home.social

#oarc46 — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #oarc46, aggregated by home.social.

  1. @bortzmeyer As the manager of the Cascade project, I feel it's important to provide some context and nuance to the terms "alpha”, “beta" and “production ready”. This applies especially to software that is intended to run in critical infrastructure, with possible grave consequences when there is a failure.

    While @nlnetlabs is building Cascade on 25 years of experience in DNS and software architecture, operators should not take our work for granted based on that.

    This is our plan.

    We have frozen the feature set Cascade has now, for the beta release. That means a DNSSEC signer with HSM support, IXFR in and out with TSIG, deterministic incremental signing, review hooks, and monitoring endpoints.

    We will mark this release as “beta” in the coming weeks, but read this as whatever you feel is appropriate given the context I gave. That being said: we will dogfood this release. Starting this summer, operators can put Cascade in their testing environments to put it through their wringers, so we can iron out bugs and fix corner cases.

    Over the coming months, our aim to have operators build the confidence to start deploying Cascade in production, with the expectation that we'll see real-world Cascade deployments towards the end of this year.

    #DNS #DNSSEC #OARC46 #LoveDNS @dnsoarc

  2. @bortzmeyer As the manager of the Cascade project, I feel it's important to provide some context and nuance to the terms "alpha”, “beta" and “production ready”. This applies especially to software that is intended to run in critical infrastructure, with possible grave consequences when there is a failure.

    While @nlnetlabs is building Cascade on 25 years of experience in DNS and software architecture, operators should not take our work for granted based on that.

    This is our plan.

    We have frozen the feature set Cascade has now, for the beta release. That means a DNSSEC signer with HSM support, IXFR in and out with TSIG, deterministic incremental signing, review hooks, and monitoring endpoints.

    We will mark this release as “beta” in the coming weeks, but read this as whatever you feel is appropriate given the context I gave. That being said: we will dogfood this release. Starting this summer, operators can put Cascade in their testing environments to put it through their wringers, so we can iron out bugs and fix corner cases.

    Over the coming months, our aim to have operators build the confidence to start deploying Cascade in production, with the expectation that we'll see real-world Cascade deployments towards the end of this year.

    #DNS #DNSSEC #OARC46 #LoveDNS @dnsoarc

  3. @bortzmeyer As the manager of the Cascade project, I feel it's important to provide some context and nuance to the terms "alpha”, “beta" and “production ready”. This applies especially to software that is intended to run in critical infrastructure, with possible grave consequences when there is a failure.

    While @nlnetlabs is building Cascade on 25 years of experience in DNS and software architecture, operators should not take our work for granted based on that.

    This is our plan.

    We have frozen the feature set Cascade has now, for the beta release. That means a DNSSEC signer with HSM support, IXFR in and out with TSIG, deterministic incremental signing, review hooks, and monitoring endpoints.

    We will mark this release as “beta” in the coming weeks, but read this as whatever you feel is appropriate given the context I gave. That being said: we will dogfood this release. Starting this summer, operators can put Cascade in their testing environments to put it through their wringers, so we can iron out bugs and fix corner cases.

    Over the coming months, our aim to have operators build the confidence to start deploying Cascade in production, with the expectation that we'll see real-world Cascade deployments towards the end of this year.

    @dnsoarc

  4. @bortzmeyer As the manager of the Cascade project, I feel it's important to provide some context and nuance to the terms "alpha”, “beta" and “production ready”. This applies especially to software that is intended to run in critical infrastructure, with possible grave consequences when there is a failure.

    While @nlnetlabs is building Cascade on 25 years of experience in DNS and software architecture, operators should not take our work for granted based on that.

    This is our plan.

    We have frozen the feature set Cascade has now, for the beta release. That means a DNSSEC signer with HSM support, IXFR in and out with TSIG, deterministic incremental signing, review hooks, and monitoring endpoints.

    We will mark this release as “beta” in the coming weeks, but read this as whatever you feel is appropriate given the context I gave. That being said: we will dogfood this release. Starting this summer, operators can put Cascade in their testing environments to put it through their wringers, so we can iron out bugs and fix corner cases.

    Over the coming months, our aim to have operators build the confidence to start deploying Cascade in production, with the expectation that we'll see real-world Cascade deployments towards the end of this year.

    #DNS #DNSSEC #OARC46 #LoveDNS @dnsoarc

  5. @bortzmeyer As the manager of the Cascade project, I feel it's important to provide some context and nuance to the terms "alpha”, “beta" and “production ready”. This applies especially to software that is intended to run in critical infrastructure, with possible grave consequences when there is a failure.

    While @nlnetlabs is building Cascade on 25 years of experience in DNS and software architecture, operators should not take our work for granted based on that.

    This is our plan.

    We have frozen the feature set Cascade has now, for the beta release. That means a DNSSEC signer with HSM support, IXFR in and out with TSIG, deterministic incremental signing, review hooks, and monitoring endpoints.

    We will mark this release as “beta” in the coming weeks, but read this as whatever you feel is appropriate given the context I gave. That being said: we will dogfood this release. Starting this summer, operators can put Cascade in their testing environments to put it through their wringers, so we can iron out bugs and fix corner cases.

    Over the coming months, our aim to have operators build the confidence to start deploying Cascade in production, with the expectation that we'll see real-world Cascade deployments towards the end of this year.

    #DNS #DNSSEC #OARC46 #LoveDNS @dnsoarc

  6. #InternetHistory
    Keith Mitchell reminds us of what was email at the time before SMTP/TCP/IP took over and why he still hates sendmail.

    #OARC46

  7. #InternetHistory
    Keith Mitchell reminds us of what was email at the time before SMTP/TCP/IP took over and why he still hates sendmail.

    #OARC46

  8. #InternetHistory
    Keith Mitchell reminds us of what was email at the time before SMTP/TCP/IP took over and why he still hates sendmail.

    #OARC46

  9. #InternetHistory
    Keith Mitchell reminds us of what was email at the time before SMTP/TCP/IP took over and why he still hates sendmail.

    #OARC46

  10. #InternetHistory
    Keith Mitchell reminds us of what was email at the time before SMTP/TCP/IP took over and why he still hates sendmail.

    #OARC46

  11. "Good thing that we used zoom.us [since .de was broken]" 3 hours to fix (that was the evening)

    Among the lessons: don't have your status page under .de.

    #OARC46

  12. Peter Koch (DENIC) on the 5 may problem in .de.

    .de has almost 18 million domain names and is incrementally updated.

    Validation is done once it is already published.

    HSM were using different keys :-(

    #DNSSEC
    #OARC46

  13. chinamobile.com has four #DNS name servers and they all have the same set of IP addresses.

    #OARC46

  14. Nice and clever trick to recover some of the "anonymized" IP addresses in #DNS root name server traffic. ("Anonymization" is often a joke.)

    #OARC46

  15. If your employer is an OARC member, you have access to the #DNS data collected by the root name servers. (Talk by Kazunori Fujiwara)

    As always, working with data is complicated. For instance, some operators (A, B, D, F, H, I, J and L) blur the IP addresses, and it is not documented. (And they don't use the same algorithm.)

    #OARC46

  16. Beta version of Cascade soon.

    "Production-ready" Hmmmmm

    Live demo (using sed to edit the config file) worked.

    #OARC46

  17. Serious rewrite since alpha versions (which were seriously brittle).

    @jpmens is mentioned.

    #Cascade #OARC46

  18. Serious rewrite since alpha versions (which were seriously brittle).

    @jpmens is mentioned.

    #Cascade #OARC46

  19. Serious rewrite since alpha versions (which were seriously brittle).

    @jpmens is mentioned.

    #Cascade #OARC46

  20. Serious rewrite since alpha versions (which were seriously brittle).

    @jpmens is mentioned.

    #Cascade #OARC46

  21. Serious rewrite since alpha versions (which were seriously brittle).

    @jpmens is mentioned.

    #Cascade #OARC46

  22. "Cascade [#DNSSEC key manager and signer]: Beyond alpha" by Ximon Eighteen

    Written in Rust. Still alpha (beta was not released yet).

    Supported (among others) by the Sovereign Tech Agency.

    #OARC46

  23. "RootViz: visualizing real-time monitoring of Root (and TLD) servers" by Giovane Moura

    DIsplaying nicely the measures made by the RIPE Atlas probes:
    rootviz.sidnlabs.nl/ (based on Grafana)

    #OARC46

  24. Heard at #OARC46 "If the LLM is wrong, prompt harder"

  25. "Gonemaster - A Go implementation of Zonemaster" by Patrik Wallström

    Instead of using AI, let's use Go :-) Among the good things: native concurrency [I approve]

    codeberg.org/pawal/gonemaster

    #Go #DNS #OARC46 🐪

  26. First talk with some AI at #OARC46 "AI-powered Dynamic Zone Checker" by Pallavi Aras

    CheckMate is a competitor of named-checkzone, Zonemaster and DNSviz. "Intelligent DNS analysis". Using Google Gemini and Claude.

  27. Many requests coming from cars...

    So, use ECC (error-correcting memory) and use a tin foil hat.

    #OARC46

  28. "In Schaerbeek in 2003, MARIA initially received 4096 additional votes because of a voting computer error caused by cosmic radiation" en.wikipedia.org/wiki/Maria_Vi

    #OARC46

  29. The NS set and the associated glue MUST be consistent between parent and child domain. If they are not, the result will depend on wether the #DNS resolver is parent-centric or child-centric.

    (talk by Petr Špaček)

    At a time, it broke the .cd TLD.

    #OARC46

  30. #DNS root zone key rollover under way. (Planned for 11 october.)

    "Who in the room has root access to his resolver?" (Lot of hands, this is an OARC meeting.)

    #OARC46 #DNSSEC

  31. Wonderful list of things that can go wrong (and therefore, will) in operations.

    (Including an error done on friday afternoon and fixed, will you guess, on monday.)

    #DNS #DNSSEC #OARC46

  32. The real world is complicated. For signing a .cn domain, it was necessary to send DS records by email... For .br, errors are not corrected 24x7, only during business hours. (Not always the registry's fault, sometimes you have to use a lot of intermediaries.)

    #OARC46 #DNSSEC

  33. "Modeling DNS Queries and Caching to Evaluate the Merits of QNAME Minimization" by Casey Deccio

    Great explanation of caching dynamics, by the way.

    #DNS #privacy #OARC46

  34. Actually measuring the robustness of the Internet is hard. For instance, for #DNS resolvers (the current talk by Maynard Koch), good resolvers, actually used by people, are typically not publically reachable. The open resolvers which are easy to study are typically misconfigured and not actually used.

    #OARC46

  35. Did you know that OARC has its own fediverse instance?

    #DNS #OARC46

  36. RE: mastodns.net/@dualkei/11657348

    Looking forward to and . The ISC team will be there too.

  37. With the help of Scotland 🏴󠁧󠁢󠁳󠁣󠁴󠁿's favorite Pleisiosaur, I will be presenting some #DNS pre-history at #OARC46 in Edinburgh this Sunday, then attending #RIPE92 all next week.

    indico.dns-oarc.net/event/56/c

    Excited that two of the international events that have been a huge part of my career are coming to the city I grew up in !
    #dnsoarc #ripe