Here are the minutes for the recent dns-sig meeting in KL. Many thanks
to Gerard Ross for taking notes during the meeting, and also to the
various presenters.
----
17th APNIC Open Policy Meeting
SIG: DNS operations
Thursday 26 February 2003, Palace of the Golden Horses Hotel, Kuala
Lumpur, Malaysia
Minutes
Meeting commenced: 2:00 pm
Chair: Joe Abley
The Chair introduced the SIG and explained the agenda. He also
encouraged any questions or discussions on the mailing list between
meetings.
Review of open action items
The Chair reviewed the outstanding action items.
dns-16-001:Secretariat to implement proposal “Lame delegation cleanup
revised” (prop-004-v001).
- The status of this action item will be covered in George Michaelson’s
presentation.
Presentations
1. New Zealand Registry Services update
Nick Griffin, New Zealand Registry Services
The presenter provided a brief background to the New Zealand Registry
Service (NZRS) and the .nz domain name space, which now holds more than
145,000 names. He noted that there is no legislation in New Zealand
regarding domain names and reviewed the structure of the domain name
environment in New Zealand.
The presenter also announced the availability of the registry systems
software used by NZRS to run the .nz registry as Open Source, free
software.
Questions and discussion
- It was noted that the role of the Domain Name Commissioner is not to
increase the number of domains but to make the marketplace more
competitive. Some of the registrars are very small and meet more of a
social goal than a commercial service.
Action items
- None.
2. K-root server operations
Andrei Robachevsky, RIPE
This presentation provided a background to the root server system,
which provides 13 root servers, run by 12 operators. The presenter
noted that 13 is a hard limit in the DNS system. All root servers are
equal in terms of the DNS information they carry. The presenter
discussed the evolution of the root server system and then discussed
the introduction of anycasting. Anycasting provides many benefits by
allowing the root servers to be cloned and made available locally.
The presenter then discussed the deployments of anycast mirrors of the
K-root, which have been made by RIPE NCC. RIPE NCC now plans to deploy
3-5 global nodes and 10-15 local nodes in 2004.
Questions and discussion
- None.
Action items
- None.
3. Regional F-root server installations
George Michaelson, APNIC
The presenter explained that the more anycast nodes are deployed in the
region, the better the resistance to denial of service attacks.
Multiple distributed deployments also boost quality of service. Anycast
mirrors also build a greater resilience to loss of connectivity.
To achieve better resistance to denial of service attacks, the mirrors
are generally deployed in locations with a high degree of
interconnection.
The presenter noted that measurements so far have shown very high
benefits in terms of speed of service. The CN node has improved DNS RTT
to root by 15 times. Roots in local regions also protect isolated
countries against failures from undersea cables.
The presenter provided an overview of APNIC’s role in root services.
APNIC facilitates roots services, provides coordination and funding,
and undertakes formal agreements. However, APNIC is not a root server
operator.
APNIC has deployed root mirrors in Hong Kong, Seoul, Beijing, Taipei,
Singapore, and Brisbane. In 2004, APNIC expects to perform additional
deployments of F, I, and K roots. APNIC will re-issue the call for
expressions of interest in hosting a root server.
Finally, the presenter gave an overview of how root mirrors are
deployed and what equipment and hosting services are required.
Questions and discussion
- It was explained that if a global node of F-root is down, people near
the local nodes will continue to get F-root service.
- It was noted that having mirrors of multiple roots provides
additional resilience against attacks. It was noted that all of the
operators APNIC is working with are intending there to be multiple
deployments in the region.
Action items
- None.
4. Work in progress status report on lame delegations
George Michaelson, APNIC
The presenter described the necessity for reverse DNS services and the
problems that can arise if the reverse DNS data is not accurate. He
then described the work done since APNIC 16, where it was decided that
the Secretariat should identify and rectify lame DNS registrations.
The original proposal was to be implemented three months after
approval. This implementation has not yet been met as other changes in
APNIC’s DNS systems needs to be completed first. The lame delegation
clean up has been rescheduled for the second quarter of 2004.
Questions and discussion
- None.
Action items
- None.
5. DNS OARC overview
Joao Damas, ISC
The presenter described progress in OARC, which is an information
sharing and analysis project for global DNS. This project features
incident response, operational characterisation of the normal state of
the system, testing of configurations and implementations, analysis of
collected DNS data, and outreach to assist efforts to defend against
attacks and improve operator knowledge.
The presenter explained that OARC will have membership, which is aimed
at four types of institutions: Root and TLD operators, other large DNS
operators, government institutions, research and analysis institutions
with a strong operational focus.
The presenter encouraged any interested parties to contact OARC for
more information.
Questions and discussion
- None.
Action items
- None.
Meeting closed: 3:20 pm
Minuted by: Gerard Ross
Open action items
- dns-16-001:Secretariat to implement proposal “Lame delegation cleanup
revised” (prop-004-v001).
