2.4.3 Domain Name System Operations (dnsop)

NOTE: This charter is a snapshot of the 58th IETF Meeting in Minneapolis, Minnesota USA. It may now be out-of-date.

Last Modified: 2003-09-10

Chair(s):
David Meyer <dmm@1-4-5.net>
Rob Austein <sra@hactrn.net>
Operations and Management Area Director(s):
Randy Bush <randy@psg.com>
Bert Wijnen <bwijnen@lucent.com>
Operations and Management Area Advisor:
Randy Bush <randy@psg.com>
Mailing Lists:
General Discussion: dnsop@cafax.se
To Subscribe: dnsop-request@cafax.se
Archive: http://www.cafax.se/dnsop/maillist/
Description of Working Group:
The DNS Operations Working Group will develop guidelines for the operation DNS name servers and the administration of DNS zone files. These guidelines will provide technical information relating to the implementation of the DNS protocol by the operators and administrators of DNS domains. The group will perform the following activities:

1. Define the processes by which Domain Name System (DNS) servers may be efficiently and correctly administered, configured, and operated on Internet networks. This will include root zone name servers, gTLD name servers, and the name servers of other DNS domains. As part of this effort, the group will produce documents explaining to the general Internet community what processes and mechanisms should be employed for the effective management and operation of DNS servers.

2. Publish (or assume sponsorship for) documents concerning DNSSEC procedures.

3. Publish (or assume sponsorship for) documents concerning the education of new/novice DNS "users" (FYI-RFCs).

4. Identify performance measurement tools and evaluate their effectiveness.

The group sees four main areas with related documents:

Root Name Server Operational Requirements draft-bush-dnsop-root-opreq-00.txt Editor: Randy Bush

Multiple servers sharing the same IP address

Editor: Masataka Ohta

Zone KEY RRSet Signing Procedure draft-ietf-dnssec-key-handling-00.txt Editor: Edward Lewis

Performance and measuring Editors: Randy Bush & Michael Patton

Goals and Milestones:
Jun 99  Publish revised Root Server Requirements.
Jul 99  Publish revised version of Key Handling.
Jul 99  Publish first version of Servers Sharing IP#.
Sep 99  WG last call for Root Server Requirements.
Sep 99  Publish first version of Performance and Measuring.
Oct 99  Publish revised version of Key Handling.
Oct 99  Publish revised version of Servers Sharing IP#.
Nov 99  Submit Root Server Requirements to the IESG for consideration as Informational (BCP?).
Dec 99  Publish 2nd revised version of Servers Sharing IP#.
Jan 00  Publish revised version of Key Handling.
Feb 00  Publish revised Performance and Measuring.
Mar 00  WG last call for Key Handling.
Mar 00  WG last call for Servers Sharing IP#.
May 00  Publish revised Performance and Measuring.
May 00  Submit Servers Sharing IP# to the IESG for consideration as Informational.
Jun 00  Submit Key Handling to the IESG for consideration as BCP.
Aug 00  WG last call for Performance and Measuring.
Oct 00  Submit Performance and Measuring to the IESG for consideration as Informational.
Internet-Drafts:
  • - draft-ietf-dnsop-bad-dns-res-01.txt
  • - draft-ietf-dnsop-respsize-00.txt
  • - draft-ietf-dnsop-ipv6-transport-guidelines-01.txt
  • - draft-ietf-dnsop-dnssec-operational-practices-00.txt
  • Request For Comments:
    RFCStatusTitle
    RFC2870BCPRoot Name Server Operational Requirements
    RFC3258 I Distributing Authorittative Name Servers via Shared Unicast Addresses

    Current Meeting Report

    DNSOP WG, 58th IETF meeting, November 2003, Minneapolis
    
    
    First session:  2003.11.10 19:30-22:00 -0600
    
    
     Summary minutes, not attempting to follow meeting chronology, which 
    hopped, looped, and otherwise failed to follow a straight line.
    
    
     Active WG drafts:
    
    
     - draft-ietf-dnsop-bad-dns-res-01.txt.  Important topic.  Moving 
    target, but doc out of date at the moment.  Authors begged WG's 
    indulgence to let them bring the draft up to date, with a promise that they 
    will do so by IETF 59.
    
    
     - 
    draft-ietf-dnsop-dnssec-operational-practices-00.txt.  New document, not yet 
    widely read.  Important topic.  Those who have read it think it's on the 
    right track.  May want to drop specific TTL recommendations in favor of 
    discussion of tradeoffs. Discussion of key lengths needs review by crypto 
    experts (request already made to security area).  Good discussion of key 
    rollover.
    
    
     - 
    draft-ietf-dnsop-inaddr-required-04.txt.  Title is misleading, should be 
    something like "considerations for DNS reverse tree". Author is tired of 
    fighting with people who have not read document and are just reacting to its 
    title.  Some feel that subject is still important.  Jun-ichiro itojun 
    Hagino kindly volunteered to work on this document if author is tired of 
    holding the pen.
    
    
     - 
    draft-ietf-dnsop-ipv6-transport-guidelines-00.txt.  Has been done for a 
    while, WG chairs have been lame about this one.  Ready for WG last call, 
    heading for BCP.
    
    
     - draft-ietf-dnsop-respsize-00.txt.  Consensus of room was that this is 
    good stuff and should ship without further ado.  Ready for WG last call.  
    Chairs forgot to ask WG whether this should be going for BCP or 
    informational, will include that question in last call.
    
    
     - 
    draft-ietf-dnsop-ipv6-dns-issues-02.txt.  This one has turned into a grab 
    bag of open issues related to DNS and IPv6.  Somewhat dead in the water in 
    its current form.  Author has tried very hard to do whatever the WG wants 
    with this, but lacks time to flog the WG at the moment (has more 
    important things to do in real life).  Pekka Savola kindly 
    volunteered to help out with this document.
    
    
     Expired WG drafts:
    
    
     - draft-ietf-dnsop-serverid-02.txt.  Significant interest in having 
    something in this space, especially from root server operators. Known 
    issues with mechanism proposed in current draft.  Suzanne Woolf kindly 
    volunteered to take over this project.
    
    
     - 
    draft-ietf-dnsop-dontpublish-unreachable-04.txt.  At least a few people 
    thought this one was important and should not be dropped.
    
    
     - 
    draft-ietf-dnsop-resolver-rollover-01.txt.  Author has not been working on it 
    recently, but with DNSSEC finally close to completion, we may have 
    finally become topical again.  Author will resubmit draft so that people can 
    read it.
    
    
     - 
    draft-ietf-dnsop-ohta-shared-root-server-03.txt.  Author says that 
    experiments with the techniques discussed in this draft are in 
    progress.  Author will resubmit draft so that people can read it.
    
    
     - draft-ietf-dnsop-keyhand-05.txt.  Nobody spoke up for this draft.
    
    
     New work:
    
    
     - 
    draft-guette-dnsop-key-rollover-requirements-00.txt.  Some overlap with 
    draf
    t-ietf-dnsop-ipv6-transport-guidelines-00.txt, but this draft is about 
    requirements in this space.  Not many people in the room had read this 
    draft.  No objections to taking it on as WG work item.
    
    
     - Discussion of name server clock synchronization.  Roy Arends 
    performed some measurements in this space, sent summary to the mailing 
    list.  Has not generated a lot of discussion.  This doesn't matter much for 
    DNSSEC proper, but does matter for transaction signatures. Roy agreed to 
    write up a brief draft describing the mechanism he used to perform these 
    tests.
    
    
     DNS Discovery topic was left for second (Tuesday) session, per agenda as 
    announced.
    
    
    Second session: 2003.11.11 13:00-14:00 -0600
    
    
     Entire session devoted to DNS Discovery discussion.
    
    
     Summary: No clear consensus on anything.  Largest single camp seems to 
    think that just using DHCPv6 lite is enough and that we should pick a 
    single mechanism and move on.  Sizable (albeit smaller) camp believes that RA 
    based discovery is important; for some reason there seems to be a fairly 
    close correlation between folks who think that RA should be one of the 
    solutions and folks who think that it's not necessary to pick a single 
    solution.  Well-known addresses have a few very vocal proponants as well as 
    some determined critics.  While other proposals have been surfaced on the 
    list (as well as in previous discussions, some dating back many years), 
    none received any serious discussion time at this meeting.
    
    
     All three of the proposals discussed at the meeting are documented. 
    DHCPv6-lite is documented in a DHC WG (about more than just DNS 
    discovery) which is in IETF last call.  The several RA-based proposals have 
    been consolidated into a single draft.  There is also  a draft for the 
    current spin on the well-known address 

    Slides

    DNSSEC Operational Practices
    Requirements for Automated Key Rollover in DNSsec