[rssac-caucus] RESOLVER: Re: [RSSAC-Caucus-Resolver-Study-WP] Resolver Study WP: Some observations/suggestions
Shinta Sato
shinta at jprs.co.jp
Wed Nov 28 08:21:53 UTC 2018
I've posted below comment to Resolver Study WP ML, but realized that
this should be sent to RSSAC Caucus ML with "RESOLVER" in the subject
line.
Regards,
Shinta Sato <shinta at jprs.co.jp>
Japan Registry Services Co., Ltd.
Forwarded by Shinta Sato <shinta at jprs.co.jp>
----------------------- Original Message -----------------------
From: Shinta Sato via RSSAC-Caucus-Resolver-Study-WP <rssac-caucus-resolver-study-wp at icann.org>
To: Mohit Batra <mohit at mohitbatra.in>
Cc: rssac-caucus-resolver-study-wp at icann.org
Date: Tue, 27 Nov 2018 17:40:10 +0900
Subject: Re: [RSSAC-Caucus-Resolver-Study-WP] Resolver Study WP: Some observations/suggestions
----
Dear Mohit and all,
On Mon, 12 Nov 2018 22:07:40 +0530
Mohit Batra via RSSAC-Caucus-Resolver-Study-WP <rssac-caucus-resolver-study-wp at icann.org> wrote:
> Dear All,
>
> Please find below my observations/suggestions.
>
> I hope they make sense, and add some value to work/discussions of Resolver Study WP.
>
> Thanks,
> Mohit
>
> 1. Most popular and vastly used public DNS resolver service like
> “Google Public DNS” (8.8.8.8) uses a custom-designed implementation
> by Google, rather than using popular recursive DNS server softwares
> like BIND and Unbound.
>
> However, for our testbed(s) I think we need to at least utilize a
> combination of commonly used DNS server software (recursive as well
> as authoritative) which are used most out there in the wild on
> Internet. Examples are BIND, Unbound, NSD, Knot DNS etc.
I agree with this.
In addition, to clarify the scope, I think we need to determine more
about the target of the resolvers we study about. The questions listed
in the Googld Doc says "code bases and configurations", but no further
information there. Deciding the explicit target or at least listing
them should be done, I beleive.
- target of "code bases"
- BIND, Unbound, Knot Resolver, PowerDNS Recursor, etc.
- any commercial products, appliance servers (eg. Nominum, Infoblox)
* the code may not be available, but we can still ask for the
information to the vendors.
- target of versions
- current versions
- old major versions (not modern?)
- any versions with characteristic changes (if known?)
- modified versions, delivered via major OS distributions
- ...
- target of "configurations"
- which configurations?
These were mostly mentioned during the meeting, but not described in the
document.
Regards,
Shinta Sato <shinta at jprs.co.jp>
Japan Registry Services Co., Ltd.
> 2. Further, it would be useful to create a list of ready-reference study
> material that Resolver Study WP members (and RSSAC Caucus members)
> can refer to while performing tests and simulations, and
> exploring/proposing new use cases. This ready-reference study
> material may include, but is not limited to:
> a. RFCs, STDs, BCPs and Internet drafts related to DNS/DNSSEC, that
> fit into the scope of this WP. One Example is RFC 8109 (BCP 209)
> -Initializing a DNS Resolver with Priming Queries. Another
> example is RFC 8483 (Yeti DNS Testbed).
> b. Research/Academic papers that fit into the scope of this WP. I
> believe it is already being worked upon by Wes.
> c. non-IETF but reputed DNS/DNSSEC deployment guides, that fit into
> the scope of this WP. One example is: Secure DNS Deployment Guide
> - NIST Special Publication 800-81-2
> https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-81-2.pdf
> <https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-81-2.pdf>
>
> 3. Finally, while referring to DNS/DNSSEC specific BCPs in our
> ready-reference study material above, we may test/check on our
> testbed(s) whether Resolvers are conforming to these BCPs.
_______________________________________________
RSSAC-Caucus-Resolver-Study-WP mailing list
RSSAC-Caucus-Resolver-Study-WP at icann.org
https://mm.icann.org/mailman/listinfo/rssac-caucus-resolver-study-wp
--------------------- Original Message Ends --------------------
More information about the rssac-caucus
mailing list