CURRENT_MEETING_REPORT_



Reported by Rob Austein/Epilogue Technology

Minutes of the Domain Name System Working Group (DNS)

Thanks to Bill Manning for providing the notes on which these minutes
are based.

The first part of the meeting consisted of status reports from the chair
of the working group and the leaders of several subgroups that have
undertaken specific tasks assigned at previous meetings.

The first report was from James Gavin, leader of the subgroup working on
DNS security (please see the end of these minutes for subgroup mailing
list information).  Per recent discussions on the DNS Working Group
mailing list, the security subgroup believes that an IP-level security
mechanism does not provide the service security needed by the DNS, and
that the right model for the DNS is a digital signature providing
end-to-end authentication of RR data.  The exact digital signature
mechanism to be used is still under discussion.  The subgroup expects to
begin serious work in the near future (that is, before the 28th IETF in
Houston).

The working group explicitly absolved James's subgroup from
responsibility for the so-called ``just as good as IP security'' issues,
some of which have already been addressed by code contributed to BIND
version 9.1 by USC-ISI.

The DNS MIB has been split into two separate MIBs (one for resolvers,
one for name servers), per advice from the Network Management
Directorate (NMAREA). The latest revisions of the MIB documents
(draft-ietf-dns-resolver-mib-01.txt and
draft-ietf-dns-server-mib-01.txt) have been submitted to the IESG for
approval as Proposed Standards.  Calls for objections were issued both
to the DNS Working Group mailing list and verbally at the working group
meeting; the authors of the MIB documents feel that they have
successfully defended the current documents against the one objection
that was raised (to the authors' last-minute decision to remove the
variable dnsServCounterNonAuthNoNames from the server MIB), and that the
documents are (finally!)  ready for promotion to Proposed Standard
status.  We expect a decision from the IESG in the near future,
certainly before the 28th IETF.

Liaison work with the X.400 Operations Working Group (X400OPS) has been
proceeding in fits and starts, but we believe that we are making
progress.  As of the X400OPS meeting on the morning of 14 July, we
believe we have an understanding with X400OPS on how their DNS work
should proceed, and we expect to receive a copy of the next draft of the
X400OPS ``mapping table'' paper from Claudio Allocchio, our liaison
within X400OPS, as soon as he has a chance to write it.

                                   1





On 1 July, the RFC Editor asked the DNS Working Group to review a short
document entitled ``Service Advertisement Using the DNS.'' This document
had been submitted directly to the RFC Editor without starting life as
an Internet-Draft.  The DNS Working Group chair reviewed the document,
solicited other reviewers from the working group and sent comments to
the RFC Editor.

The report for the Load Balancing subgroup was given by Thomas Brisco.
Based on commentary from the DNS Working Group Chair and the Service
Applications Area Director, the load balancing subgroup believes that
their problem would be best solved by implementation hacks, without
attempting to extend the DNS protocol by adding new magic RR types.
Accordingly, the subgroup will now write a document describing the kinds
of implementation hacks that best address their problem, put said
document up for review and publication as an Informational RFC, and
terminate the subgroup after a suitable review period.  The document
will include text warning about known implementation problems (e.g.,
zero TTLs) and required sanity checking.

Next, the working group heard a short presentation by Marshall Rose,
outlining some technical details of how Marshall's ``experiment in
remote printing'' uses DNS MX RRs with wildcard owner names to map
international telephone numbers to SMTP servers.  In brief, an
international phone number like +1-415-123-4567 would be mapped to the
DNS name 7.6.5.4.3.2.1.5.1.4.1.TPC.INT, thus allowing all of the San
Francisco area to be covered by a wildcard name such as
*.5.1.4.1.TPC.INT. We concluded that Marshall's proposal was technically
feasible, but warned him that his scheme could be construed as
duplication of the global authority tree, and that he might encounter
administrative or political problems similar to the ones encountered by
X400OPS. See RFC 1486, ``An Experiment in Remote Printing,'' for more
details on this topic.

A brief discussion followed on adding timestamps to the DNS protocols.
Several proposals currently under discussion (the P. Internet Protocol
Working Group (PIP) DNS work and Anant Kumar's proposed incremental zone
transfer protocol) involve use of a timestamp mechanism to detect
out-of-date RRs.  One way of retrofitting a timestamp mechanism into the
DNS protocols would be to define a new DNS class; all the RR types in
this class would have a timestamp as the first part of their RDATA
portions.  We would also need to allocate new RR type codes for
timestamped versions of all the ``class-invariant'' RR types.  This is
ugly, but would retain backwards compatibility with existing DNS code
that thinks it knows how to parse any RR. Several members of the working
group suggested using a new DNS opcode instead of a new DNS class; this
avoids all the delegation problems associated with a new class, but
doesn't preserve strict backwards compatibility with the existing
protocol.  This is still a research topic.

During the timestamp discussion, Masataka Ohta pointed out that the
timestamp-based incremental zone transfer protocol as circulated, does
not provide any way to delete RRs, only to add them.  Fixing this
shouldn't be hard, it just requires some kind of deletion pseudo-type as
in Paul Mockapetris's original proposal (the DNS2 BOF held at the 25th

                                   2





IETF).

Next, Sue Thomson presented the most recent DNS design work done by the
PIP Working Group.  The details of this work are described in the
current Internet-Draft ``draft-ietf-pip-dns-01.txt.''  Briefly, the
document proposes to allocate a new DNS class for PIP; this solves
several of the problems discussed at the Columbus (26th IETF) DNS
Working Group meeting, but introduces all the known difficulties
associated with use of multiple DNS classes.  The document also suggests
using a timestamp mechanism.  This is still a snapshot of a work in
progress.

Last, the working group agreed to take on responsibility for the
Internet-Draft, ``Common DNS Errors and Suggested Fixes'' submitted to
the working group by Jon Postel.  There was not enough time to discuss
the document itself.  Please read the Internet-Draft and send comments
to Anant Kumar, anant@isi.edu, or to the DNS Working Group mailing list.
Anant will coordinate changes.


Subgroup Mailing Lists

DNS Security


   o General Discussion:  dns-security@tis.com
   o To Subscribe:  dns-security-request@tis.com


Load Balancing


   o General Discussion:  dns-wg-lb@ns1.rutgers.edu
   o To Subscribe:  dns-wg-lb-request@ns1.rutgers.edu


Attendees

Robert Austein           sra@epilogue.com
Anders Baardsgaad        anders@cc.uit.no
Tony Bates               tony@ripe.net
David Borman             dab@cray.com
Erik-Jan Bos             erik-jan.bos@surfnet.nl
Thomas Brisco            brisco@pilot.njin.net
Henry Clark              henryc@oar.net
Geert Jan de Groot       geertj@ica.philips.nl
Francis Dupont           francis.dupont@inria.fr
Osten Franberg           euaokf@eua.ericsson.se
John Hopkins             J_Hopkins@icrf.icnet.uk
Marc Horowitz            marc@mit.edu
Steven Horowitz          witz@chipcom.com
Phil Irey                pirey@relay.nswc.navy.mil

                                   3





Thomas Johannsen         thomas@ebzaw1.et.tu-dresden.de
Dale Johnson             dsj@merit.edu
Marijke Kaat             marijke@sara.nl
Frank Kastenholz         kasten@ftp.com
Peter Koch               pk@techfak.uni-bielefeld.de
Mark Kosters             markk@internic.net
Pekka Kytolaakso         pekka.kytolaakso@csc.fi
Eliot Lear               lear@sgi.com
Jose Legatheaux Martins  jalm@fct.unl.pt
Carl Malamud             carl@malamud.com
Bill Manning             bmanning@rice.edu
Greg Minshall            minshall@wc.novell.com
Keith Mitchell           keith@pipex.net
Clifford Neuman          bcn@isi.edu
Peder Chr.  Noergaard    pcn@tbit.dk
Masataka Ohta            mohta@cc.titech.ac.jp
Petri Ojala              ojala@eunet.fi
Michael Patton           map@bbn.com
Charles Perkins          perk@watson.ibm.com
Lars Poulsen             lars@cmc.com
Juergen Rauschenbach     jrau@dfn.de
Robert Reschly           reschly@brl.mil
John Romkey              romkey@elf.com
Luc Rooijakkers          lwj@cs.kun.nl
Marshall Rose            mrose@dbc.mtview.ca.us
Miguel Sanz              miguel.sanz@rediris.es
Jon Saperia              saperia@tay.dec.com
Tim Seaver               tas@concert.net
John Stewart             jstewart@cnri.reston.va.us
Erdal Taner              erdal@vm.cc.metu.edu.tr
Marten Terpstra          marten@ripe.net
Susan Thomson            set@bellcore.com
Gregory Vaudreuil        gvaudre@cnri.reston.va.us
Ruediger Volk            rv@informatik.uni-dortmund.de
Jost Weinmiller          jost@prz.tu-berlin.d400.de
Sam Wilson               sam.wilson@ed.ac.uk
Wilfried Woeber          Wilfried.Woeber@CC.UniVie.ac.at
Romeo Zwart              romeo@sara.nl



                                   4