**Session Date/Time:** 17 Mar 2025 08:30 # dnsop ## Summary The DNSOP meeting covered several important topics, including the status of existing drafts, new work proposals, hackathon projects, and presentations on CDS consistency, domain control validation using DNS, DNS filtering details for applications, and clarifications to the DNS ranking data draft. Discussions focused on improving clarity, addressing security concerns, and aligning with current practices. ## Key Discussion Points * **Draft Status Updates:** Several drafts are progressing, including "Generalized Notify" (revising after IT last call) and "MUST NOT Gossip" (addressing SHA-1 issues). Warren's "Structure D.S. Error" is facing Datatracker issues. * **DNSSEC Automation:** Moving forward as informational due to limited feedback, but considered less controversial. * **NS3 Validation:** Working Group Last Call to be initiated. * **CDS Consistency:** Draft is considered stable and ready for Working Group Last Call. Switch is working on an implementation. * **Domain Control Validation (DCV):** Revamped draft (revision 07) focuses on text-based DCV records with random challenges. Discussions continued regarding inclusion of non-spaced DCV validation methods and distinguishing domain control validation from domain-based authorization. Concern raised about potential overlap between namespaces used for DCV and other parameters, such as blue sky handles. * **DNS Filtering Details for Applications:** Draft addresses the issue of censorship imposed via DNS and the lack of transparency for end users. Concerns were raised about potential misuse, browser security risks, and the complexity of presenting information to end users. A registry is used to mediate information being displayed to the user. * **DNS Ranking Data:** Clarifications proposed for the DNS ranking data draft. The goal is to bring more clarity around the functions and responsibilities of DNS data. Proposed directives cover authoritative server behavior, name resolution results, non-authoritative responses, and the use of hints files for root zone servers. ## Decisions and Action Items * **NS3 Validation:** Initiate Working Group Last Call. * **CDS Consistency:** Proceed to Working Group Last Call. * **DNS Integration:** Initiate a call for adoption. * **DNSSEC Signing Pipeline:** Attendees were encouraged to review the slides from the interim meeting. * **Domain Control Validation (DCV):** Authors to update the draft based on discussions with Paul Hoffman and feedback from the working group, particularly regarding the scope and use cases of the document. Investigate the other draft from Swapnil Sheath. * **DNS Filtering Details for Applications:** Continue discussion on the mailing list and consider coordination with the ICANN SAC work party. ## Next Steps * Authors of drafts to incorporate feedback from the meeting and mailing list. * Chairs to facilitate further discussion on the mailing list for contentious issues. * Coordinate review of documents with the DNS Directorate. * Advance drafts to Working Group Last Call where appropriate. --- **Session Date/Time:** 20 Mar 2025 06:00 # dnsop ## Summary The DNSOP meeting covered several draft proposals, including collision-free key tags for DNSSEC, horizontal DNS synchronization (H-Sync), DNS Update with JSON (DUJ), Sig Zero updates, dry-run DNSSEC, and a proposal for registering the ".internal" TLD for private use. Discussions centered on the technical merits, operational implications, and potential adoption paths for each draft. ## Key Discussion Points * **Collision-Free Key Tags for DNSSEC:** The draft aims to disallow colliding key tags for the same algorithms in the same zone to improve DNSSEC validation efficiency and mitigate denial-of-service attacks like KeyTrap. Concerns were raised about adding complexity to the DNSSEC ecosystem and potentially preventing valid use cases. The chairs will discuss with the AD how to go forward. * **Horizontal DNS Synchronization (H-Sync):** The proposal introduces an H-Sync record to facilitate communication and synchronization between multiple DNS providers, particularly in multi-signer scenarios. It addresses challenges related to automation and consistency across providers. * **DNS Update with JSON (DUJ):** The draft defines a JSON-based format for simplifying DNS record updates, especially for users copying and pasting configurations into web interfaces. Concerns arose about potential confusion caused by double quotes in copy-pasted text. * **Sig Zero Updates:** The discussion focused on updating Sig Zero to include error fields and original ID fields for improved transaction authentication, particularly in forwarding scenarios. Different options for handling the original ID and error return value were debated, including EDNS0 options, TTL reuse, and new RR type. * **Dry-Run DNSSEC:** The draft proposes a mechanism for testing DNSSEC deployments in production environments without affecting real-world validation. It introduces a "dry-run" DS record and the possibility of reporting errors and successes. Interaction with aggressive caching was discussed. * **.internal TLD:** The discussion revolved around the proposed registration of the ".internal" TLD in the Special Use Domain Names (SUDDN) registry. The string has already been selected and reserved by ICANN. Concerns were raised about IETF process and IANA involvement. ## Decisions and Action Items * **Collision-Free Key Tags for DNSSEC:** The chairs will discuss with the AD how to go forward. * **Horizontal DNS Synchronization (H-Sync):** The authors will follow up with an interim session on this topic with more details. The working group will discuss whether to handle the set of drafts individually or as a whole. * **DNS Update with JSON (DUJ):** The chair will discuss adoption status with the AD. * **Sig Zero Updates:** The author will update the draft based on feedback, especially regarding compatibility with existing implementations, and then seek working group adoption. * **Dry-Run DNSSEC:** The chair will discuss with the AD on next steps for adoption. * **.internal TLD:** Chairs will consider community feedback on Warren's proposal to include .internal in the SUDDN. ## Next Steps * Review the drafts discussed during the meeting and provide feedback to the authors. * The chairs will consult with the AD about the calls for adoption and the work group's load. * Monitor the mailing lists for further discussions and announcements regarding interim meetings.