Yeti DNS Testbed
RFC 8483
Document | Type |
RFC - Informational
(October 2018; No errata)
Was draft-song-yeti-testbed-experience (individual)
|
|
---|---|---|---|
Authors | Linjian Song , Dong Liu , Paul Vixie , Akira Kato , Shane Kerr | ||
Last updated | 2018-10-19 | ||
Stream | ISE | ||
Formats | plain text html pdf htmlized bibtex | ||
IETF conflict review | conflict-review-song-yeti-testbed-experience | ||
Stream | ISE state | Published RFC | |
Consensus Boilerplate | Unknown | ||
Document shepherd | Adrian Farrel | ||
Shepherd write-up | Show (last changed 2018-05-22) | ||
IESG | IESG state | RFC 8483 (Informational) | |
Telechat date | |||
Responsible AD | (None) | ||
Send notices to | Adrian Farrel <rfc-ise@rfc-editor.org> | ||
IANA | IANA review state | Version Changed - Review Needed | |
IANA action state | No IANA Actions |
Independent Submission L. Song, Ed. Request for Comments: 8483 D. Liu Category: Informational Beijing Internet Institute ISSN: 2070-1721 P. Vixie TISF A. Kato Keio/WIDE S. Kerr October 2018 Yeti DNS Testbed Abstract Yeti DNS is an experimental, non-production root server testbed that provides an environment where technical and operational experiments can safely be performed without risk to production root server infrastructure. This document aims solely to document the technical and operational experience of deploying a system that is similar to but different from the Root Server system (on which the Internet's Domain Name System is designed and built). Status of This Memo This document is not an Internet Standards Track specification; it is published for informational purposes. This is a contribution to the RFC Series, independently of any other RFC stream. The RFC Editor has chosen to publish this document at its discretion and makes no statement about its value for implementation or deployment. Documents approved for publication by the RFC Editor are not candidates for any level of Internet Standard; see Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8483. Song, et al. Informational [Page 1] RFC 8483 Yeti DNS Testbed October 2018 Copyright Notice Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Requirements Notation and Conventions . . . . . . . . . . . . 5 3. Areas of Study . . . . . . . . . . . . . . . . . . . . . . . 5 3.1. Implementation of a Testbed like the Root Server System . 5 3.2. Yeti-Root Zone Distribution . . . . . . . . . . . . . . . 5 3.3. Yeti-Root Server Names and Addressing . . . . . . . . . . 5 3.4. IPv6-Only Yeti-Root Servers . . . . . . . . . . . . . . . 6 3.5. DNSSEC in the Yeti-Root Zone . . . . . . . . . . . . . . 6 4. Yeti DNS Testbed Infrastructure . . . . . . . . . . . . . . . 7 4.1. Root Zone Retrieval . . . . . . . . . . . . . . . . . . . 8 4.2. Transformation of Root Zone to Yeti-Root Zone . . . . . . 9 4.2.1. ZSK and KSK Key Sets Shared between DMs . . . . . . . 10 4.2.2. Unique ZSK per DM; No Shared KSK . . . . . . . . . . 10 4.2.3. Preserving Root Zone NSEC Chain and ZSK RRSIGs . . . 11 4.3. Yeti-Root Zone Distribution . . . . . . . . . . . . . . . 12 4.4. Synchronization of Service Metadata . . . . . . . . . . . 12 4.5. Yeti-Root Server Naming Scheme . . . . . . . . . . . . . 13 4.6. Yeti-Root Servers . . . . . . . . . . . . . . . . . . . . 14 4.7. Experimental Traffic . . . . . . . . . . . . . . . . . . 16 4.8. Traffic Capture and Analysis . . . . . . . . . . . . . . 16 5. Operational Experience with the Yeti DNS Testbed . . . . . . 17 5.1. Viability of IPv6-Only Operation . . . . . . . . . . . . 17 5.1.1. IPv6 Fragmentation . . . . . . . . . . . . . . . . . 18 5.1.2. Serving IPv4-Only End-Users . . . . . . . . . . . . . 19 5.2. Zone Distribution . . . . . . . . . . . . . . . . . . . . 19 5.2.1. Zone Transfers . . . . . . . . . . . . . . . . . . . 19 5.2.2. Delays in Yeti-Root Zone Distribution . . . . . . . . 20 5.2.3. Mixed RRSIGs from Different DM ZSKs . . . . . . . . . 21 5.3. DNSSEC KSK Rollover . . . . . . . . . . . . . . . . . . . 22 5.3.1. Failure-Case KSK Rollover . . . . . . . . . . . . . . 22 5.3.2. KSK Rollover vs. BIND9 Views . . . . . . . . . . . . 22 5.3.3. Large Responses during KSK Rollover . . . . . . . . . 23 5.4. Capture of Large DNS Response . . . . . . . . . . . . . . 24 5.5. Automated Maintenance of the Hints File . . . . . . . . . 24Show full document text