This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/dns-resolver-tf@ripe.net/
[dns-resolver-tf] Draft Minutes - DNS Resolver Best Common Practice Task Force - 8 August 2023
- Previous message (by thread): [dns-resolver-tf] Task Force Status Update
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Boris Duval
bduval at ripe.net
Thu Aug 24 10:13:38 CEST 2023
Dear TF members, Here are the minutes from our seventh call. Cheers, Boris *** Tuesday, 8 August 2023 17:00 (UTC+2) Attendees: Marteen Aertsen, Shane Kerr, Andronikos Kyriakou, Tim Wicinski Scribe: Boris Duval 1. Recommended Knobs Settings The Task Force discussed recommendations for specific DNS settings: https://github.com/DNS-Resolver-BCP-TF/Resolver-Recommendations/issues/10 Here’s a summary: DNSSEC Validation: · Recommended enabling DNSSEC validation. · Negative caching (NSEC, NSEC3) reduces traffic, safeguards against random subdomain attacks (RFC 8198). · Root KSK update essential; RFC 5011 or resolver operator for updates via OS. · Valuable material in RFC9364 for DNSSEC operations. TTL Limits (max & min): · Software default TTL of 1-2 days; potential reduction for cache size. · Lower TTL removes infrequently-used records, minimal operational impact, memory savings. · Some implementations allow minimum TTL, though a DNS protocol violation. · Software can set differing max/min TTL, impacting queries. TTL Record Pre-fetch: · Certain resolvers prefetch records before cache expiration to extend TTL. · Feature not standardized; related proposal: https://datatracker.ietf.org/doc/html/draft-wkumari-dnsop-hammer-03 · Recommended enabling if available. Cache Saving: · Exploring downsides; input sought from implementors, DNS OARC list. Local Root (and maybe local TLD?): · Beneficial to use local root (RFC8806). · Not applicable to most TLDs due to frequent changes. Shane offered to develop these notes and come up with a first draft. -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/dns-resolver-tf/attachments/20230824/8255a1cc/attachment-0001.html>
- Previous message (by thread): [dns-resolver-tf] Task Force Status Update
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]