►
From YouTube: IETF103-DNSOP-20181105-1350
Description
DNSOP meeting session at IETF103
2018/11/05 1350
https://datatracker.ietf.org/meeting/103/proceedings/
A
C
The
backdoor,
but
that's
okay,
no
good
afternoon
and
welcome
to
DNS
op
I'm
Tim
and
that's
Ben
Oh
over
there
Susanne's
on
me,
Tech,
oh
I,
believe
so
last
person
in.
Could
you
please
shut
the
back
door.
I
appreciate
that.
Thank
you.
So
we've
got
a
couple
hours
of
good
times
ahead
of
us
like
I
said
here
are
the
where
the
chairs
there's
the
jabber
room,
Dan
York,
he
you
know
again
raise
your
hand
Danny's
the
jabber
scribe
Thomas
Peterson.
Where
are
you
please
raise
your
hand?
He
said
just
could
take
minutes.
C
C
C
There
are
blue
sheets
passing
around.
Please
fill
them
in
I
know,
there's
smaller
crowd
than
normal,
but
definitely
you
know
definitely
like
to
have
our
names
on
who's
who's
actually
showing
up.
Oh
great,
since
our
last
meeting
we've
had
some
bad
PDF
failure.
This
is
I
always
have
this
problem,
so
we've
got
three
things
in
the
editor
queue.
Rfc
editor
queue
the
ip6,
our
DNS,
the
terminology
biz,
which
actually
got
Nerada
on
the
original
one
earlier
this
week
and
refuse
anyone
was
that
oh
good
I
figured
I
figured
you'd,
take
care
of
Paul.
C
Thank
you
and
we've
got
four
documents
in
the
isg
sort
of
adq.
The
two
outer
leaf
ones,
which
dave's
put
out
some
new
versions
just
looks
like
today
and
I
will
say:
there's
there's
some
editorial
things
that
I
think
everybody
should
probably
take
a
look
at
it's
not
that
it's
normally
bad.
It's
just
that
I
think
in
doing
the
edits.
There
are
a
few
things
that
got
missed
and
I
think
some
eyes
on
it.
C
C
So
that's
kind
of
great
I
was
hoping
something
would
get
published
between
here
in
Montreal,
but
I
know
we
sort
of
basically
swamped
warned
with
with
work,
so
you
know
we're
in
the
same
boat
capture
formats
in
IETF
last
call,
and
so
that's
moving
overhead
and
we
finished
up
working
group
last
call
an
algorithm,
update
and
I
just
told
the
authors.
I
will
have
the
Shepherd
write-up
done
by
the
end
of
the
week.
C
That's
my
promise
and
also
in
working
group
last
call
I
started
off
extended
error,
which
seemed
to
kick
off
a
lot
of
people
arguing
about
stuff,
which
is
good
because
it
got
people
reading,
stuff
and
sort
of
paying
attention.
So
maybe
we'll
sort
out
what's
going
on
there
and
we'll
get
the
extent
arab,
it's
going
so
and
next
up
for
can
group
last
calls.
We
want
to
I've
been
wanting
to
sort
of
push
the
the
28:45
the
teasing
biz
draft.
This
was
something
that
was
solved.
You
guys
worked
out
back
in
Prague
two
summers
ago.
C
You
know
this
is
just
one
of
these
things.
There's
a
lot
of
this.
A
lot
of
positive
discussion,
oh
art,
but
work
is
definitely
a
lot
of
tlb
people
and
roots
on
people.
So
this
one
you
know
I'll
be
interesting
to
see
that
where
this
one
goes
so
and
and
there's
maybe
some
other
stuff
we've
been
around
were
talking
about
this
there's
other
things
sort
of
floating
out
there,
but
nothing
to
actually
bubbled
up
enough.
That
says,
oh,
let's
add
this
to
the
pile
for
adoption,
so
you
know
we'll
see.
C
Maybe
some
stuff
will
come
up
today.
You
never
know,
and
we
have
these
three-part
documents.
We
were
just
talking
with
Lauren
about,
and
this
is
something
for
Warren
to
deal
with.
So
this
basically
Warren's
work.
You
know
I'm
not
sure
what
to
do
with
these,
so
we're
just
gonna.
Let
them
sit
for
now
so
on
our
agenda,
a
Dave
Lawrence
to
go
talk
about
surf
sale,
so
we're
finally
moving
that
one
forward
again,
which
I
think
it's
good.
We're
gonna
have
a
nice
little
discussion
about
a
name
sort
of
talked
about.
C
Oh,
no,
they
haven't
closed
it.
So
I
think
they
want
to.
They
just
haven't
done
it
so,
but
that's
essentially,
what's
going
on
in
the
working
group,
most
of
I
think
we've
done
less
since
Montreal's
basically
dealt
with
a
big
big
stack
of
documents
that
we
sort
of
pushed
out
earlier
this
summer
and
sort
of
just
kept
sort
of
warned
busy
through
the
whole
cycle.
So
but
we're
just
gonna
keep
swapping
you
until
you
cry
uncle.
So
you
know.
That's
that's
how
we
go
so
with
that
thing.
E
Actually
can
I
still
two
minutes
sure,
so
a
faulty
lost
sorry
Warren
come
where
yeah
yep
before
the
last
meeting
I
asked
people
to.
Please
provide
some
feedback
on
Stuart
Cheshire's,
ipv4,
darpa
document,
oh
yeah,
that
got
some
feedback
and
then
it's
at
for
a
while.
The
document
has
had
some
motion
and
so
I'm
still
planning
on
AV
sponsoring
it
I
will
ask
the
anisotropies.
Have
another
look,
and
please
remind
me
what
all
happened
last
time,
because
I've
managed
to
swap
it
all
out
completely.
C
I
thought
that's
right.
I
thought
that
one
was
pretty
much.
All
sort
of
you
know
worked
out.
So
that
reminded
me.
The
other
thing
there's
a
KSK
role
meeting
later
this
week
and
now
I
can't
remember
exactly
what
it
was
so
I'm
gonna
make
Paul
gay
actually
get
up
and
actually
tell
me
so
for
four
o'clock
on
Thursdays
thanks
Dave.
F
C
F
It
no
Wednesday
4
o'clock
on
Wednesday
in
the
pagoda
room
and
on
Friday
morning
at
9
o'clock
in
the
chat
lotta
three
room,
so
these
are
not
actually
meetings.
These
are
very
loose
side
meetings.
The
purpose
is
for
people
to
get
up
and
say
what
they
wanted
to
see
the
DNS
SEC
KSK,
be
in
the
future
and
and
much
more
importantly,
why
they
are
feeling
that
way.
The
idea
is
that
if
we
have
some
face-to-face
discussion,
it's
not
somebody
saying
I
think
it
should
be
this.
F
It's
like
I
think
I
should
be
this
for
this
reason
and
someone
else
can
respond,
so
it'll
be
more
of
round
circle
or
whatever
I'm
gonna
try
to
record
them,
but
this
is
really
just
very
informal
early
stuff.
It's
like
a
mic
line
but
sort
of
in
a
u-shaped
room
yeah
and
nothing
is
going
to
come
out
of
it
definitive
until
we
start
like
doing
definitive
stuff
which
ain't
gonna
be
till
next
year.
Roll
over
is
still
not
finished.
F
For
those
of
you
who
aren't
following
the
list,
we
still
actually
have
to
revoke
the
old
key
and,
as
someone
pointed
out
in
the
list
that
actually,
even
though
we're
doing
the
revocation
in
January-
it's
not
really
complete
till
March.
So
but
then
we
will
have
some.
But
so
the
idea
is,
let's
just
talk
about
what
you
think
hey.
It
should
be
done
this
way.
The
next
time
you.
F
Have
a
list
of
things
that
people
have
thrown
up
at
the
mic
line
at
Dina,
so
our
cat,
the
mic
line
and
write
some
on
the
mailing
list
and
such
like
that
there's
a
wide
range
of
things.
People
have
said
this
is
what
I'm
looking
for
before
and
some
of
them
interact.
You
know
so,
for
example,
people
are
saying
a
standby
key.
Will
standby
key
interacts
with
a
rollover?
Things
like
that,
so
just
again,
really
it's
to
get
people
talking
to
each
other
and
not
just
add
each
other
on
the
mailing
list.
C
H
H
So
before
launching
into
the
surf
sale,
stuff,
I
just
wanted
to
mention
that,
as
far
as
dough
is
concerned,
there
are
some
giant
question
marks
like
Spanish
upside
down,
one
in
the
front
and
in
the
back
around
whether
we're
closing
dough
or
not
and
so
stay
tuned
to
this
space.
It's
something
so
to
be
worked
out.
H
Right
I
can
speak,
authoritative,
ly
that
there's
nothing
to
report,
so
Robert
Edmunds
up
on
Twitter
a
while
ago,
came
up
with
this
pun.
Observing
that
surfs
tail
could
be
reparse
to
being
serves
tail
I
would
like
it
was
kind
of
amusing
to
me
that
it
actually
took
like
five
years
of
us
using
this
term
to
notice
this,
but
there
it
is,
and
here's
my
clicker
for
those
of
you
who
have
not
been
paying
attention.
H
The
basic
idea
behind
the
draft
is
that
we're
trying
to
increase
resiliency
on
the
when
the
authorities
can't
be
reached
in
a
timely
manner
by
the
resolver.
You
should
only
use
this
stale
data
in
the
event
that
you're
in
an
exceptional
circumstance,
and
it's
meant
to
be
a
drop-in
for
the
existing
infrastructure
that
you
shouldn't
need
to
update
your
stub
resolver
'z,
which
are
typically
very,
very
slow
to
update,
even
slower
than
the
rest
of
the
revolvers
on
the
Internet.
H
There
are
two
other
interesting
changes
that
are
coming
along
with
this,
though
one
of
them
is
that
I
just
happen
to
notice
recently
that
RFC
2181
actually
says
that
in
the
year
32-bit
TTL
field,
if
the
high-order
bit
is
set,
that
is,
somebody
has
treated
it
as
an
unsigned
integer.
When
really
that
high
order
bit
is
undefined
that
you
should
treat
it
as
though
the
TTL
was
set
to
zero.
H
That
doesn't
seem
like
a
particularly
good
idea,
particularly
given
some
of
the
past
badness
FS
revolve
revolved
around
having
a
TTL
of
zero,
and
so
in
this
draft
of
what
I
have
suggested.
Is
that
really
we
should
perhaps
just
treat
as
though
the
high
order
bit
is
not
set,
and
it
was
just
the
either
Capet
at
the
max
or
well
right
at
the
moment,
it
says
to
treat
it
as
the
max,
but
in
it
so
observing.
H
That
means
that
you
have
a
potential
TTL
of
68
years,
which
also
is
a
pretty
terrible
idea
in
a
lot
of
different
ways,
and
it's
noted
that
most
resolvers
at
least
that
we're
familiar
with
all
having
Maxim's
already
associated
with
them,
bind
I.
Believe
it's
default
is
at
maximum
week.
Not
I
thinks
is
a
day,
and
so
it
seems
pretty
reasonable.
H
There
are
two
different
options
in
the
current
version
of
the
draft
one.
It's
as
I
previously
noted.
The
idea
is
that
the
features
that
this
feature
of
being
able
to
use
stale
data
is
not
really
meant
to
be.
It's.
It's
essentially
opt
out
which
the
ITF
has
made
some
statements
that,
quite
understandably,
that
that
feature
should
be
opt
in
where
possible.
H
But
in
this
particular
case
the
feature
is
really
intended
to
add
resiliency
to
the
existing
deployment
or
not,
and
so
this
the
easiness
options
are
proposed,
not
to
say
whether
or
not
still
data
is
okay
but
to
say
explicitly.
Hey
I
know
about
the
possibility
of
still
data
I'd
like
to
know
whether
any
of
the
data
in
my
answer
was
stale
or
not
still
where
clients
could
also
then
use
this
to
ignore
it.
H
If
they
really
didn't
want
stale
data,
it
should
be
noted
that
you
can
actually
like
with
the
implementation
I
did
for
bind
that,
because
stale
data
is
predicated
on
a
resolution,
timeout
that
if
you
asked
for
non
recursion,
you
should
also
then
not
get
back
stale
answers.
The
problem
with
that,
of
course,
though,
is
you?
Wouldn't
have
recursion
in
the
cases
where
it
was
going
to
come
back.
H
The
two
different
options,
the
more
feature
full
one
actually
uses.
Essentially
an
array
of
indices
to
which
are
are
sets
in
the
answer,
could
be
sale
because
think
about.
For
example,
when
you
get
back
a
full-featured,
I'm
gonna
resolve
our
answer,
which
not
only
fills
in
your
answer,
but
also
your
authority
and
additional
sections,
and
so
you
have
multiple
different
records
in
there,
possibly
of
the
same
type,
any
of
which
could
be
stale
or
not
stale.
So
this
option
actually
tries
to
make
it
really
clear
which
exact
records
inside
the
answer
Archdale
or
not.
H
But
of
course
this
is
going
to
be
more
complex
for
the
code
to
track
and,
as
McCann
pointed
out
on
the
mailing
list,
like
one
of
the
other
reasons
that
this
makes
it
more
complex
besides
just
having
to
keep
track
as
you're
filling
in
the
answer.
But
numbers
servers
have
a
feature
where
you
can
reorder
the
records
in
an
answer
and
when
so,
when
they
come
back
the
between
filling
in
the
packet
and
then
reordering
records,
the
server
would
have
to
keep
additional
code
state
to
understand
which
records
it
was
22.
H
We're
still
on
not
been
eaten.
Warren
came
up
with
a
simpler
option.
That,
basically
just
says
it's
two
main
salient
features
or
you
can
indicate
whether
you
want
us
whether
stale
records
are
okay
or
not,
and
in
your
answer,
if
you
have
indicated
still
records
are
okay
and
any
of
the
records
are
stale,
then
you'll
get
it
back.
H
H
There
are
a
number
of
timer
values
that
we
recommend
within
the
draft.
All
of
these
are
just
recommendations.
They're
not
must
set
to
this,
and
so
we'd
really
like
to
hear
discussion
on
whether
you
think
these
values
are
appropriate
decline,
response
timer.
This
is
the
timer
that
basically
says
hey
you've,
gotten
requests.
You've
kicked
off
a
resolution
for
it.
You
haven't
gotten
back
a
resolution
in
this
amount
of
time,
but
your
client
is
waiting
and
want
something
responsive.
H
The
one
point
eight
seconds
actually
came
from
my
original
implementation,
which
existed
in
a
particular
environment,
where
I
knew
that
the
client
that
was
talking
to
me
through
the
stuff
resolver,
if
it
would
timeout
after
two
seconds
and
so
I,
wanted
to
allow
maximum
time
to
possibly
get
an
answer
back
while
still
avoiding
it's
fine.
Now
there
might
be
a
better
value
in
other
circumstances,
and
so
a
little
bit
of
discussion
around
that
would
help
the
query
resolution
timer.
This
is
actually
an
existing
feature
in
almost
all
resolvers.
As
far
as
I
know,
all
resolvers.
H
That
basically
says
don't
spend
too
much
time
talking
to
every
name
server
out
there,
its
bounding,
the
work
done
by
the
resolver
it
used
to
be
30
seconds
and
by
now
it's
a
lot
lower
different
servers
have
different
values,
and
so
this
doesn't
recommend
the
specific
one
but
kind
of
sets
30
seconds
as
the
upper
bound.
The
maximum
stale
timer
is
basically
once
you
put
a
record
in
your
cache
and
you're
willing
to
keep
using
it.
How
long
should
you
keep
it
in
the
cache
before
you
can
finally
discard
it?
H
This
again
comes
from
my
original
implementation,
where
I
used
a
weak
because
I
wanted
the
ability
to
have
somebody
respond
to
a
situation
manually
even
over
a
long
weekend,
while
still
capping.
The
amount
of
memory
used
a
week
seems
like
a
good
upper
bound
to
me,
but
that
could
use
some
discussion
as
well
and
finally,
there's
been
some
discussion
originally
I.
H
Think
in
the
first
version
of
the
draft
at
ETL
that
was
put
on
records
that
were
returned
was
one
second,
because
again,
there
are
some
historically
some
problems
around
the
zero
second
TTL
hooni
pointed
out
that,
particularly
in
the
Quoddy
environment,
the
the
number
of
people
that
use
quad
8
as
a
forwarder.
It
would
be
really
helpful
since
they
were
caching
where
resolvers
to
cap
it
at
something
more
like
30
seconds.
Just
so
that
you
reduce
the
amount
of
activity
that
they're
doing
in
the
presence
of
stale
answers.
H
So
I
will
point
out
that
my
general
sense
of
all
the
feedback
that
I've
gotten
from
it
I
mean
I,
know
one
point:
Tim
called
this
a
controversial
proposal,
but
my
general
sense
of
it
has
been
that
it
has
not
been
particularly
controversial
that
there
are
a
number
of
people
that
I've
generally
gotten
very
positive
feedback
on
the
idea
and
I.
Think
Warren
has
heard
the
same.
However,
there's
one
person
of
note
who
is
called
shockingly
poor
engineering
and
also
that
it
only
has
commercial
benefits
for
a
few
large
companies.
H
I
should
point
out
that
when
I
started,
this
I
was
working
for
a
large
provider,
but
that
was
not
I
mean
the
reason
it
was
brought
to
the
ITF
was
to
make
it
generally
beneficial
for
everybody.
I
am
no
longer
with
that
company
I'm,
with
a
different,
even
larger
company,
who
has
taken
absolutely
no
position
whatsoever
on
this
I
happen,
as
a
user
of
the
internet
happen.
To
think
that
this
is
the
behavior
that
I
want
out
of
the
internet,
and
that
does
add
the
resiliency
that
I
want
to
see.
H
I,
don't
see
it
as
driven
by
commercial
interest.
I'm
not
sure
where
that
comment
really
comes
from,
but
I'm
willing
to
have
it
dissected
by
others,
but
that's
definitely
not
my
sense
of
it,
but
I
bring
this
out
here
since
we
have
gotten
that
feedback
I
think
you
know
if
you're
opposed
to
the
idea,
since
I
have
generally
found
it
to
be
well
supported.
Now's
the
time
to
you
know
take
it
apart.
I
Sure
sure
Apple
I
think
this
is
a
really
good
idea.
In
fact,
we
think
this
is
such
a
good
idea
that,
independently
before
I
knew
about
this,
we
did
something
very
similar
in
iOS,
12
I
should
say
this
probably
applied
to
us
as
well.
Whoever
thought
this
was
shockingly
poor
engineering
would
probably
say
the
same
thing
and
I
do
work
for
a
commercial
company
that
sells
products
to
customers,
so
we're
definitely
aiming
at
benefiting
them.
I
We
wouldn't
do
it
otherwise,
because
a
bad
answer
is
a
dead
end,
but
if
you're
doing
connection
racing,
then
the
best
guess
now
and
a
better
guess:
half
a
second
from
now
you
throw
them
into
the
bag
of
candidates
in
you
see
which
one
succeeds,
so
that
is
already
in
iOS,
12
and
shipping.
The
one
thing
I
would
love
to
see.
If
this
draft
moves
forwards,
it
would
be
nice
for
the
client
be
able
to
signal
to
the
recursive
resolver
I,
don't
even
want
the
1.8
second
delay.
I
If
you
have
anything,
give
it
to
me
now
and
I'll
keep
the
socket
open
and
if
you
get
a
better
answer,
half
a
second
from
now
send
me
that
as
well,
because
I'll
still
be
listening
and
and
it's
a
contract
that
I'm
saying
we're
running
happy
eyeballs.
So
we
don't
need
perfect
answers.
We're
happy
with
fast
answers
and
we're
willing
to
take
corrections
later
so
I
would
love
to
see
that
yeah
I
personally,
like
that.
I
You
for
sharing
yeah
I'll,
be
very
quick,
I,
just
remembered
one
thing,
I
wanted
to
add,
but
the
other
thing
I
don't
know
if
this
is
in
some
other
RFC
I'd,
maybe
already
written.
But
if
not
as
part
of
this
document,
maybe
we
could
also
discuss
the
cache
refresh
strategy
before
a
record
expires.
Oh
okay,.
H
L
So
Andre
sorry
I
see
I,
don't
work
for
a
commercial,
big
company
and
I
think
this
is
a
good
idea.
However,
I
would
just
drop
the
options.
I,
don't
think
the
options
are
good
idea
because
they
have
like
security
implications
like
snooping
whether
the
attacker
succeeded
cutting
off
the
alternative
servers.
L
So
I
would
just
just
drop
the
options,
and
this-
and
the
second
thing
is
that
I
would
rather
not
say
for
the
seconds
and
leave
it
up
to
the
implementation
and
just
recommend
the
default
value
right
right
like
in
they
are
just
recommendations,
yeah,
so
I
just
remember
it,
but
I'd
really
read
it
in
the
morning,
but
a
fitness
like
like
it
should
be
40
seconds
and
the
last
thing
you
described
a
little
bit
unbound
strategy
in
in
some
section.
It
might
be
good
to
promote
it,
like
the
like.
L
M
Was
heard,
occur,
I,
say
a
couple
things
way:
I
very
much
support
this
draft.
My
academic
colleagues
have
recently
shown
that
you
no
longer
TTLs
greatly
limits
your
ability
to
or
greatly
helped
your
ability
under
a
service
outage
to
can
t
pop
keep
operating
without
noticing
a
problem,
and
so
that's
protecting
the
end-users,
which
anybody
that
knows
me
I'm,
always
speaking
up
for
the
end
users.
First,
because
those
are
the
people
I
care
about
the
most.
So
it's
not
just
a
commercial
opportunity.
M
This
is
protecting
end
users,
that
is
peace
with
respect
to
you,
know
the
eating
of
zero
options
and
things
that
my
first
question
is
well.
What
would
you
do
with
that
information?
If
you
got
it
and
if
you
know
you
can't
really
make
it
a
decent
justification
for
I
would
make
a
policy
decision.
Then
it's
not
worth
the
complexity
to
throw
it
in
there.
So
I'd
leave
it
out
great.
H
So
I'll
agree
on
that.
Basically,
in
that
originally
this
was
not
even
proposed
with
one,
and
then
it
was
brought
up
by
others
saying
that
they'd,
like
that
diagnostic
information,
one
thing
that
didn't
make
it
to
the
slides
but
came
up
in
discussion
at
write
in
part
because
of
this
other
feedback
was
that
what
about
systems
that
actually
Rees
are
depending
on
being
able
to
get
a
failure
answer
and
so
I
asked
the
operator
community?
Do
you
have
actually
any
systems
I'm
like
in
these
systems
that
I
have
that
monitor?
H
The
DNS,
for
example,
outages
would
still
be
detectable
completely
independent
of
you
know
whether
a
stale
answer
came
back
from
a
recursive,
resolver
and
so
I
reached
out
trying
to
find
more
evidence
of
these
systems
that
were
actually
relying
on
TTL
h3.
To
signal
something
you
know
significant
to
the
monitoring
of
the
system
and
I
have
yet
to
hear
it
back
so.
M
M
So
all
of
these
values,
you
know,
look
like
great
possible
defaults,
but
I'm
gonna
argue
that
the
value
doesn't
make
nearly
as
much
sense
in
terms
of
importance
as
listing
the
engineering
trade-offs
of
pros
and
cons
of,
why
you
shouldn't
go
to
this
extreme
and
why
you
shouldn't
go.
You
know
to
negative,
or
you
know
too
small
or
too
big,
that
that
will
help
individual
deployments
and
individual
implementations
do
the
right
thing
for
their
users.
Sure.
G
N
Hi
I'm
looking
for
mental
blocks.
If
you
go
back
to
that
slide
about
TTL
clamping
or
whatever
it
was
a
previous
slide.
By
the
way.
Very
nice
presentation
look
okay,
so
our
seat
2181
says
that
the
when
the
higher-order
better
set
it
should
be
treated
as
equal
to
zero
and
now
there's
a
proposal
that
features
as
Max
and
I
feel
it's
possible.
N
That
2181
says
it
should
be
treated
as
a
zero,
because
possibly
it
assumes
that
a
mistake
has
been
made
in
setting
the
TTL
so
high,
and
so,
when
you
set
it
to
zero,
it
means
that
whatever
is
going
to
use.
That
record
is
going
to
be
fetch
it.
Next
time
it
started
going
to
cache
it
to
something
very,
very
high,
like
for
a
very
long
period
of
time,
so
the
force
that
we
fetch
by
setting
it
to
zero
rather
than
clamping
it
to
something
high
against
us
again.
But.
H
H
N
This
is
something
that
I've
been
thinking
about
from
from
a
long
time,
because
these
ideas-
they
I,
don't
know
what
the
status
is
now,
but
these
ideas
were
originally
described
as
parented
and
so
I
don't
know
if
the
unbound
algorithm
avoids
those
patents
completely,
but
it
would
be
good
to
have
a
different
scheme
in
there
because
it
looks
just
as
good.
It
does
differ
from
your
scheme
that
it
doesn't
try
attempt
to
do
a
resolution
first,
but
still
still
usable.
B
Hi
Jeff
Giovanni
inside
the
end,
so
thanks
for
the
draft
of
it
and
we
talked
before
our
DNS
work
of
all
that's,
but
just
for
the
sake
of
your
room
here
it
folks
in
your
assets.
You
know
how
this
thing
works.
Actually,
there's
some
resolvers
already
deployed
that
in
Ohio
day,
one
of
all
the
co-authors
that
studied
at
West
mention-
and
we
found
that
on
measurements
in
the
early
this
year,
using
ten
power,
ten
thousand
right
path
of
probes.
B
We
found
that
roughly
two
hundred
already
have
serviced
tail
and
you
can
see
that
for
yourself,
if
you're
interested
in
anyway,
if
you'll
see
the
results,
I've
gotta
get
an
answer,
get
no
answer.
It
works
very
well,
so
I
think
Google
and
Open
DNS
are
already
deploying
some
versions
of
that.
Many
other
people
now
and.
O
This
is
a
Chris
from
Comcast
and
speak
up
strongly
support
of
serve
stale
I
think
it
makes
things
more
reliable
for
the
end
users
and
that's
that's
what
I
care
about
at
least
and
I
think
that
the
e
DVS
options
make
things
more
complicated
and
more
difficult
for
people
trying
to
use
the
DNS
system
and
I.
Don't
know
that
it's
warranted
in
this
particular
case,
I
think
there
may
be
better
and
other
ways
for
specific
implementations
to
provide
access
to
debugging
information
than
using
the
edu
nuts
system.
For
that.
So.
P
However,
who
is
in
the
best
position
to
know
whether
they
safe
to
serve
this
all
the
data
or
not?
And
the
answer
is
that's
the
sole
owner
and
there's
a
signaling
mechanism
for
this
that
we've
had
for
eons
and
it's
called
the
TTL
so
with
a
high
TTL.
There
is
no
problem
except
we
don't
use
those
high
t
tails
for
another
reason,
which
is
that
if
we
have
a
really
high
TTL
on
stuff,
that
stuff
will
stay
in
the
cache
for
a
very
long
time
and
it's
impossible
to
change
that
answer.
Meanwhile.
P
So,
at
the
tail
end
of
your
presentation,
you
spoke
about
cache,
refreshing
strategies
and
I.
Think
that's,
perhaps
the
better
way
of
addressing
the
real
problem
go
with
long,
T
tails,
but
have
a
stress
if
a
refreshing
data
in
the
cache
that
is
queried
for
so
that
the
long
TTL
doesn't
mean
that
we
stay
with
the
same
answer
for
two
weeks
when
it
actually
changes.
J
R
R
Basically,
we
have
to
2008
to
deal
with
once
the
TTL
and
the
other
is
how
often
things
need
to
be
refreshed.
We
do
have
enough
signaling,
well
mechanisms
potentially
signal
from
the
authoritative
to
the
recursive
server.
How
long
answers
should
so-called
stale
answers
should
be
returned,
for
it
wouldn't
be
a
major
change,
though
it
would
require
using
a
DNS
one
or
something
something
or
a
similar
mechanism
to
communicate
that
they're
quiet
that
the
recursive
server
supports
a
different
form
of
results.
Record
ownership
for
in
this
response.
H
R
R
We
can
create
a
default
from
the
clients
which
don't
just
don't
support
this
basically
they're
on
configuration
or
using
the
existing
TTL
value
to
see
you
don't
support
it,
but
we
really
should
be
giving
the
authorities
the
ability
to
say
how
long
stale
data
should
be
serve
for
as
well
as
how
often
we
should
be
refreshing,
which
is
basically
what
the
TTL
the
existing
TTL
is
doing.
It's
the
refresh
time,
as
opposed
to
especially
for
CD
ends,
as
opposed
for
as
opposed
to
how
long
to
serve.
S
Right
yeah,
so
you
might
be
fresh.
The
slides
for
that
yeah.
Look
at
that!
Just
cuz!
It's
your
old
one,
yeah.
C
L
Phil
had
to
go
because
he's
not
feeling
well,
so
you
will
have
to
it
gives
me
this
is
already
I
see
again,
and
this
is
a
continuation
of
the
experiment
we
I
did
like
last
ITF,
hackathon
and
and
this
time
bilham
took
over
and
ran
some
tests
over
your
ripe,
Atlas
probes,
testing.
The
exact
is
the
same
thing
and
we
have
some
results
to
present.
L
So
there
still
did
the
old
raft
and
neelanand
labs
wants
to
quarter
on
the
thing,
and
so
again
the
the
goal
of
the
draft
is
like
to
map
one
name
to
another,
including
they're,
all
the
subdomains.
So
it's
like
the
cname
Platini
combination,
but
not
in
the
apex.
It's
in
the
parent,
because
that
works.
The
apex
thing
doesn't
work
at
a
site
like
I
showed
last
time.
So
for
some
reason
we
use
the
domain.
C9
+
the
name
roads
before,
but
it's
not
completely
broken
via
Google
Public
DNS.
L
Now
so
it
like,
like
destroyed
all
the
results.
We
got
from
right
atlas,
so
so
we'll
I'm
registering
new
domain.
This
is
just
work,
so
we
now
tested
the
impact
of
the
caching
as
well.
So
the
the
cname
and
DM
records
had
one
our
TTL
and
we
did
the
tests
in
like
the
combinations
first
CNN,
then
dname,
then
we
waited
too
to
expire
and
then
really
the
D
name
and
then
C
name
to
see
like
in
the
our
window
to
see
how
the
cash
is
affecting
this.
So
this
is
the
result.
L
L
Only
altered
if
dns
servers
at
the
TLD
level,
which
means
also
provisioning
and
stuff
around,
is
needs
to
support
it.
And
then
this
villain
pointed
out
n
SD
already.
Does
this
as
a
slave
button
can
do
this
with
like
five
line
patch
and
it's?
It
could
be
incremented
deployed
at
TLD
levels
that
works
right
now,
because
it
doesn't
need
any
upgrade
to
the
like
whole
ecosystem,
just
just
targeted,
where,
like
it,
should
be
targeted
just
a
TTL,
these
or
other
places
where
you
like,
need
this
design,
this
type
of
delius's.
C
Yeah
I'm
back
on
this,
so
this
is
the
soapbox
are
on
that
kid
off
of
as
an
operator
who
has
hundreds,
if
not
thousands,
of
sitting
on
route,
53
I
struggle
with
this
on
a
regular
basis,
so
we're
looking
at
the
user
community.
You
know
the
problem
right.
We
need
some
fancy
ro
type
there
to
sort
of
solve
this
sort
of.
You
know
this
problem.
C
We
are
in
the
world,
we
are
living
in
the
New
World
Order
of
Elastic,
Compute,
okay,
I.
Think.
A
lot
of
us
see
this
as
a
DNS
versus
HTTP
problem.
I
see
this
as
an
elastic
compute
issue.
It's
like
this
is
all
everybody
does
now
and
we're
all
looking
at
elastic
load,
balancers
we're
all
looking
at
some
sort
of
some
sort
of.
You
knows:
fancy
CDN
thing:
I,
don't
see
this
as
some
HCP
vs.
DNS
fight
I
see
this
as
how
do
we
deal
with
this
sort
of
elastic
compute?
C
You
know
sort
of
world
order
and
and
I
don't
see
us
really
thinking
of
it.
In
that
regard,
right
and
they've
done
some
good
experiments
on
the
cname
dname
thing.
Ray's
got
a
new
draft
about
the
HCP
record,
which
looks
like
it
has
some.
You
know
very
interesting,
you
know
it's.
It
looks
like
it's
getting
some
interesting
traction,
but
you
know
I,
don't
I,
don't
think
I.
Really
we
really
care
I.
Think
we
just
need
something,
because
this
is
where
we
have
to
move
forward
on
right.
How
do
we
sort
of?
C
How
do
we
take
all
these
zones
that
are
sitting
there
and
I
know
like
route
53?
If
you
look
at
com,
it's
how
we
got
half
a
million
zones
sitting
there
right.
So
how
do
you
you
know?
How
can
I
slave
those
right?
I
can't
do.
I
can't
do
a
lot
of
fancy
things
with
them
so
and
how
do
we
get
that
transition
plan?
I'll
work
on
the
transition
plan
if
we
can
get
X
all
adhara
type
and
I
know
in
every
vendor
supports
something
different
right.
C
C
We
spend
our
support
money
on
getting
DNS
X
stuff
working
better
right
so
but
but
that
would
be
the
next
thing
we
would
do
probably
just
go
chase
that
so
so
Tony's
did
some
updates
on
a
name
draft
I
thought
they
were
sort
of
very
reasonable,
but
people
still
seem
to
have
a
lot
of
push
back
on
them.
I
know
he's
online
I'll,
just
sort
of
you
know:
I
spend
some
time
reading
this,
it's
like
cname,
but
it's
only
for
address
records.
C
You
know
we're
not
trying
to
do
anything
fancy
here
and
it's
just
behaving
if
you're
doing
basically
the
same
thing
you'll
be
doing,
Dennis
updates
it's
it's
allowing
resolvers
to
do
the
target
address
substitution,
it's
doing
dynamic,
lookups
on
demand.
If
you
want
that,
it's
it's
a
little
people
find
it
a
little
complicated
I
know
ray
feels.
It's
super
complicated
and
I.
Understand
that.
C
But
you
know:
there's
we're
trying
to
figure
out
where
to
sort
of
put
the
simplest,
like
you
know,
I
think
Ray's
comment
was
it
needs
to
get
out
of
the
recursive
Xan
into
the
authoritative
servers.
Is
that
correct
the
other
way
around?
That's
it!
That's
it.
C
But
we
all
do
feel
that
this
is
sort
of
a
you
know
we're
all
struggling
with
this
on
some
level,
but
we
see
it,
we
see
it
as
sort
of
different
fights
in
different
ways,
and
you
know
and
maybe
aims
to
complicate
it.
I
won't
ready
to
get
up
and
talk
about
its
HTP
draft
a
little
bit
so
yep
and
because
I
do
think
it's
you're
you're.
You
keep
I
think
as
we
refine
this
problem,
we're
getting
it
to
us,
something,
that's
very
simple
and
very
straightforward.
C
T
Right
now
this
is
a
put
on
the
spot
and
apologies
for
location.
The
draft
types
the
route
sooner
it
was
something
I've
been
thinking
about
for
some
time
and
I
would
hope
to
get
some
other
consoles
on
board.
Since
the
the
side
meeting,
we
had
Montreal,
but
it
didn't
happen.
So
I
thought
it
had
some
spare
time.
Saturday's,
look
fine
with
us.
Let's
get
down
and
just
write.
It
first
wasn't
just
spent
back
to
your
previous
slide
about
CNN
Plus,
D
name,
that's
as
far
as
I'm
done
completely
different
problem.
A
T
C
T
It's
more
for
the
yeah,
like
the
IV,
an
equivalence
that
was
shown
on
Andre
sliders.
How
do
I
make
this
entire
domain,
but
I
mean
so
yeah.
The
point
with
the
HTTP
record
is
that
I
think
after
the
side
meeting
we
had
in
Montreal,
there
was
I
think
a
sense
that
we
could
get
some
movement
from
the
browser
community.
If
we
were
to
go
away
from
there
so
via
record
they
they
could.
They
were
clear
that
fov
has
properties
that
they
don't
like,
don't
want.
T
T
T
They
didn't
like
the
fact.
The
port
field
is
their
priority
fields
a
little
bit,
not
so
much
for
a
problem,
but
ultimately,
yeah
I've
had
some
positive
feedback
from
some
web
people
saying
well,
if
there's
a
record
that
has
exactly
what
we
want,
then
maybe
they
can
influence
it
and
the
draft
I've
written
is
my
attempt
to
do
that.
T
It
requires
hopefully
minimal
changes
to
browsers
I
had
some
conversations
yesterday
about
people
that
say
well
what
about
long
tail
of
embedded
devices
actually
don't
think
those
are
going
to
be
the
problem,
because
this
is
primarily
to
solve
that
marketing
issue
of
I.
Don't
want
W
on
the
front
of
my
URLs
and
embedded
devices,
doing
DNS
lookups
I'm,
not
typically
going
to
be
looking
for
those
sort
of
marketing
site
type
content.
They're
gonna
be
looking
for
something
deep
down
in
the
DNS
structure,
where
this
record
is
not
necessarily
to
be
required.
T
Anyway,
you
know
they're
not
going
looking
for
apex
records
in
terms
of
the
authoritative
infrastructure.
This
requires
no
changes
whatsoever
for
provisioning.
The
our
data
looks
exactly
like
a
PTR
record
or
a
cname
record.
So
if
you've
got
to
go,
Daddy
yeah
manage
my
zone,
yet
the
changes
they
would
have
to
make
to
add
this
support
force
record
are
again
almost
negligible.
Yep
for
the
recursos
changes
are
again
fairly
small.
There
is
an
optional
requirement,
so
I'm,
sorry,
it's
at
already
the
constant
there.
T
Ability
to
allow
the
recursos
to
fill
in
the
a
and
quad-a
records
that
are
the
target
of
the
HTTP
record
in
part.
That's
there
actually
simplify
the
application
process,
because
if
there
was
mandatory
additional
section
processing
in
the
record,
then
we
wouldn't
be
able
to
through
expert
review
to
apply
for
Akio
type.
But
since
it's
optional
that
yet
we
can
deploy
it
and
they
need
asked.
Anything
then,
is
to
have
the
browser
support
it
and
I
think
hopefully
there's
some
chance.
C
Think
you
know
I
just
think
of
all
the
you
know
the
world
of
Elastic
Compute
right.
It's
like
I
just
want
some
elastic
load,
balancer
on
my
zone
and
that's
all
I
care
about
right
and
it's
gonna
move
and
change,
and
you
know
all
I
get
is
a
cname
right.
All
I
get
is
a
record
that
points
to
something
else,
kind.
T
Of
thing
Yeah
right,
yeah
I
mean
we
discussed
yesterday
the
problem
of
Amazon
or
at
53.
We
have
the
radius
record.
This
is
just
a
resource
record
as
far
as
a
purchaser
is
concerned.
If
you're
doing
geolocation,
then
this
would
work
equally
well.
These
DNS
client
subnet,
as
any
other
record,
would
yeah.
So
this
and.
C
T
T
A
T
But
unfortunately,
the
only
way
to
put
the
complexity
in
the
right
place
and
I
think
it
is
only
a
very
tiny
piece
of
complexity
is
to
have
the
browser.
Vendors
move
a
little
bit
towards
us
as
well,
but
if
we
both
move
a
little
a
little
way
towards
each
other,
we
can
fix
a
whole
lot
of
problems
of
complexity,
that
a
name
and
all
the
other
hacks
introduced.
T
C
Then
piece
and
not
just
browser
vendors,
think
of
all
the
you
know
these
elastic
things
that
are
just
API
endpoints
right
they're,
just
you
know
things
out
there
that
people
are
just
running.
You
know
you
know,
gets
and
posts
against
right.
Those
those
are
just
I
see.
Those
is
not
even
browser
vendor
stuff
right
there,
just
it's
the
endpoints
of
the
world
that
we
all
do
now
right.
C
That's
my
face:
yeah,
okay,
no
other
I
I
urge
people
to
read
race,
race
draft
because
actually
I
read
it
yesterday.
After
you
know
we
sort
of
talked
and
settled
some
hash
and
I
thought.
You
know
it's
an
interesting
way
to
look
at
it
sort
of
thing,
and
so
there's
nobody
on
that.
So
that
was
all
I
wanted
to
say,
I
think
you
know
we
really.
You
know
as
he
serves
to
keep
thinking
about
it
and
we
come
to
the
realization.
C
M
You're,
full
you
had
just
okay,
good
I'm
Wes
heard
occur,
is
a
the
the
one
thing
that
that
concerns
me
about.
You
know
the
past
attendant,
so
conversation
is
that
we
need
to
make
sure
that
we're
forward-looking
enough,
and
the
reality
is
that
this
problem
is
going
to
come
back
and
bite
us
again
in
the
future.
You
know
I
mean
it's
great
if
we
solve
it
for
HTTP
and
we
come
up
with
some
solution
works
for
that,
but
the
reality
is
I.
Don't
want
to
go
back
to
the
days
of
the
news
anchors.
C
Type
because
of
that
you
know,
because
something
else
is
going
to
come
up,
that's
going
to
replace
that
right,
like
you
know
soon,
there'll
be
an
API.
You
know
our
attack,
because
everybody's
just
gonna
do
yeah.
So
you
know,
but
yes,
it's
I
do
agree.
We
do
need
to
be
more
forward-looking
and
and
being
ready
to
react
quicker
when
we
start
seeing
the
industry
change
in
certain
ways
right
because
elasti
computers,
like
the
first
step,
but
now
you
know
like
you
know
my
employer-
is
building
these
giant
multi
substrate.
C
You
know
public
cloud,
you
know
compute
cloud
things
and
it's
like
well.
How
do
you
sort
of
you
know?
You
know?
That's
like
the
next
step
in
the
whole
generation
right
instead
of
just
doing
AWS
in
multiple
regions.
You're
doing
you
know,
Google
and
AWS,
multiple
regions
and
you're
doing
this
fancy
stuff
that
sort
of
shift
traffic
around
you
know.
How
do
you
describe
all
that
right
because
that's
gonna
be
the
next
step
in
the
whole
process?
Okay,.
R
R
R
R
C
C
Personally,
don't
like
it
house,
you
know
what
don't
you
like
about
it?
It's
it's!
It's
comedy
it's
like!
Oh,
what's
the
order
of
the
you
know
the
our
data
I've
got
to
put
the
port
in
the
priority,
or
is
it
the
priority
in
the
port
and
the
wait?
It's
like
you
know.
You
know
it's
like
wait,
I'm
trying
to
do
this
in
the
middle.
The
night
I
can't
remember
it's
like
you
know,
I'm
going
senile
and,
like
you
know,
yeah
so
I'm,
a
simple
man,
bark.
M
Wes
her
de
cría
side
channeling,
the
Good
Fairy
that
was
whispering
into
my
ear.
Rightfully
you
know
we
we
had
discussions,
we're
all
about
about
things
like
multiple
responses
and
ways
of
including
additional
information,
so
that
all
those
round
trips
kind
of
go
away
and
you
get
the
right
information
that
seems
like
it
would
kind
of
help.
In
this
scenario,
and
to
a
great
extent,
no.
C
C
J
T
F
I
did
that
up.
I
did
that
on
purpose
you're,
the
only
one
who
calls
me
mister,
so
so
for
those
of
you
who
who
have
forgotten,
we
had
RFC
78
1/6,
which
was
how
to
do
Q,
name,
minimization
or
query
minimization,
whatever
you
want
to
call
it.
That's
been
out
for
a
while.
That's
an
experimental
document
that
was
from
Stephan
Ward's,
Mayer,
I
taught
just
fun
at
a
previous
IETF
I
said:
look,
let's
get
this
out
of
experimental.
F
Is
you
set
the
cue
tight
to
NS
and
you
use
the
the
once
little
shortened
name,
one
of
the
problems
with
QA
minimization,
and
reason
why
the
working
group
made
it
experimental
the
first
time
around
is
this
doesn't
always
work,
some
load
balancers,
getting
away
some
middle
boxes
getting
the
way
you
might
get
back
an
obviously
wrong
answer.
So
that
leads
us
to
the
changes
we're
gonna
make
in
the
RFC,
so
it
will
be
standard
track.
That's
our
current
planning!
The
working
group
can
always
reverse
that,
but
we
figured
the
experiment
has
worked
pretty
well.
F
We
want
to
talk
about
how
specific
resolvers
have
implemented
this,
especially
about
the
fallbacks.
We
might
list
more
fallback
from
that
list.
Less
we
might
hopefully
get
some.
What
would
be
optimal
is
one
of
the
resolver
vendors
say
we
did
queue,
name
minimization
with
this
kind
of
fallback
and
that
fallback
sucked.
For
this
reason,
so
now
we've
switched
to
another
one.
We
would
love
to
have
negative
examples,
because
the
fallback
stuff
gets
very
complicated,
but
we
will
come
up
with
more
discussion
of
fallbacks.
F
We
might
even
have
a
recommended
one
getting
a
recommendation
out
of
this
working
group
when
we
don't
have
any
empirical
evidence
is
sort
of
hard.
On
the
other
hand,
queue
name,
minimization
is
something
is
very
easy
to
test,
so
the
research
folks
in
the
room
might
even
start
running
some.
Let's
do
it
with
this
fallback
and
now
run
over
the
same
queries
again
with
this
different
fallback,
and
do
that
that
that
would
be
very
cool.
F
The
current
way
that
the
dot
that
RFC
781
six
was
written
really
was,
since
he
knew,
was
gonna,
be
experimental.
He
made
it
experimental
throughout
and
since
we're
going
for
not
experimental,
we'll
sort
of
rip
that
out
and
then
so
what's
next
is,
we
would
love
more
view
on
it.
We
especially
want
review
from
any
implementers
who
did
QA
minimization
and
their
current
resolvers.
F
We
again
not
just
we
did
this
and
it
worked.
We
would
love
to
hear
we
did
this
and
it
didn't
work
or
we
did
this
and
it
wasn't
clear
that
was
gonna
work,
so
we
did
something
else.
That
kind
of
thing
would
be
very
valuable
for
this
document,
since
we
know
that
the
protocol
that
we
are
proposing
doesn't
work
all
the
time.
We
want
a
document
that,
in
the
end,
will
be
convincing
to
somebody
to
say:
I
should
implement
this
this
way,
because
it's
going
to
you
know
give
the
best
benefit.
F
Qa
minimization
is
really
what
is
helping
now
we
would
love
to
get
that
as
good
as
we
can,
because,
quite
frankly,
even
if
deprive
comes
out,
the
deprived
working
group
comes
out
with
a
way
of
doing
encryption
between
the
authoritative
and
the
recursos,
not
everyone's
going
to
implement
that
there
will
definitely
be
authoritative.
Who
will
go
like
you
know
what
this
is
too
much
effort
for
us
or
whatever,
so
to
name
minimisation
also
gives
privacy
its
orthogonal.
So
far,
it's
worked
out
pretty
well.
F
So
that's
where
we're
at
well
we'll
do
another
draft
before
the
end
of
the
year,
but
not
one.
That's
like
anywhere
near
done.
The
more
we
hear
from
you
folks
and
we
would
love
to
hear
on
the
list.
We've
been
getting
a
few
little
private
notes,
saying
things
on
the
list
gets
it
so
that
the
other
vendors
can
look
at
and
say.
Oh,
we
have
that
problem
too
or
oh.
We
didn't
have
that.
So
that's
it!
C
C
F
L
A
U
U
U
F
Are
there
research
or
research
you
type
people
in
the
room
who
are
looking
for
a
cool
thing
that
you
can
do
that
would
have
reproducibility
we're,
not
we're
not
big
on
that
in
this
world.
But
this
is
a
perfect
one
where
you
could
have
reproducibility
so
yeah,
be
careful
of
it
statement
like
that.
It's
DNS
really
I'm,
sorry,
better
reproducibly
than
what
we're
used
to
great
thanks.
V
Romans
and
from
yet
another
implementation,
we
enabled
canonization
by
default
quite
some
time
ago
and
it
seems
to
work
I
didn't
realize
you
were
by
default.
Yes
thank
you
and
it
seems
to
work
with
the
full-backs.
We
have
some
had
to
share
on
how.
F
F
F
This
one
is
getting
a
lot
of
changes.
The
previous
one
was
like
okay,
let's
just
take
from
experimental
standard
we're
now
that
we
have
a
lot
of
experience
with
7706,
which
is
about
running
a
root
server
on
localhost
blah-de-blah.
We're
get
we've
gotten
a
lot
of
responses
from
people
saying
I
liked
that
idea.
F
I
did
it
sort
of
differently
we're
sort
of
means
massively
sometimes
cryptically
so
and
such
like
that,
so
for
this
document
we're
actually
trying
to
match
current
reality,
which
is,
as
we
were
in
the
last
argument,
but
we're,
but
that's
taking
a
larger
step.
Also,
people
are
saying
this
is
working
so
well,
but
since
the
last
one
was
full
of-
please
don't
do
this,
which
we
put
in
because
some
people
are
like.
Oh,
this
is
gonna,
be
terrible,
and
yet
a
lot
of
people
are
using.
F
F
One
of
the
main
things
that
we've
heard
is
because
the
original
document
said
you
had
to
run
the
route
server
on
localhost
and
a
and
yet
one
of
our
major
examples
didn't
run
it
on
localhost,
oops,
I'm,
sort
of
bad,
when,
like
your
major
example,
doesn't
match
the
title
of
the
document,
so
we
are
changing
that
to
talk
about
running
on
the
same
host
and
Rea
stay
seated.
You
come
up
on
the
next
slide.
F
There's
been,
there's
been
a
lot
of
agreement
that,
in
the
implementations
that
were
like
this,
they
didn't
have
to
run
on
localhost.
They
could
just
run
on
the
same
server.
All
of
our
examples
are
now
badly
out-of-date.
I.
Think
almost
everybody
I
know
from
ISC
has
pointed
out
that
the
ones
that
we
have
are
are
you
and
we
shouldn't
be
talking
about
AOL
and
stuff
like
that
and
okay.
F
F
But
the
idea
here
is
that
if
you
are
going
to
be
wanting
a
copy
of
the
local
of
the
root
zone
on
your
local
server
and
you're
doing
you
know
the
one
thing
that
we
emphasize
in
7706
is:
if
you're
doing
DNS
SEC
validation,
you
could
get
that
from
anywhere.
You
could
get
it
from
a
chocolate,
it's
hard
to
do
a
copy
of
the
root
zone
on
chalkboard,
but
you
could
get
it
from
many
places.
F
You
don't
need
to
get
it
from
the
small
list
that
we
gave
you
in
the
document
and,
in
fact,
for
people
who
remember
how
7706
came
about.
We
actually
were
listing
more
services
that,
where
you
could
get
the
root
so
that
ended
up
in
the
RFC
we
actually
ripped
a
few
out
at
the
last
moment.
Since
then,
more
people
are
saying:
I've
got
this
some
of
the
implementations
out.
They
were
doing
different,
so
we
have
a
lot
of
work
to
do
so.
F
One
of
the
questions
that
we
need
to
answer
that's
been
on
the
list
in
the
last
couple
weeks
is
whether
that
root
server
that
we're
talking
about,
has
to
be
on
the
local
machine
and,
if
not,
are
all
the
response
is
going
to
be
the
same.
That's
a
pretty
controversial
discussion.
We
don't
need
to
have
it
Mike
today,
but
I
I
want
ready
to
bring
it
up
because
you
were
the
one
who
had
been
advocating
for
this.
F
We
also
want
to
make
the
use
cases
clearer
because
we
got
boxed
into
a
title
on
470
706,
which
is
wrong
about
localhost,
but
it's
also
wrong
about
why
some
people
want
this.
We
said
for
speed,
but
in
fact
most
of
the
people
we
talked
to
say
you
know
what
two
extra
milliseconds
isn't
a
big
deal,
but
we
want
it
for
stability.
That
is,
if
the
root
zone
that
we
are
talking
to
right
now
is
under
attack,
or
you
know,
we've
been
cut
off
by
it
and
something
like
that.
F
We
want
this
so
that
the
responses
are.
You
know
that
we
we
have
a
more
stable
connection
to
the
root
zone
information,
so
we
need
to
reword
a
lot
of
stuff
to
match
that
what
we
don't
have
in
7706,
because
we
were
boxed
into
this-
is
what
if
this
fails,
you
obviously
want
to
start
talking
to
the
real
root.
F
Again,
we
don't
talk
about
that
nearly
as
much
as
we
should
from
7706
we're
going
to
need
to
be
adding
to
do
this
humorously,
it's
a
little
bit
hard
to
tell
that
because,
for
example,
some
resolvers
will
have
two
or
three
of
the
per
thirteen
routes
ready
to
go,
and
so,
if
you're
talking
to
one
of
them
and
you're
not
hearing
anything
back,
that
doesn't
mean
you
need
to
completely
fall
back.
That
means
you
should
go
to
another
one
such
like
that
there
will
be
a
lot
added.
There
I
think
we're
that
will
be.
F
W
N
I'm
looking
so,
firstly,
what
this
graph
proposes
is
a
fine
idea.
It's
good
to
have
so
the
number
of
resolvers
will
probably
in
this
age
of
DNS
SEC.
We
want
more
resolvers,
closer
resolves
that
are
closer
to
you,
so
that
you
can
trust
the
answers
you're
getting
from
the
resolvers.
Now
this
idea,
I,
don't
know
if
how
well
it's
going
to
scale,
because
if
every
resolver
is
going
to
run
this,
then
every
resolve
is
going
to
need
a
copy
of
the
root
zone.
Also,
I
see
a
DNS
enthusiast
running.
N
Something
like
this
and
I
also
see
a
large-scale
DNS
operator
like
a
Public
DNS
servers
running
this,
but
I
don't
see
a
something
like
a
school,
for
example,
which
is
running
off
the
shelf.
Resolver
running
something
like
this,
because
this
also
the
draft
also
recommends
that
this
needs
to
be
managed
and
tested
that
the
root
services,
the
root
zone,
is
updating,
properly
etcetera
so
and
also
things
like
CPE
machine
CP
appliances,
I,
don't
know
if
they
will
it'll
be
possible.
They.
N
Yeah,
so
there
are
other
ways:
I
think
where
something
of
this
sort
can
be
achieved.
There
are
there's
more
resilience
for
accessing
the
root
servers
and
I
want
to
bring
retention,
an
idea,
but
Paul
vixie,
which
is
to
have
a
root
server.
Ip
address
flying
some
running
on
something
like
a
a
s11
to
service,
where,
basically,
anybody
can
host
a
root
server
and
your
I
speak
and
host
a
root
server
and
so
just
resilience
there,
and
you
can
replicate
exactly
this
draft
in
the
same
way
by
Arnall.
Exactly.
F
N
Could
have
a
copy
of
the
root
zone
on
one
of
those
something
similar
to
a
black
hole,
dot
Ayana
address
on
your
local
local
network.
If
you
want
them
and
validate,
it
will
be
just
any
other
root
server,
but
the
advantage
there
is
that
you
don't
have
to
touch
resolvers
like
existing
resolvers
will
work
with
such
a
as
long
as
you
update
the
hints
file
existing
in
gazzola's
right.
F
H
M
Wesford
occur,
I,
say
I'm
glad
to
see
this
is
going
forward
as
a
standard
track
document
I
think
it's
it's
well-earned.
It's
it's
right
to
do
so
and
that
we're
removing
all
the
barriers
to
actually
being
able
to
use
it
that
we're
the
wording
that
was
stuck
into
the
first
ones
a
couple
of
things.
You
know
the
whole
issue
of
whether
it
should
only
run
on
localhost
or
you
know,
private
address
space
or
maybe
in
a
resolver.
You
know
that
the
I
think
the
bigger
thing
is
might
be
to
state
what
you
shouldn't
do
right.
M
M
The
so
you
mentioned
local
route,
so
I
appreciate
your
advertising.
That
I
have
been
running
that
I
won't
describe
it
here,
but
if
you
go
to
local
route
is
a
edu,
it
gets
spits
out,
bind
config
at
the
moment
and
helps
you
walk
through
doing
this.
If
you
want
to
do
it
locally,
one
thing
that
I
will
mention
is
I
mentioned.
I
gave
a
presentation
both
at
and
ESS
this
year
in
the
privacy
of
the
DNS
privacy
workshop
and
a
map
Margie
earlier
this
year
in
March.
M
If
you
wanna
go
back
and
look
at
the
archives,
where
I
showed
between
these
two
drafts
right
had
one
on
on
7706
and
the
previous
one
was
on
query.
Minimization
I
showed
that
this
is
more
secure.
It
gives
you
more
privacy
to
do
this
than
it
does,
because
I
I
succeeded
in
doing
timing,
analysis
and
some
other
attacks
against
stuff
that
query
minimization
wouldn't
help
you
with
I
had
forgotten
that
paper.
Can
you
make
sure
to
send
it
to
me,
because
that
certainly
should
be
in
the
references
yeah.
M
Happy
to
so
and
there's
multiple
presentations
about
it
as
well.
The
other
thing
to
note
is
that
there's
there's
been
significant
support
when
I
was
implementing
local
route.
You
know,
I
was
advertising
to
various
routes.
River
operators-
hey
I,
want
to
do
this.
You
know
who
supports
transfers
a
number
of
route
server
operators
turned
on
transfer
support,
specifically
in
support
of
7706
and
I.
Think
that
that
alone
is
a
testament
to
this
is
possibly
a
good
idea
to
really
help
decrease
the
load
on
the
routes.
Right
thanks.
L
L
The
development
of
the
local
copy
of
the
read
zone,
which
you
will
be
in
bind
9.14
and
we
actually
call
it
mirror
zones
and
it's
not
limited
to
the
route
right.
So
I'm,
not
sure
if
this
should
be
specified
in
the
document,
but
is
one
of
the
things
that
I've
been
already
approached
by.
Thank
you
right
about
about
doing
this
for
a
TTL,
D
level,
yeah.
F
L
X
Fact,
I
I
using
an
NST
and
unbound
I'm,
mirroring
arpan,
a
dirt
okay,
turquoise
right,
which
are
both
slave
able
and
signed
and
pretty
busy
yep
act
is
something
came
up
in
Barcelona
about.
Oh,
you
can
get
your
zone
from
anywhere.
You
know
that
it
is
true,
but
you
don't
know
that
it's
you
don't
know
whether
it's
Dale,
right
and
and
I
forget.
Do
you
say
anything
about
that?
We.
F
Don't
say
anything
here:
we've
been
hearing
that
a
lot
of
I'd
like
to
get
my
root
zone
from
somebody
who
I
have
a
service
level
agreement
with
you
know
something
like
that,
so
that
and
possibly
to
get
updates.
I
mean
one
of
the
things
on
that
is
that,
like,
for
example,
wes's
service
sends
out
updates
yeah.
F
X
X
Z
F
Them,
but
it
doesn't
support
them
in
this
document.
In
this
document,
we
want
the
resolvers
to
be
getting
answers
that
look
like
an
answer.
They
would
have
gotten
from
the
root,
especially
if
they
need
to
fall
back.
We
don't
want
all
the
sudden,
the
you
know,
one
of
the
bits
in
the
header
to
change.
We
want
it
to
all
be
yes.
This
is
just
like
I'm
talking
to
the
rib
and.
Z
F
U
There's
no
check
season
think
it's
funny,
because
I
have
basically
the
same
comment.
I
would
like
the
document
to
be
less
restrictive
because,
for
example,
not
resolver,
we
have
implementation
of
something
which
is
definitely
not
sound,
so
no
x6.
What
is
doing
the
same
is
going
the
same
direction,
doing
basically
the
same
service
for
the
user,
but
is
completely
different
implementation.
U
Okay,
so
I
think
that
most
value
of
the
document
is
in
saying:
okay,
don't
do
this
because
it
will
break
this
or
do
never
ever
do
this
and
always
do
this
and
something
in
the
middle
all
right,
yeah,
so
I
think
that
prescribing
how
it
should
be
implemented
like
doing
zones
and
their
own
zone.
Sir
sorry
once
again
doing
zone
transfer,
why
I
mean
maybe
I'm
getting
this
one
from
BitTorrent
or
right,
I.
F
Okay,
but
but
the
question
that
ralph
was
asking
I
think
that
what
you're
saying
is
is
also
that
you
as
a
resolver,
how
do
you?
How
do
you
respond
to
things
like
that?
Maybe
we
even
loosen
up
on
that,
but,
like
I,
said
I
would
want
to
see
specific
recommendations,
saying
if
you
do
it
this
way,
these
bits
are
gonna
change
and
that's,
okay,
because
I
certainly
remember
us
having
this
argument.
The
you
know
before
7706
of
whatever
you
do
has
to
look
bits
for
bit
in
the
responses.
Maybe
that's
not
the
cases
and
yeah.
D
D
F
J
U
So
answer
for
Tony
Finch
V.
If
we
have
explored
this
idea
to
basically
walking
through
the
root
zone
into
notice
over-
and
we
found
out
it's
it's
way
more
efficient
to
get
the
zone
in
in
bulk.
It's
like
one
tenth
of
the
packets
or
between
Newt,
and
so
it's
more
efficient
and
I
mean
why
not
it's
just
easier
to
implement
as
well.
Okay,
right
thanks
and.
D
Yeah
since
I
was
in
there,
I
was
gonna,
just
throw
one
more
comment
from
me:
Daniel
and
that
Paul
I
would
just
say
for
people
to
be
aware:
I
think
the
ICANN
meeting
in
the
DNS
SEC
workshop
and
others.
This
is
also
what
some
of
the
people
there
were,
calling
hyperlocal
root
hosting,
or
so
they
had
a
name
like
that.
Hyperlocal.
F
Is
a
phrase
that
we've
been
throwing
around
I
can
for
something
like
this,
but
we
actually
haven't
like
put
it
out
to
the
community.
Yet
so
we
aren't
saying
this
is
like
hyperlocal.
Hyperlocal
looks
somewhat
like
this,
but
so
does
West's
thing
until
we
actually
fix
that
with
the
community.
We
don't
want
to
be
using
that
term.
Okay,
yeah
thanks.
AA
AA
AB
D
C
Get
people
to
read
the
HDP
draft
and
see
if
we
can
sort
of
focus
in
a
good
direction.
I
I,
don't
think
there's
a
real
resolution
other
than
we've
got
to
keep
sort
of
narrowing
that
sort
of
getting
this
getting
it
down
to
a
simpler
and
simpler
problem
that
we
can
sort
of.
You
know
much
like
surf
stay,
aware,
the
more
where
you
remove
this.
It's
like!
Oh
this.
This
looks
great.
You
know,
sort
of
favor,
okay,.
C
Tastes,
yeah
I
think
Amy
needs
some
need,
some
better
more
reviews
and
I
think
people
need
to
sort
of
look
at
the
HDP
and
kind
of
you
know.
Let's,
let's
look
at
those
and
West's
idea
of
we've
got
to
make
sure
we
don't
bind
ourselves.
You
know
going
forward
as
well.
You
know
we
have
to
solve
the
backward
problem.
We
have
to
solve
the
forward
problem
too.
Okay,.
U
C
J
Y
Y
So
the
background
to
this
is
yeah
it's
about
blockchains
and
connecting
blockchains
to
the
dns
or
other
distributed
Ledger's,
because
people
don't
like
to
say
globe
chance
anymore,
because
it
doesn't
look
like
business,
so
those
those
distributed
Ledger's
typically
use
addresses
to
identify
resources
which
look
like
yeah,
that
string
on
the
on
the
first
volunteer
so
and
and
there's
there's
a
little
bit
of
problem
with
recent
ability
with
those
addresses
because
well
first,
they
are
not
human
readable.
Yes,
it's
quite
here
and
those
addresses
also
make
identification
of
the
actual
distributed
nature.
Y
They
are
on
in
most
cases.
So
you
have
no
idea
whether
that
bitcoin
address
or
sovereign
address
or
whatever.
So
that's
definitely
a
combination
of
usability
and
an
interoperability
problem,
and
if
you
ever
saw
on
your
computer,
something
like
on
the
other
bottom
right,
it's
actually
quite
hard
work
to
type
the
address
on
the
different
computer
to
finally
get
access
to
it,
data
again
or
not
yeah,
so
that's
not
really
suitable
for
identification
and
it's
not
practical
either.
So
we
are
the
NS
people
sort
of
first
bite.
Y
Reflex,
of
course,
is
well,
let's
put
it
into
the
DNS
yeah,
so
it
does
connected
with
a
human
friendly
name,
it's
globally
available.
So
it's
quite
the
first
thing
that
people
think
about,
especially
if
they
work
in
the
DNS
industry
and
then
it
turned
out
well
how
we
do
that
exactly
so
so
do
we
do
it
as
a
txt
record.
Y
Do
we
look
at
the
dedicated
are
our
time
for
this,
or
could
we
like
create
a
new
class
where
we
put
all
the
distributed
lectures
into
a
block
class
or
whatever,
and
also
how
does
the
owner
name
of
the
those
records?
The
host
name
structure
looks
like
so,
and,
of
course,
an
important
consideration
to
this
is
that
we
have,
of
course
the
exhibit
a
the
poor
but
still
smiling
camel.
Y
So
having
considered
that
we
looked
at,
how
can
we
make
that
connection
between
the
decentralized
identifier,
Zinta
TNS,
in
a
way
so
that
it
has
at
as
little
impact
as
possible
on
the
dns
camo?
Let
me
put
it
that
way
and
fortunately
there
is
ongoing
work
in
the
in
the
wc3
right
now
it's
in
a
community
group,
but
as
I
understand
it's
upgraded
to
working
group,
which
has
created
the
definition
of
a
URI
scheme.
That's
called
EIT
decentralized
identifier,
which
is
a
hierarchical
scheme
and
allows
you
to
add
addresses
for
distributed
lectures
into
a
URI.
Y
That
was
definitely
solved.
The
problem
of
interoperability
because
now
it's
very
easy
to
actually
identify
which
distributed
ledger.
A
certain
address
is
contained
in
still,
it
doesn't
really
serve.
The
usability
problem
because
that's
still
like
nothing,
that's
really
human
readable
so
but
fortunately
there
is
some
work
that
came
out
of
very
late
stage
of
the
enum
work.
If
you
still
remember
that
which
is
the
DNS
URI
RR
type,
so
we
got
a
URI
scheme
for
those
addresses.
Y
Y
We
started
putting
this
together
into
a
draft.
That's
the
name
of
the
draft
and
that's
essentially
the
one-line
hello
world
example.
So
we
did
define
under
Scotty
ideas,
an
owner
name
and
as
easy
as
that,
it's
classical
your
ID
and
s
are
our
type
with
the
distributed
identifier
as
a
content
of
the
record
and
and
looking
at
this
from
the
point
of
the
camel
load.
If
you
want
to
put
it
that
way,
we're
actually
quite
good.
So
we
reset
with
the
existing
RR
type.
Y
We
also
for
the
mapping
from
an
email
address
to
a
distributed
ledger
address,
there's
something
in
RS
c
7
9,
20
9,
which
is
staying
for
an
open
PGP,
it's
experimental,
but
essentially
it
creates
a
a
hair
out
of
the
email
address
and
uses
that
as
an
owner
name.
So
we're
using
that
as
well.
It's
also
also
in
our
RC
and
for
the
service
parameter
for
the
underscore
D
ID.
There
is
actually
an
existing
IANA
registry
that
registers
those
names.
Y
However,
that's
where
we
actually
ran
into
a
pro
problem
and
that's
why
we
started
the
draft
in
the
first
in
the
first
place,
because
an
entering
the
IANA
registry
requires
either
a
protocol.
That's
sort
of
like
connected
to
port
number,
yeah,
TCP
or
UDP
port
or
an
enum
service,
and
the
thing
that
we
are
trying
to
achieve
doesn't
fall
in
either
of
those
two
categories.
So
the
current
boilerplate
solution
to
that
is
that
we
are
saying
we
are
updating
the
TNS,
your
URI
RR
type,
to
allow
a
cert
category.
Y
Y
Y
Uri
are
archived
and
thank
you
out
and
and
resolve
the
actual
resource
on
the
distributed
nature.
So
running
code
is
what
was
actually
very
simple,
because
it's
pretty
straightforward.
It
didn't
require
any
changes
on
the
DNS
infrastructure
of
the
of
the
host.
That
runs
the
universe
with
resolver.
You
just
need
to
parse.
The
TNS
are
our
type
so.
Y
The
question
is:
how
do
we
proceed?
I'm,
not
really
super
happy
with
the
idea
of
updating,
RFC
7
5
5
3,
so
the
easiest
would
be
if
we
could
sort
of
like
add
a
protocol,
independent
string
into
the
service
parameter
registry,
and
so
I
went
out
to
ask
Ayane
about
this
and
and
I
just
got
the
information
today,
because
I
I
didn't
look
at
the
email
at
the
right
point.
Y
I
Anna
went
out
to
the
experts
who
actually
rounded
registry,
and
they
said
well,
it's
neither
service
parameter
nor
an
enum
service,
but
they
are
also
not
sure
whether
updating
the
definition
of
that
RS
is
the
right
thing.
So
the
next
next
part
is
like.
We
are
going
to
talk
to
the
transport
area
directors,
because
the
service
parameter
registries
under
their
wings.
So
I've
asked
the
area
directors
to
talk
to
have
talked
with
them
about
that.
The
question
is:
what
do
we
do
with
the
draft?
Y
Actually,
the
reason
why
the
draft
exists
is
because
we
need
to
like
squeeze
in
that
service
parameter
into
the
search
parameter
registry
or
get
that
name
allocated
for
what
we
are
trying
to
achieve.
Otherwise,
it's
like
pretty
transparent,
it's
just
an
application
of
the
unis
yeah.
So
my
question
to
the
group:
how
shall
we
proceed
with
the
document?
Is
it
interesting
to
the
community
I
know
it's
a
little
bit
farther
away
from
the
typical
TNS
of
stuff,
unusual
and
I'm
going
to
talk
again
about
it
tomorrow.
It
is
decentralized,
Internet,
infrastructure,
research
group.
AC
Jmeter
I
think
it's
a
good
idea.
I
think
we
should
try
to
move
forward
with
the
Alex
I'm
kind
of
having
flashbacks
are
some
problems
back
to
the
enum
days
before
there
was
an
attempt
we
try
to
do
about
10
years
ago
to
get
a
take
chord
assignment
done
or
something
similar
that
service
parameter
or
arena
me
service
done
for
terminating
calls
and
that
run
into
trouble
with
the
iterates
all
the
time.
AC
So
they
refused
to
actually
do
that
for
us,
even
though
we
have
I
use
keys
for
it,
so
I
think
a
conversation
with
the
transporter
actors
of
theater
in
charge
of
this
I
am
outraged
to
think
that
a
very,
very
good
thing
to
do
and
I
think
if
you're
going
to
do
that,
please
be
careful
how
you
articulate
this,
so
this
could
understood,
there's
a
genuine
need
for
it.
Just
in
case
there's
a
misunderstanding
and
then
you
repeat:
the
mistakes
we've
been
through
all
those
years
ago.
Thanks
thank.
F
So
this
presentation
won't
use
the
word
blockchain,
so
the
draft
name
just
in
case
you
want
to
look
at
it
notice.
This
is
still
a
draft
individual
draft.
So
a
couple
months
ago,
someone's
saying
gosh,
someone
should
have
a
registry
so
that
we
know
what
all
these
underscore
labels
are,
and
the
working
group
chair
said
well,
who
wants
to
volunteer
and
I,
put
up
my
hand,
and
they
said
okay,
so
I
published
a
0-0
and
it's
a
pretty
incomplete
0-0,
but
I
thought
you
know.
F
F
Remember
not
all
special
labels
are
have
an
underscore
and
not
all
special
labels
exist
on
the
far
left
hand,
side,
and
the
reason
why
this
registry
is
useful
is
that
if
you
write
a
resolver,
if
you
write
any
of
the
things
that
need
to
know
about
a
special
label-
and
you
are
smart
enough
to
actually
look
at
this
registry
you're
likely
to
trip
over
other
things
that
you
wish
you
had
known
about
at
other
times,
I
mean
this
is
really
one
of
the
real
good
uses
or
registry.
It's
not
like
you're
gonna.
F
F
You
know
if
people
want
as
a
working
group
item,
it's
fine
I,
don't
actually
start
listing
them
all.
There's
lots
of
holes
there,
but
I
just
wanted.
You
know
enough.
People
said:
oh,
that
would
be
nice
if
we're
I
wanted
something
where
people
can
say.
Yes,
I
want
it
like
that,
or
you
know
what
I
was
just
sort
of
blabbing
about
what
I
wanted
someone
else
to
do.
We
don't
really
care.
That's
it.
F
F
AC
U
F
AE
Our
primary
aim
is
to
sort
of
kick
off
press
restart
some
work
on
young
data
modeling
of
this
DNS
stuff,
and
we
would
like
to
show
some
running
code
as
soon
as
possible.
We
have
been
working
on
something
and
better
got
some
preliminary
results
during
the
hackathon
last
weekend.
So
maybe
we
thought
it
would
be
useful
to
start
with
the
information
how
about
the
direction
where
this
could
lead
to
potential?
Listen.
U
Thank
you
so
short
intro.
Basically,
the
known
problem
is
right:
every
single
DNS
server
has
different.
Configuration
is
nightmare.
If
you
have
multiple
implementations,
there
were
couple,
there
were
attempts
in
the
past
to
standardized
it
went
horribly
and
there
was
nothing
which
actually
worked
during
this
hackathon.
We
spend
some
time
on
actually
coding,
so
we
have
running
code
which
can
configure
or
pet
and
delete
so
and
I
to
be
precise,
pint
and
SD
and
not
DNS
using
the
same
API.
It
seems
that
the
idea
itself
is
fine.
U
It's
not
that
hard
to
implement
and
basically
the
hardest
part
is
the
configuration
API
in
the
DNS
server.
So
it's
basically
yank
arrest,
cornet,
convict
and
ignore
that,
because
the
implementation
problems
are
in
the
configuration
API
switch
are,
you
know,
can
be
used
for
anything.
Even
if
we
ignore
all
the
upper
layers
in
the
protocol
stack.
So
the
takeaway
is
yeah.
It
seems
that
it's
fine
idea,
it
works,
and
this
draft
is
super
basic
building
block
and
we
actually
have
more
running
code
than
the
draft
describes.
That's
what
I
want
to
say.
AE
This
can
be
discussed,
but
we
thought
that
the
other
registries
may
be
useful
only
for
very
special
purposes,
and
some
of
them
perhaps
are
pretty
much
useless
at
at
this
moment.
So
we
only
did
the
first
two,
and
so
the
result
is
this
yang
module
that
contains
derive
yang
types
for
those
two
registries,
DNS
classes
and
are
our
types,
and
the
idea
is
that
this
will
only
be
an
initial
revision
of
the
module
and
later
on,
it
will
be
maintained
by
iana.
AE
So,
each
time
the
registry
is
changed,
new
entries
at
it
Anna
will
also
update
this
module,
so
it
will
be
then
completing
maintained
by
Ayane,
and
the
draft
contains
instructions
about
how
to
do
that.
Ayana.
I
in
the
IANA
configurations
section
now
about
the
design
of
the
type.
So
basically
it
were
the
same
for
for
DNS
classes
and
RR
types.
This
is
an
example
for
for
our
types,
so
first
we
define
a
derive
type
that
just
mirrors
the
IANA
registry.
AE
It
means
it
gives
the
names
of
as
in
arms
as
yang
in
arms,
all
the
names
mnemonic
range
of
our
our
types,
also,
the
value
that's
specified
in
the
registry
and
the
description
and
a
reference.
That's
there
as
well.
So
this
goes.
This
is
quite
long
animation
and
contains
all
the
types
that
are
in
the
registry,
and
then
we
define
a
second
derived
type.
AE
There
are
other
IANA
registries
related
to
DNS
contained
in
a
number
of
IANA
documents,
and
each
of
the
documents
contains
one
or
more
registries.
In
this
case,
all
of
these
registries
are
sort
of
focused
so
that
it
makes
sense,
probably
to
create
yang
modules
for
a
yang
module
for
each
of
these
of
these
topics
covering
one
or
more
registries,
if,
if
necessary,
so
that's
what
people
want
to
do
in
in
the
near
future.
AE
L
This
is
on
red
I,
see,
I
didn't
get
one
thing
from
the
from
the
draft.
Who
will
be
doing
this
update?
So
if
I'm
writing
draft,
if
you
preserve
the
core
type
after
this
is
in
effect,
will
it
be
my
responsibility
to
edit
like
to
Diana,
section
or
Ayana
will
do
this
automatically,
so
it
will
be
more
evolved
for
Ayane
or
like.
AE
I
think
this
is
explained
in
the
Ayane
consideration
section
and
we
have
a
good
example
of
a
similar
registry,
mainly
Ayane
interface
types.
This
document
has
been
its
RFC
I,
don't
know
the
number,
but
it's
the
idea
is
that
IANA
will
maintain
this
module,
so
this
module
will
never
be
updated
manually
and
after
an
entry
is
added
to
the
registry,
IANA
will
be
responsible
for
updating
the
module
in
the
way
that's
indicated
in
the
eye
on
our
consideration
sections,
so
it
means
adding
a
new
enum
for
away
all
the
power
so.
AE
I
AF
M
Thank
you
Wes
her
degree,
I,
say
I
think
this
is
definitely
a
good
thing
to
go
forward
and-
and
you
know
the
more
we
have
structs
and
enums
available
to
us,
the
more
likely
code
will
get
written.
That
being
said,
there
have
been
other
implementations
in
the
past,
both
in
and
and
other
management
protocols
that
failed
to
get
off
the
ground.
So
it's
great
that
you
got
work
done
in
the
hackathon.
I
will
point
out
RFC
61
68,
which
is
a
management
considerations
for
DNR
what
it
stands
for.
J
C
S
K
F
Hi
this
is
also
individual.
This
is
also
not
clear
that
is
coming
to
this
working
group.
So
I
talked
about
that
on
the
last
layer.
I
want
to
be
clear:
I'm
not
asking
for
this
to
come
to
the
working
group.
I'm
just
alerting
people
about
this,
because
it's
new
since
the
last
meeting,
so
one
of
the
things
that
people
had
asked
for
since
dough
became
RFC
84-84
and
no,
we
didn't
ask
for
the
magic
number
was
a
use
case.
F
That
is
a
browser
web
application
that
is
going
to
be
a
doe
client
that
actually
wants
to
use
the
same
resolver
that
the
operating
you
know
that
the
operating
system
is
using.
So
I
want
to
be
clear.
We
don't
know
yet
how
browsers
are
going
to
use,
though
there
are
browser
folks
here
in
the
room
and
by
the
way,
just
before
we
do
the
US
versus
them
thing
again.
Oh
I
wish
the
browser,
vendors
would
come
and
stuff.
F
This
might
be
of
use,
and
if
it's
implemented
it
would
probably
be
in
the
UI
of
the
browser's,
but
we
don't
know
how
the
browser
UI
for
dough
is
going
to
look
like
either.
This
is
all
like.
We
don't
like
have
any
idea
now.
One
thing
is
important
about
this
is
the
use
case
is
for
a
browser
or
a
web
application
read
javascript
to
be
able
to
use.
We
are
pretty
sure
that
javascript
is
never
going
to
have
äúi.
F
You
know
like
if
you
suck
in
some
JavaScript
on
a
webpage
you're,
not
all
sudden,
going
to
be
asked
to
choose
this,
so
this
might
be
a
use
case
where
someone
says
oh,
this
would
be
great,
except
if
it
happens
behind
your
back.
This
is
all
very
die.
Seeds,
we're
talking
user
interface,
we're
talking
about
people
doing
dns
to
places
where
you
aren't
sure
and
such
like
that.
So
this
is
still
an
individual
draft
I
just
put
out
oh
five
today
and
just
to
be
clear
if
you're
thinking.
Oh,
let's
try.
Let's
look
at
this.
F
Let's
start
implementing
it.
I
have
changed
the
bits
on
the
wire
in
every
goddamn
version.
So
far,
I've
gotten
it
wrong
that
many
times
don't
implement
this.
Okay,
we're
not
even
sure
if
anyone
really
is
going
to
you
know
if
this
is
going
to
get
adopted,
I
would
love
to
have
more
discussion
on
it,
but
it
is
if
this
is
implementable,
it
will
be
easy
if
it's
not
implementable.
I
want
to
hear
that.
So
we
can
stop,
but
don't
think
like.
Oh
Paul
has
an
idea:
let's
go
implement
it.
F
That
would
be
like
very
wrong
in
this
case.
So
then
there's
the
question
of.
What's
next
I
assure
you,
this
is
above
my
paygrade.
It's
gonna
be
chairs
and
area
directors.
We're
gonna
talk
among
each
other
about
what
to
do
with
this.
It
might
end
up
in
DNS
off
working
group,
because
this
is
a
protocol
change.
The
things
that
I
have
had
in
every
version
would
say
a
resolver
needs
to
look
at
a
special
thing
and
do
a
special
thing.
That
sounds
like
DNS
off
work.
F
However,
this
is
much
more
narrow
than
many
of
the
things
that
we
adopt
in
DNS,
often
DNS
off.
It's
usually
like
the
DNS
has
sort
of
this
operational
problem.
This
is
a
way
to
fix
it.
This
is
a
point
solution
for
dough,
so
maybe
that
doesn't
belong
here.
Maybe
it
belongs
in
the
dough
working
group,
because
it's
only
useful
for
dough
clients.
F
However,
it's
not
clear
if
that
working
groups
going
to
continue-
and
it's
also
not
clear
if
that's
the
working
group,
where
you
want
people
working
on
things
that
would
require
changes
in
resolvers,
which
is
so
far
all
of
all
of
the
proposals.
I've
had
has
done
it
or
this
way
might
be
way
too
early.
It
might
be
the
let's
let
come
out
and
do
stuff
and
then
come
back
to
this
light
again.
None
of
those
are
my
decisions.
They'll
be
working
group,
chairs
and
area
directors.
Who
will
you
know
be
working
on
this?
F
Having
said
that,
I've
discussed
this
a
couple
of
times
on
the
on
the
DOE
working
group
mailing
list.
The
DOE
working
group
did
not
shut
down
after
the
DOE
document
was
was
completed,
but,
as
David
Lawrence
said,
it's
not
clear
what
the
status
is
going
to
be
and
such
like
that.
F
So
if
people
are
interested
in
in
the
use
case,
namely
I
want
to
have
I
want
to
allow
a
browser
or
web
application
to
keep
using
the
same
thing,
please
take
a
look
at
the
document
whose
I'm
gonna
go
back
here
because
there's
the
title
please
look
at
the
document
and
right
now,
like
I,
say,
there's
been
a
little
bit
of
discussion
on
the
DOE
working
group
on
the
X
or
Pig.
It's
still
doe
working
group
mailing
list,
but
this
is
really
early
and
it
might
be
too
early.
Okay,
thank.
J
F
Or
anybody
does
anybody
looking
at
this
and
if
you
think
that
I've
done,
if
I've
tried
to
keep
in
the
there's
a
section
towards
the
end
of
design
choices,
that's
actually
a
list
of
failed
designs
that
I
had
for
previous
draft.
So
before
you
think,
oh
let's
do
it
this
way.
Please
read
that
section,
because
I
think
I
listed
what
I
did
wrong
every
time.
So.
K
D
No
not
about
this
about
pulsing
something
different
I'm,
just
the
one
other
thing
I
was
gonna,
say:
I
put
a
note
out
on
the
list.
The
other
day,
I
meant
to
suggest,
if
you're
here,
but
if
people
are
get
a
chance
to
look
at
something
to
review.
There's
a
draft
out
about
the
deploying
DNS
SEC,
what
to
be
crypto
algorithms,
and
it
was
something
that
andre
paul
myself
Oliver
had
put
together
a
couple
of
years
back
when
we
were
doing
the
things,
but
in
the
KSK
roll
over
I
had
people
who
were
asking
me.
D
You
know
why
is
the
NSX
so
hard
to
upgrade
some
stuff
like
that
and
I
would
encourage
people
to
take
a
look
at
that
document
and-
and
let
us
know
is
that
something
that
would
be
useful
to
get
out
there,
because
I
was
pointing
people
to
the
then
expired
draft
and
I
revved
it
in
advance
of
this.
Because
of
that,
because
people
were
asking
me
and
I
thought
it
was,
it
was
a
useful
summary
and
if
people
think
it's
useful,
please
take
a
look
at
it
and
provide
feedback.
What
else
could
we
put
in
it?
C
Thank
you,
Dan.
Also,
the
blue
sheets
are
probably
floating
around
I
just
wanted
to
see.
If
you
guys
would
make
sure
everybody
sign,
those
John's
got
one
side,
there's
one
over
there,
so
please
and
that's
what
we've
got
for
today.
So
thank
you
all
for
attending
and
I
guess
we'll
see
you
all
in
Prague
thanks.