I've posted below comment to Resolver Study WP ML, but realized that this should be sent to RSSAC Caucus ML with "RESOLVER" in the subject line. Regards, Shinta Sato <shinta@jprs.co.jp> Japan Registry Services Co., Ltd. Forwarded by Shinta Sato <shinta@jprs.co.jp> ----------------------- Original Message ----------------------- From: Shinta Sato via RSSAC-Caucus-Resolver-Study-WP <rssac-caucus-resolver-study-wp@icann.org> To: Mohit Batra <mohit@mohitbatra.in> Cc: rssac-caucus-resolver-study-wp@icann.org Date: Tue, 27 Nov 2018 17:40:10 +0900 Subject: Re: [RSSAC-Caucus-Resolver-Study-WP] Resolver Study WP: Some observations/suggestions ---- Dear Mohit and all, On Mon, 12 Nov 2018 22:07:40 +0530 Mohit Batra via RSSAC-Caucus-Resolver-Study-WP <rssac-caucus-resolver-study-wp@icann.org> wrote:

Dear All,

Please find below my observations/suggestions.

I hope they make sense, and add some value to work/discussions of Resolver Study WP.

Thanks, Mohit

1. Most popular and vastly used public DNS resolver service like “Google Public DNS” (8.8.8.8) uses a custom-designed implementation by Google, rather than using popular recursive DNS server softwares like BIND and Unbound.

However, for our testbed(s) I think we need to at least utilize a combination of commonly used DNS server software (recursive as well as authoritative) which are used most out there in the wild on Internet. Examples are BIND, Unbound, NSD, Knot DNS etc.

I agree with this. In addition, to clarify the scope, I think we need to determine more about the target of the resolvers we study about. The questions listed in the Googld Doc says "code bases and configurations", but no further information there. Deciding the explicit target or at least listing them should be done, I beleive. - target of "code bases" - BIND, Unbound, Knot Resolver, PowerDNS Recursor, etc. - any commercial products, appliance servers (eg. Nominum, Infoblox) * the code may not be available, but we can still ask for the information to the vendors. - target of versions - current versions - old major versions (not modern?) - any versions with characteristic changes (if known?) - modified versions, delivered via major OS distributions - ... - target of "configurations" - which configurations? These were mostly mentioned during the meeting, but not described in the document. Regards, Shinta Sato <shinta@jprs.co.jp> Japan Registry Services Co., Ltd.

2. Further, it would be useful to create a list of ready-reference study material that Resolver Study WP members (and RSSAC Caucus members) can refer to while performing tests and simulations, and exploring/proposing new use cases. This ready-reference study material may include, but is not limited to: a. RFCs, STDs, BCPs and Internet drafts related to DNS/DNSSEC, that fit into the scope of this WP. One Example is RFC 8109 (BCP 209) -Initializing a DNS Resolver with Priming Queries. Another example is RFC 8483 (Yeti DNS Testbed). b. Research/Academic papers that fit into the scope of this WP. I believe it is already being worked upon by Wes. c. non-IETF but reputed DNS/DNSSEC deployment guides, that fit into the scope of this WP. One example is: Secure DNS Deployment Guide - NIST Special Publication 800-81-2 https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-81-2.pdf <https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-81-2.pdf>

3. Finally, while referring to DNS/DNSSEC specific BCPs in our ready-reference study material above, we may test/check on our testbed(s) whether Resolvers are conforming to these BCPs.

_______________________________________________ RSSAC-Caucus-Resolver-Study-WP mailing list RSSAC-Caucus-Resolver-Study-WP@icann.org https://mm.icann.org/mailman/listinfo/rssac-caucus-resolver-study-wp --------------------- Original Message Ends --------------------