Yeti DNS Testbed
RFC 8483
| Document | Type |
RFC - Informational
(October 2018; No errata)
Was draft-song-yeti-testbed-experience (individual)
|
|
|---|---|---|---|
| Last updated | 2018-10-19 | ||
| Stream | ISE | ||
| Formats | plain text pdf html bibtex | ||
| IETF conflict review | conflict-review-song-yeti-testbed-experience | ||
| Stream | ISE state | Published RFC | |
| Consensus Boilerplate | Unknown | ||
| Document shepherd | Adrian Farrel | ||
| Shepherd write-up | Show (last changed 2018-05-22) | ||
| IESG | IESG state | RFC 8483 (Informational) | |
| Telechat date | |||
| Responsible AD | (None) | ||
| Send notices to | Adrian Farrel <rfc-ise@rfc-editor.org> | ||
| IANA | IANA review state | Version Changed - Review Needed | |
| IANA action state | No IANA Actions | ||
Independent Submission L. Song, Ed.
Request for Comments: 8483 D. Liu
Category: Informational Beijing Internet Institute
ISSN: 2070-1721 P. Vixie
TISF
A. Kato
Keio/WIDE
S. Kerr
October 2018
Yeti DNS Testbed
Abstract
Yeti DNS is an experimental, non-production root server testbed that
provides an environment where technical and operational experiments
can safely be performed without risk to production root server
infrastructure. This document aims solely to document the technical
and operational experience of deploying a system that is similar to
but different from the Root Server system (on which the Internet's
Domain Name System is designed and built).
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This is a contribution to the RFC Series, independently of any other
RFC stream. The RFC Editor has chosen to publish this document at
its discretion and makes no statement about its value for
implementation or deployment. Documents approved for publication by
the RFC Editor are not candidates for any level of Internet Standard;
see Section 2 of RFC 7841.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc8483.
Song, et al. Informational [Page 1]
RFC 8483 Yeti DNS Testbed October 2018
Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Requirements Notation and Conventions . . . . . . . . . . . . 5
3. Areas of Study . . . . . . . . . . . . . . . . . . . . . . . 5
3.1. Implementation of a Testbed like the Root Server System . 5
3.2. Yeti-Root Zone Distribution . . . . . . . . . . . . . . . 5
3.3. Yeti-Root Server Names and Addressing . . . . . . . . . . 5
3.4. IPv6-Only Yeti-Root Servers . . . . . . . . . . . . . . . 6
3.5. DNSSEC in the Yeti-Root Zone . . . . . . . . . . . . . . 6
4. Yeti DNS Testbed Infrastructure . . . . . . . . . . . . . . . 7
4.1. Root Zone Retrieval . . . . . . . . . . . . . . . . . . . 8
4.2. Transformation of Root Zone to Yeti-Root Zone . . . . . . 9
4.2.1. ZSK and KSK Key Sets Shared between DMs . . . . . . . 10
4.2.2. Unique ZSK per DM; No Shared KSK . . . . . . . . . . 10
4.2.3. Preserving Root Zone NSEC Chain and ZSK RRSIGs . . . 11
4.3. Yeti-Root Zone Distribution . . . . . . . . . . . . . . . 12
4.4. Synchronization of Service Metadata . . . . . . . . . . . 12
4.5. Yeti-Root Server Naming Scheme . . . . . . . . . . . . . 13
4.6. Yeti-Root Servers . . . . . . . . . . . . . . . . . . . . 14
4.7. Experimental Traffic . . . . . . . . . . . . . . . . . . 16
4.8. Traffic Capture and Analysis . . . . . . . . . . . . . . 16
5. Operational Experience with the Yeti DNS Testbed . . . . . . 17
5.1. Viability of IPv6-Only Operation . . . . . . . . . . . . 17
5.1.1. IPv6 Fragmentation . . . . . . . . . . . . . . . . . 18
5.1.2. Serving IPv4-Only End-Users . . . . . . . . . . . . . 19
5.2. Zone Distribution . . . . . . . . . . . . . . . . . . . . 19
5.2.1. Zone Transfers . . . . . . . . . . . . . . . . . . . 19
5.2.2. Delays in Yeti-Root Zone Distribution . . . . . . . . 20
5.2.3. Mixed RRSIGs from Different DM ZSKs . . . . . . . . . 21
5.3. DNSSEC KSK Rollover . . . . . . . . . . . . . . . . . . . 22
5.3.1. Failure-Case KSK Rollover . . . . . . . . . . . . . . 22
5.3.2. KSK Rollover vs. BIND9 Views . . . . . . . . . . . . 22
5.3.3. Large Responses during KSK Rollover . . . . . . . . . 23
5.4. Capture of Large DNS Response . . . . . . . . . . . . . . 24
5.5. Automated Maintenance of the Hints File . . . . . . . . . 24
Show full document text