Session Date/Time: 30 Mar 2023 00:30

dnsop

Summary

This dnsop meeting covered updates on ongoing work, guest presentations, and discussions on potential future adoption of several drafts. Key topics included the Green Name System, Structured Error Data for Filtered DNS, Domain Verification Techniques, Compact Denial of Existence in DNSSEC, Consistency Requirements for CDS/CDNSKEY Processing, Generalized DNS Notifications, and DNS Out of Protocol Signaling.

Key Discussion Points

DNSSEC Publication: DNSSEC has been published, and the catalog zones document is in the RFC editor queue.
Service Binding Document (Service B): Back in working group, authors removed sections, now in last call (ends next week). Shorter ESI portion likely to move to the TLS working group. The related TL document is also in last call.
Avoid Fragmentation Document: Authors published version 12, seeking feedback.
Glue on Optional Draft: Finished, shepherd write-up underway.
Domain Verification Techniques: Last call hit consensus with slight stickiness around the token top concept.
DNS Val Requirements: Editorial comments received, working with authors to address them.
Green Name System (GNS): A presentation was given on GNS, a decentralized naming system compatible with DNS. Concerns about potential conflicts with DNS were discussed.
Structured Error Data for Filtered DNS: Updates were presented, including mapping server codes to existing error codes and adding a registry for future sub-codes. A tight control of this registry with IESG review was recommended.
Implementation of Extended DNS Errors: An implementation was shown to enhance the user experience of network-based security products.
Domain Verification Techniques: Discussions on token top concept, expiry of records, and mandatory DNSSEC signing.
Compact Denial of Existence in DNSSEC: Discussion about its wide deployment but lacking specification, leading to the suggestion to standardize it. Its operational implications and a proposed solution to distinguish between NXDOMAIN and empty non-terminals were presented.
Consistency Requirements for CDS/CDNSKEY Processing: Discussed potential security implications of inconsistent CDS records across name servers. Propose consistent across nameservers when processing.
Generalized DNS Notifications: Addressed the issue of costly scanning in DNS. A suggestion to update the notify mechanism for vertical notifications.
DNS Out of Protocol Signaling: Focused on name servers signaling programs outside the DNS protocol.

Decisions and Action Items

Service B: Authors to continue working on the document; shorter ESI to move to TLS WG.
Avoid Fragmentation: Working Group to review version 12 and provide feedback.
Domain Verification Techniques: Authors to address comments on token top concept, expiry, and DNSSEC signing.
Structured Error Data for Filtered DNS: Registry for server codes should be tightly controlled with IESG review, not designated experts.
Compact Denial of Existence in DNSSEC: Open call for adoption on the mailing list, and further discussion to come. Need to address how the protocol behaves with DoT/DoH and whether to signal when there is Do equals zero query. Should also specify behavior on deliberate queries for N name.
Consistency Requirements for CDS/CDNSKEY Processing: Continue discussion on the mailing list regarding recommendation and possible adoption.
Generalized DNS Notifications: No specific action items, continue discussion on the mailing list.
DNS Out of Protocol Signaling: Solicit feedback from the working group for potential use cases in DNS operations.

Next Steps

Chairs to initiate a call for adoption on the mailing list for "Compact Denial of Existence in DNSSEC" and "Consistency Requirements for CDS/CDNSKEY Processing."
All authors to address feedback received during the meeting and update their respective drafts.
Continue discussions on the mailing list for all topics.