[rssac-caucus] call for document leaders / contributors of root zone TTL work party

Steve Sheng steve.sheng at icann.org
Tue Jan 27 20:45:51 UTC 2015 

Dear Caucus, 

   So far we have three volunteers for the TTL work: Warren Kumari, Jaap
Akkerhuis, and Shmon Huque. We need more expert to participate.
 
   If you're interested in leading the effort and/or contributing the
effort, please send a message indicating that to both Liman and Steve Sheng
(staff support)

  Steve Sheng <steve.sheng at icann.org>
  Lars-Johan Liman <liman at netnod.se>

kind regards, 
Steve

From:  Steve Sheng <steve.sheng at icann.org>
Date:  Tuesday, January 20, 2015 at 10:39 AM
To:  "rssac-caucus at icann.org" <rssac-caucus at icann.org>
Subject:  [rssac-caucus] call for document leaders / contributors of root
zone TTL work party

> Dear RSSAC caucus,
> 
> In its last teleconference meeting, the RSSAC has identified root zone TTLs to
> be a work item for the group. According to the process recently sent out, the
> RSSAC is looking for volunteers for document leaders and participants for the
> effort. If you're interested in leading the effort and/or contributing the
> effort, please send a message indicating that to both Liman and Steve Sheng
> (staff support)
> 
>   Steve Sheng <steve.sheng at icann.org>
>   Lars-Johan Liman <liman at netnod.se>
> 
> Before 2015-01-30 2400 UTC. The scope of the task at hand is as follows:
> 
> #----------------------------------------------------------------------
> 
> STATEMENT OF WORK AND SCOPE FOR root zone TTLs
> 
> TTLs of records in the root zone have remain unchanged for as far back in time
> as we know from available root zone archives (i.e., at least 1999). This
> predates both a signed root zone and the use of anycast on root name servers.
> Until very recently, there has been little reason to consider changes to root
> zone TTLs.
> 
> Records in the root zone presently have three TTL values: 24 hours, 48 hours,
> and 6 days.  Most authoritiatve data in the zone is given a 24 hour TTL.  This
> includes SOA, DS, NSEC, and their associated RRSIGs.
> 
> The TLD delegation records (NS and glue), as well as DNSKEY records, are given
> a 48 hour TTL.  Since the NS+glue are not authoritative, the only RRSIG
> records with a 48 hour TTL are the DNSKEY signatures.
> 
> The only remaining records in the zone are the NS+glue (and RRSIG) for the
> root zone itself.  These are given a 6 day TTL.
> 
> Until just recently, all RRSIG records in the root zone were given a signature
> validity period of 7 days.  This meant that a root server instance that was
> not updated within 24 hours could return NS RRset responses whose TTL exceeded
> the signature validity.  This is not a problem for validating or
> non-validating resolvers alone, but could cause problems when a validator is
> behind (i.e., forwarding to) a non-validator.  The signature validity period
> was increased to 10 days to alleviate this problem.
> 
> Lowering of the NS RRset TTL is another way to alleviate the problem.  If the
> NS RRset TTL were lowered, it would be reasonable to again reduce signature
> validity values to previous levels.
> 
> Verisign, as the Root Zone Maintainer, requests the RSSAC Caucus to consider
> the extent to which: (1) the current root zone TTLs are appropriate for
> today's environment, (2) lowering the NS RRset TTL makes sense, and (3) the
> impacts that TTL changes would have on the wider DNS.
> 
> #----------------------------------------------------------------------
> 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/rssac-caucus/attachments/20150127/af1ad4ce/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5023 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/rssac-caucus/attachments/20150127/af1ad4ce/smime.p7s>

More information about the rssac-caucus mailing list