara-dnsop-avoid-fragmentation/ - Kazunori Fujiwara, 15 min
Joe Abley: this is useful
Ralf Weber: Useful
Paul Vixie: No intent to design Path MTU Discovery. Allow someone to do that.
Chairs Action: CfA sent
The Delegation_Only DNSKEY flag
- https://tools.ietf.org/html/draft-pwouters-powerbind-03 - Paul Wouters, 10 min
Ben Schwartz: Likes DNSSEC transparency, Why does it need to be machine readable?
Paul Wouters: How to put into resolvers? Send Q to list
Peter van Dijk: Authorative should check during loading; does not protect child apex delegation.
Ralf Weber: resolver has to do work. technical solution to political problem.
Joe Abley: adding complexity must have problem to solve
Paul Wouters: Large outside subset to never trust DNSSEC.
Wes Hardaker: DNSSEC transparency because don't trust DNSSEC properly
Joe Abley: World is not as clean as it seems
Warren Kumari: Not sure how this behaves
Paul Wouters: Log all DS changes once this is set
Wes Hardaker: currently have to log every signed record for DNSSEC transparency. with this bit, only log DS records
Chairs Action: Will send out CfA
Parameterized Nameserver Delegation with NS2 and NS2T
- https://datatracker.ietf.org/doc/draft-tapril-ns2/ - Tim April, 15 min
Sam Weiler: Child/Parent/both no restrictions. new record type that only appears on the parent is a can of worms.
Matt Pounsett: if redesigning NS, remove the current ambiquity.
Joe Abley: Can allow clients to never use old policy
Peter van Dijk: Agree with Sam/Joe, as a resolver implementor, this is scary.
Alexander Dupuy: If done, present in parent, and in authority sections.
Paul Hoffman: Similiar to work done in ADD queue
Ralf Weber: Stub/resolver different than resolver/authorative
Ben Schwartz: Work like this is blocking current dprive work
Chairs Action: Need work and discussion with ADD/DPRIVE/DNSOP chairs
DNS Catalog Zones & A Data Model for Configuring DNS Zone Provisioning
- https://datatracker.ietf.org/doc/draft-toorop-dnsop-dns-catalog-zones/ - https://datatracker.ietf.org/doc/draft-toorop-dnsop-dns-zone-provisioning-yang/ - Willem Toorop, 15 min
Wes Hardaker: would be good to suceed; should look at RFC6168
Paul Vixie: supports; Will drop metazone in favor of this
Chairs Action: Catalog Zones - CfA
Chairs Action: Yang - Needs work
Attendees are asked to visit and enter your Name+Affiliation in the Blue-Sheet section of the DNSOP Etherpad.
Mic Line Queue
The Mic Line will use the WebEx chat channel. To get in the queue type q+ to leave type q-. Please don't type questions or other things into the WebEx chat channel as that will make managing the queue very hard for the chairs. Please use the Jabber channel for side conversations.
When you connect into WebEx you should start off as auto-muted so you'll need to unmute yourself to speak when called.
Helpful Info & Prep
The IETF has prepared a couple of documents to help get everyone ready.
Warren Kumari, Google Stephen Farell, Trinity College Dublin Hugo Salgado, .CL Ralph Dolmans, NLnet Labs Donald Eastlake, Futurewei Paul Ebersman, Neustar Joe Abley, PIR Joao Damas, APNIC Willem Toorop, NLnet Labs John Border, Hughes Kazunori Fujiawra, JPRS Mike Bishop, Akamai Ted Hardie, Google Murray Kucherawy, Facebook Tim Wicinski, unaffialted Stéphane Bortzmeyer, AFNIC Sean Turner, sn3rd Shumon Huque, Salesforce Peter van Dijk, Open-Xchange PowerDNS Keith Mitchell, DNS-OARC Ben Schwartz, Google Yoshiro YONEYA, JPRS Sam Weiler, W3C/MIT John Dickinson Sinodun IT Vittorio Bertola, Open-Xchange David Kinzel, Shaw Communications Ralf Weber, Akamai Technologies Scott Hollenbeck, Verisign Michael Gibbs, Verisign Ash Wilson, Valimail Eric Orth, Google Michael Hausding, SWITCH Jerry Lundström, DNS-OARC Witold Kręcicki, ISC Puneet Sood, Google Paul Vixie, Farsight Jim Popovitch, DomainMail, LLC (just curious) Shinta Sato, JPRS Ladislav Lhotka, CZ.NIC Joey Salazar, ARTICLE19 Dick Franks, unaffiliated Zaid AlBanna, Verisign Tim April, Akamai Technologies Mallory Knodel, CDT Matthijs Mekking, ISC Roland van Rijswijk-Deij, NLnet Labs Fredereico Neves, Nic.br Cathy Aronson, ARIN Mark Andrews, ISC Pieter Lexis, Open-Xchange PowerDNS Jeff Osborn, ISC Duane Wessels, Verisign Shane Kerr, NS1 Erik Nygren, Akamai Matthew Pounsett, DNS-OARC Bernie Innocenti, Google Petr Špaček, CZ.NIC James Gould, Verisign Vladimir Cunat, cz.nic Denesh Bhabuta, DNS-OARC daniel migault Jim Reid, RTFM llp Alexander Dupuy, Google David Blacka, Verisign Robert Story, USC/ISI Chi-Jiun Su, Hughes Network Systems Mauricio Vergara Ereche, ICANN Claire Pershan, unaffiliated Michael Richardson, Sandelman Software Works Wes Hardaker, ISI Kaustubha Govind, Google Chrome Marc Groeneweg, SIDN Hugo Kobayashi, NIC.br Paul Wouters, Red Hat Paul Hoffman, ICANN Benno Overeinder, NLNet Labs Suzanne Woolf, PIR Dan McArdle, Google/Chrome