# January 26, 2022 Joint Interim on Split-DNS ADD-DNSOPS-DPRIV ## This is a joint interim with DNSOP, DPRIVE, ADD groups on the topic of Resolver Discovery in Split DNS environments # Meeting Materials, Links ## Materials, Charter, Documents * [DNSOP WG General Info](https://datatracker.ietf.org/wg/dnsop/about/) * [DPRIVE WG General Info](https://datatracker.ietf.org/wg/dprive/about/) * [ADD WG General Info](https://datatracker.ietf.org/group/add/about/) ## Materials, Charter, Documents * **DNSOP Chairs: Benno Overeinder Suzzane Wolf, Tim Wicinski** * **DPRIVE Chairs Brian Haberman, Tim Wicinksi** * **ADD Chairs David Lawrence, Glenn Deen** * **Area Directors: Warrent Kimari, Eric Vyncke** ## Session link, minutes, jabber, materials * [Meetecho Link](https://ws.conf.meetecho.com/conference/?group=e5378ab2-8290-469a-801f-bf71d754ac20) remote participation * [Meeting Minutes](https://notes.ietf.org/notes-ietf-interim-2022-add-01-add) * [Meeting Chat](xmpp:add@jabber.ietf.org?join) * [Materials](https://datatracker.ietf.org/meeting/interim-2022-add-01/session/add) ## Interim Session times * **January 26, 2022, 1700-1830 UTC** ___ # Agenda ## Administration * [IETF NOTE WELL](https://www.ietf.org/about/note-well.html) * **Scribe selection** * **Agenda bash** * **Welcome from chairs** ## Introduction ### Notes on this session: * **Split DNS is widely deployed operationally and there is a desire for users of it to have a discovery mechanism to discover DoH and DoT relevant resolvers so that they can make use of encrypted DNS.** * This **is not** organized as a referendum on Split DNS, nor a workshop on how to end the practice. ## 1. Background on this Discovery for Split DNS discussion * Split DNS in this context means: Networks having different internal/external name mapping in their DNS name space. * ADD WG has expressed consensus to work on the problem of DoH/DoT discovery in Split DNS environments * ADD WG has not yet reached clear consensus at this point on how to address Split DNS discovery * Issues outside of ADD's charter scope have been expressed as concerns including: (1) Validation of resolvers authority; (2) Validation of answers; (3) Potential Role of DNSSEC * ADD WG Adopted Drafts on discovery in non Split DNS environments and are nearing WG Last Call: (1) [Discovery of Designated Resolvers](https://datatracker.ietf.org/doc/draft-ietf-add-ddr/); (2) [DHCP and Router Advertisement Options for the Discovery of Network-designated Resolvers (DNR)](https://datatracker.ietf.org/doc/draft-ietf-add-dnr/) ## 2. Acknowledging Split DNS is widely deployed and likely here to stay, what is need for discovery? ### 2.1 Presentation: Proposed approaches on a few issues - Ben Schwartz et al. (20 minutes + discussion) * Some items: * Restricting the scope of discovery to resolers of split-horizon DNS names that are properly rooted in the global DNS. * Clarification of Terminology for: (1) hybrid resolver/client; (2) authorized split horizon; (3) domain camping * Using DNSSEC to confirm authority over the split-horizon domains ### 2.2 Open Mic Line: Discussion on what is important in scoping the discovery requirements * Seed issues: * Is validation of resolvers authority to answer queries for domains needed? * Is answer validation needed for domains resolved in Split DNS environments? * DNSSEC is generally not used for the non-global names in Do53 Split DNS environments, so why would it be different for Encrypted DNS? ### 2.3 Other considerations? * Are there past IETF I-Ds/RFCs that need to be referenced? * Question to group: Is there related work external to the IETF to be considered? ## 3.0 Other Discussion Topics * From Mic Line ### 4.0 Planning & Wrap up * 5 min - Wrap up [agenda end]