[rssac-caucus] Meeting Notes and Actions from 23 TTL WP Call

Steve Sheng steve.sheng at icann.org
Thu Apr 30 15:17:25 UTC 2015 

Dear all, 


  My apologies for sending the notes and action items for this call late.


Steve


23 April 2015 RSSAC Caucus TTL WP Call


Participants: Duane Wessels (leader), Jaap Akkerhuis, John Bond, Joe Abley,
Matt Thomas. Staff: Steve Sheng, Carlos Reyes, Barbara Roseman, Kathy
Schnitt


Apologies: Brian Dickson, Warren Kumari


Action items: 
* Matt and Shumon to rerun the test measuring the DS and DNSKEY TTLS for
TLDs with a more recent copy of the root zone file. Also perform the
analysis to compare NS and DNSKEY on a per TLD basis to see if they are the
same or different. 
* Jaap to continue the task of finding the recursive resolver application's
TTL settings. Jaap to provide some text about measurements of TTL in
relation to Warren¹s contribution.
* Each of the streams of work to provide an ETA for their efforts.
* Duane to send an email to the WP regarding 6 May meeting time, if no
objections the next meeting will be 6 May.
Decision: 
* For next meeting, the working group will create the report document and
puttings things together.


Notes:
  Kathy Schnitt:Apology: Brian Dickson
  jaap akkerhuis:No sound no mike
  Kathy Schnitt:Japp sound on AC is working now
  Matt: Shumon and I measured the TTL of DS and DNSKEY of delegated TLDs,
these came from root zone file in March
  the DS key TTL is uniform. There were some DS keys that are absent. The
DNSKEY, there is a non-uniform TTL distribution. Majority is 86400. A large
portion of them have smaller values, varing from TTLs in ccTLDs. We plan to
rerun the test, as quite a few TLDs have been delegated.
  Duane: The graph you send are specific to DNSKEY TTLs, right?
  Duane: have you done work on NS TTLs?
  Duane: Matt is having some connectivity issues.
  Duane: This is good. One thing is compare to compare NS and DNSKEY on a
per TLD basis.
  Duane: To see if they are the same or they are different.
  Matt: Sure.
  ACTION ITEM: Matt to compare NS and DNSKEY TTL for the root zone.
  ACTION: With new zone file.
  Jaap: It is too early to draw conclusions.
  Duane: Yes, I agree. Since most of the TTL is one day.
  Matt: Duane and I are doing some analysis on the DITL data.
  Matt: As it stand, we are about half way done.
  Matt: We use the root zone file to determine delegated TLDs.
  Matt: We calculate, minimum, maximum, mean, median time delta of the
queries.
  Kathy Schnitt:Warren is unable to make the call today.
  Matt: This graph shows the distribution of the queries by TLD.
  Matt: The number of requests measured by IP.
  Duane: As we are writing the report on TTL, we need to think about what
group of users are most important.
  Duane: One thing is to profile the IP by query types.
  Duane: To identify recursive resolvers.
  Duane: The problem of identifying typical is that they are all over the
map.
  Duane: It is difficult to define normal vs. abnormal.
  John: Looking at that, it seems there is no impact if changing TTL from 2
day to 1 day.
  Duane: That seems to be my understanding, but this affect clients, we need
to see how many queries are affected.
  Duane: Jaap, do you have any news for us?
  Jaap: I looked at warren's measurements, but I think some of it may not be
measuring the right thing.
  Jaap: [not captured]
  Duane: It would be good to document this behavior.
  ACTION: Jaap to continue the task on the recursive resolver application
TTL.
  Jaap: Also Peter Koch did not respond to my requests for root zone's prior
1999.
  Duane: Let's look at SOA.
  John: I have put my contribution in the email, my recommendation is change
some values.
  Duane: I tend to agree.
  Duane: One way is to lower the zone expiry time from 7 days to 3 days at
least to solve this problem.
  Duane: The other to increase the validity period to 20 days.
  Duane: The other option is to generate more signatures more frequently.
  John: My gut feeling here is changing the expiray in SOA seem to make the
most sense.
  That value seems a little bit too high, I woudl prefer root zone to expire
their data earlier than 7 days.
  The root server operators should ensure their servers much earlier than
expiry period.
  Joe: There is also a large part of the population not validating DNSSEC.
  Duane: I have some experience with this kind of thing, the tool is
designed to tell whether you were using a validating recusive name server.
The first time you query it, it responded with bad response, and expected
you to try again.
  Duane: This works great for BIND. It works just ok for UNBOUND. It works
terribly for Nominom's implementation.
  as they only tried once.
  Duane: I think there is nothing in the protocol that mandates retrial
numbers.
  Duane: I suspect we will need RSSAC to choose.
  Duane: Are there any last minute things to talk about.
  Duane: I will send out a message to the list. For each item, let's get an
update progress and ETA. I think maybe in about 2 weeks we should start
creating the report document and puttings things together. That would give
us three weeks before our deadline.
  John: My item is complete, but Joe raised a good point. How caching
resolvers respond when they get an expired response.
  Duane: One administrivia in two weeks, I will be heading to OARC meeting.
Can we reschedule that.
  to the day before?
  ACTION: Duane to send a note asking people's flexibility on Wed 6 May.
  jabley:thanks!
  jaap akkerhuis:Later!
 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/rssac-caucus/attachments/20150430/054d409d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5023 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/rssac-caucus/attachments/20150430/054d409d/smime.p7s>

More information about the rssac-caucus mailing list