CURRENT_MEETING_REPORT_ Reported by Rob Austein/Epilogue Technology Minutes of the Domain Name System Working Group (DNS) Thanks to Bill Manning for providing the notes on which these minutes are based. The first part of the meeting consisted of status reports from the chair of the working group and the leaders of several subgroups that have undertaken specific tasks assigned at previous meetings. The first report was from James Gavin, leader of the subgroup working on DNS security (please see the end of these minutes for subgroup mailing list information). Per recent discussions on the DNS Working Group mailing list, the security subgroup believes that an IP-level security mechanism does not provide the service security needed by the DNS, and that the right model for the DNS is a digital signature providing end-to-end authentication of RR data. The exact digital signature mechanism to be used is still under discussion. The subgroup expects to begin serious work in the near future (that is, before the 28th IETF in Houston). The working group explicitly absolved James's subgroup from responsibility for the so-called ``just as good as IP security'' issues, some of which have already been addressed by code contributed to BIND version 9.1 by USC-ISI. The DNS MIB has been split into two separate MIBs (one for resolvers, one for name servers), per advice from the Network Management Directorate (NMAREA). The latest revisions of the MIB documents (draft-ietf-dns-resolver-mib-01.txt and draft-ietf-dns-server-mib-01.txt) have been submitted to the IESG for approval as Proposed Standards. Calls for objections were issued both to the DNS Working Group mailing list and verbally at the working group meeting; the authors of the MIB documents feel that they have successfully defended the current documents against the one objection that was raised (to the authors' last-minute decision to remove the variable dnsServCounterNonAuthNoNames from the server MIB), and that the documents are (finally!) ready for promotion to Proposed Standard status. We expect a decision from the IESG in the near future, certainly before the 28th IETF. Liaison work with the X.400 Operations Working Group (X400OPS) has been proceeding in fits and starts, but we believe that we are making progress. As of the X400OPS meeting on the morning of 14 July, we believe we have an understanding with X400OPS on how their DNS work should proceed, and we expect to receive a copy of the next draft of the X400OPS ``mapping table'' paper from Claudio Allocchio, our liaison within X400OPS, as soon as he has a chance to write it. 1 On 1 July, the RFC Editor asked the DNS Working Group to review a short document entitled ``Service Advertisement Using the DNS.'' This document had been submitted directly to the RFC Editor without starting life as an Internet-Draft. The DNS Working Group chair reviewed the document, solicited other reviewers from the working group and sent comments to the RFC Editor. The report for the Load Balancing subgroup was given by Thomas Brisco. Based on commentary from the DNS Working Group Chair and the Service Applications Area Director, the load balancing subgroup believes that their problem would be best solved by implementation hacks, without attempting to extend the DNS protocol by adding new magic RR types. Accordingly, the subgroup will now write a document describing the kinds of implementation hacks that best address their problem, put said document up for review and publication as an Informational RFC, and terminate the subgroup after a suitable review period. The document will include text warning about known implementation problems (e.g., zero TTLs) and required sanity checking. Next, the working group heard a short presentation by Marshall Rose, outlining some technical details of how Marshall's ``experiment in remote printing'' uses DNS MX RRs with wildcard owner names to map international telephone numbers to SMTP servers. In brief, an international phone number like +1-415-123-4567 would be mapped to the DNS name 7.6.5.4.3.2.1.5.1.4.1.TPC.INT, thus allowing all of the San Francisco area to be covered by a wildcard name such as *.5.1.4.1.TPC.INT. We concluded that Marshall's proposal was technically feasible, but warned him that his scheme could be construed as duplication of the global authority tree, and that he might encounter administrative or political problems similar to the ones encountered by X400OPS. See RFC 1486, ``An Experiment in Remote Printing,'' for more details on this topic. A brief discussion followed on adding timestamps to the DNS protocols. Several proposals currently under discussion (the P. Internet Protocol Working Group (PIP) DNS work and Anant Kumar's proposed incremental zone transfer protocol) involve use of a timestamp mechanism to detect out-of-date RRs. One way of retrofitting a timestamp mechanism into the DNS protocols would be to define a new DNS class; all the RR types in this class would have a timestamp as the first part of their RDATA portions. We would also need to allocate new RR type codes for timestamped versions of all the ``class-invariant'' RR types. This is ugly, but would retain backwards compatibility with existing DNS code that thinks it knows how to parse any RR. Several members of the working group suggested using a new DNS opcode instead of a new DNS class; this avoids all the delegation problems associated with a new class, but doesn't preserve strict backwards compatibility with the existing protocol. This is still a research topic. During the timestamp discussion, Masataka Ohta pointed out that the timestamp-based incremental zone transfer protocol as circulated, does not provide any way to delete RRs, only to add them. Fixing this shouldn't be hard, it just requires some kind of deletion pseudo-type as in Paul Mockapetris's original proposal (the DNS2 BOF held at the 25th 2 IETF). Next, Sue Thomson presented the most recent DNS design work done by the PIP Working Group. The details of this work are described in the current Internet-Draft ``draft-ietf-pip-dns-01.txt.'' Briefly, the document proposes to allocate a new DNS class for PIP; this solves several of the problems discussed at the Columbus (26th IETF) DNS Working Group meeting, but introduces all the known difficulties associated with use of multiple DNS classes. The document also suggests using a timestamp mechanism. This is still a snapshot of a work in progress. Last, the working group agreed to take on responsibility for the Internet-Draft, ``Common DNS Errors and Suggested Fixes'' submitted to the working group by Jon Postel. There was not enough time to discuss the document itself. Please read the Internet-Draft and send comments to Anant Kumar, anant@isi.edu, or to the DNS Working Group mailing list. Anant will coordinate changes. Subgroup Mailing Lists DNS Security o General Discussion: dns-security@tis.com o To Subscribe: dns-security-request@tis.com Load Balancing o General Discussion: dns-wg-lb@ns1.rutgers.edu o To Subscribe: dns-wg-lb-request@ns1.rutgers.edu Attendees Robert Austein sra@epilogue.com Anders Baardsgaad anders@cc.uit.no Tony Bates tony@ripe.net David Borman dab@cray.com Erik-Jan Bos erik-jan.bos@surfnet.nl Thomas Brisco brisco@pilot.njin.net Henry Clark henryc@oar.net Geert Jan de Groot geertj@ica.philips.nl Francis Dupont francis.dupont@inria.fr Osten Franberg euaokf@eua.ericsson.se John Hopkins J_Hopkins@icrf.icnet.uk Marc Horowitz marc@mit.edu Steven Horowitz witz@chipcom.com Phil Irey pirey@relay.nswc.navy.mil 3 Thomas Johannsen thomas@ebzaw1.et.tu-dresden.de Dale Johnson dsj@merit.edu Marijke Kaat marijke@sara.nl Frank Kastenholz kasten@ftp.com Peter Koch pk@techfak.uni-bielefeld.de Mark Kosters markk@internic.net Pekka Kytolaakso pekka.kytolaakso@csc.fi Eliot Lear lear@sgi.com Jose Legatheaux Martins jalm@fct.unl.pt Carl Malamud carl@malamud.com Bill Manning bmanning@rice.edu Greg Minshall minshall@wc.novell.com Keith Mitchell keith@pipex.net Clifford Neuman bcn@isi.edu Peder Chr. Noergaard pcn@tbit.dk Masataka Ohta mohta@cc.titech.ac.jp Petri Ojala ojala@eunet.fi Michael Patton map@bbn.com Charles Perkins perk@watson.ibm.com Lars Poulsen lars@cmc.com Juergen Rauschenbach jrau@dfn.de Robert Reschly reschly@brl.mil John Romkey romkey@elf.com Luc Rooijakkers lwj@cs.kun.nl Marshall Rose mrose@dbc.mtview.ca.us Miguel Sanz miguel.sanz@rediris.es Jon Saperia saperia@tay.dec.com Tim Seaver tas@concert.net John Stewart jstewart@cnri.reston.va.us Erdal Taner erdal@vm.cc.metu.edu.tr Marten Terpstra marten@ripe.net Susan Thomson set@bellcore.com Gregory Vaudreuil gvaudre@cnri.reston.va.us Ruediger Volk rv@informatik.uni-dortmund.de Jost Weinmiller jost@prz.tu-berlin.d400.de Sam Wilson sam.wilson@ed.ac.uk Wilfried Woeber Wilfried.Woeber@CC.UniVie.ac.at Romeo Zwart romeo@sara.nl 4