DNS Working Group Agenda

Thursday, 19 November 14:00 - 15:30

A. Usual Administrivia [5 min] Agenda Bashing Minutes of Previous Meeting Review of Action Items
B. RIPE NCC Report [15 min] Anand Buddhdev
C. Measuring the Impact of IPv6 Resolver Preference [20 min] Chris Baker, Dyn
D. Impact of DNS over TCP - a Resolver Point of View [15 min] Joao Damas, Bondis The impact of two very different aspects of the life of a recursive server were examined for this project: queries to authoritative servers as well as the queries from stub resolvers. Traffic from two different ISPs' recursive resolvers was captured to analyse the potential impact on the servers of long lived TCP sessions, investigating the effect of timeout settings, the total number of simultaneous connections that would be kept open and the potential benefits of connection reuse as proposed in the current version of draft-ietf-dnsop-5966bis, with the intent of offering simulated operational advice, based on observed traffic.
E. Integration Testing of DNS Recursive Servers [15 min] Ondřej Surý, CZ.NIC A generic testing framework was produced as a part of developing the Knot Resolver. This framework is written in python and can use UNIX domain sockets to bypass the underlying physical network.
F .nl Open DNS Datasets and Statistics [10 min] Marco Davids, SIDN SIDN makes available aggregated datasets from .NL authoritative servers to the Internet/Research/DNS communities. It includes visualisations of the DNS-traffic for .nl as well as statistics on domain registrations, DNS queries, DNSSEC usage, plus layer-3 and layer-4 information. The datasets (starting from May 2014) are updated on a daily basis. They are provided in JSON-format and can be found on https://stats.sidnlabs.nl.
G. Discussion of Latest SSAC Recommendations [10 min] SSAC Stuckee

Thursday, 19 November 16:00 - 17:30

H. Discovery Method for a Validating Stub Resolver [20 min] Xavier Gorjón, NLnetLabs This research project aims to develop a discovery method to ensure DNSSEC information can be delivered to the end host. It used RIPE Atlas to study the current state of DNSSEC aware and DNSSEC validating resolvers, and define a course of action from this information. The project explored a novel method to discover the capabilities of the ISP's recursive resolver and bypass incompetent customer-premises equipment (CPE) middle-boxes to target the often more capable ISP’s resolver directly.
I. DNSSEC for Legacy Applications [15 min] Willem Toorop, NLnetLabs Validating stub resolvers are hampered by middle boxes (typically CPE) that corrupt the path from the stub to the recursive resolver. Using the getdns library and the Linux/Unix name resolution framework, libnss_getdns provides (stub-level) DNSSEC validation for legacy applications. This module can work around broken middle boxes by double checking bogus answers. It also offers in-path signalling of DNSSEC failure for http, informing the end-user why validation failed and giving them control of deciding how to deal with that.
J. Implementation Challenges of Geographic Split-horizon DNS [20 min] Jan Včelák, CZ.NIC There are multiple ways to find a network service according to a client's geographic location. One possibility is to perform a split-horizon at the DNS level. The presentation will briefly inform about existing approaches, problems introduced by this mechanism, possible solutions of these problems, and experience we gained when implementing this feature into Knot DNS.
K. Root Zone KSK Rollover [30 min] Roy Arends, IANA
L. WG Co-chair Appointment [5 min]
M. AOB