DNS Working Group Agenda

Wednesday, 17 October 09:00 - 10:30

A. Administrivia
  • Agenda Bashing
  • Review of Action Items
  • Approval of Previous Minutes
  • Selection of New Co-Chair

B. DNS OARC Update
Keith Mitchell

DNS-OARC regularly co-locates its Domain Name Systems Operations Workshops with RIPE, and is doing so again jointly with CENTR-Tech in Amsterdam immediately before RIPE 77. OARC seeks to bridge the DNS clue gap through knowledge sharing, data gathering/analysis, community building, and outreach. This talk will give an introduction and summary for the wider RIPE audience of the latest DNS material freshly presented at OARC29 (see https://indico.dns-oarc.net/event/29/contributions/ for topics), and will include a pick of the best new DNS technology deployment experiences, best practices, data, and analysis, with pointers to sources of further information.

C. Update on the Root KSK Roll
Edward Lewis
D. Will your DNS break in 2019?
Petr Špaček

Is your authoritative server ready for changes in 2019? Group of DNS software vendors is removing support for certain types of non-compliance with DNS standards. This talk will explain what https://dnsflagday.net/ means for you and how to prepare your DNS infrastructure to minimize impact.
E. Managing DNS zones using Git
Ondřej Caletka

Why ISPs like us edit zone files manually. The most common errors and how to fight them. Introducing dzonegit, custom open-source solution to keep zone files in Git.

Thursday, 18 October 14:00 - 15:30

F. RIPE NCC Report
Anand Buddhdev

Switching to a new DNSSEC signer.
Upcoming 100Gig site for K-root.
G. GeoIP + DNSSEC in Knot DNS
Petr Špaček

In this talk we will briefly introduce a new response tailoring feature of Knot DNS 2.7, an open-source authoritative-only DNS server developed by CZ.NIC. We will show how to configure Knot DNS server to tailor responses to queries according to client's geographic location or subnet the client belongs to. The module can be used securely with DNSSEC, either effectively by precomputing signatures at load, or online in cooperation with Knot DNS's Online Sign module.
Benno Overeinder

A short summary of current activities/drafts/discussions/views in the DNSOP WG.
We would like to have RIPE participant (operator) input on the current discussions and drafts.
I. Updated Measurements on DNS Privacy
Sara Dickinson

An update on the benchmarking of TCP/TLS for recursive resolvers presented at RIPE 76.
J. Any Other Business