Yeti DNS Testbed
RFC 8483

Document Type RFC - Informational (October 2018; No errata)
Last updated 2018-10-19
Stream ISE
Formats plain text pdf html bibtex
IETF conflict review conflict-review-song-yeti-testbed-experience
Stream ISE state Published RFC
Consensus Boilerplate Unknown
Document shepherd Adrian Farrel
Shepherd write-up Show (last changed 2018-05-22)
IESG IESG state RFC 8483 (Informational)
Telechat date
Responsible AD (None)
Send notices to Adrian Farrel <rfc-ise@rfc-editor.org>
IANA IANA review state Version Changed - Review Needed
IANA action state No IANA Actions
Independent Submission                                      L. Song, Ed.
Request for Comments: 8483                                        D. Liu
Category: Informational                       Beijing Internet Institute
ISSN: 2070-1721                                                 P. Vixie
                                                                    TISF
                                                                 A. Kato
                                                               Keio/WIDE
                                                                 S. Kerr
                                                            October 2018

                            Yeti DNS Testbed

Abstract

   Yeti DNS is an experimental, non-production root server testbed that
   provides an environment where technical and operational experiments
   can safely be performed without risk to production root server
   infrastructure.  This document aims solely to document the technical
   and operational experience of deploying a system that is similar to
   but different from the Root Server system (on which the Internet's
   Domain Name System is designed and built).

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This is a contribution to the RFC Series, independently of any other
   RFC stream.  The RFC Editor has chosen to publish this document at
   its discretion and makes no statement about its value for
   implementation or deployment.  Documents approved for publication by
   the RFC Editor are not candidates for any level of Internet Standard;
   see Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   https://www.rfc-editor.org/info/rfc8483.

Song, et al.                  Informational                     [Page 1]
RFC 8483                    Yeti DNS Testbed                October 2018

Copyright Notice

   Copyright (c) 2018 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Requirements Notation and Conventions . . . . . . . . . . . .   5
   3.  Areas of Study  . . . . . . . . . . . . . . . . . . . . . . .   5
     3.1.  Implementation of a Testbed like the Root Server System .   5
     3.2.  Yeti-Root Zone Distribution . . . . . . . . . . . . . . .   5
     3.3.  Yeti-Root Server Names and Addressing . . . . . . . . . .   5
     3.4.  IPv6-Only Yeti-Root Servers . . . . . . . . . . . . . . .   6
     3.5.  DNSSEC in the Yeti-Root Zone  . . . . . . . . . . . . . .   6
   4.  Yeti DNS Testbed Infrastructure . . . . . . . . . . . . . . .   7
     4.1.  Root Zone Retrieval . . . . . . . . . . . . . . . . . . .   8
     4.2.  Transformation of Root Zone to Yeti-Root Zone . . . . . .   9
       4.2.1.  ZSK and KSK Key Sets Shared between DMs . . . . . . .  10
       4.2.2.  Unique ZSK per DM; No Shared KSK  . . . . . . . . . .  10
       4.2.3.  Preserving Root Zone NSEC Chain and ZSK RRSIGs  . . .  11
     4.3.  Yeti-Root Zone Distribution . . . . . . . . . . . . . . .  12
     4.4.  Synchronization of Service Metadata . . . . . . . . . . .  12
     4.5.  Yeti-Root Server Naming Scheme  . . . . . . . . . . . . .  13
     4.6.  Yeti-Root Servers . . . . . . . . . . . . . . . . . . . .  14
     4.7.  Experimental Traffic  . . . . . . . . . . . . . . . . . .  16
     4.8.  Traffic Capture and Analysis  . . . . . . . . . . . . . .  16
   5.  Operational Experience with the Yeti DNS Testbed  . . . . . .  17
     5.1.  Viability of IPv6-Only Operation  . . . . . . . . . . . .  17
       5.1.1.  IPv6 Fragmentation  . . . . . . . . . . . . . . . . .  18
       5.1.2.  Serving IPv4-Only End-Users . . . . . . . . . . . . .  19
     5.2.  Zone Distribution . . . . . . . . . . . . . . . . . . . .  19
       5.2.1.  Zone Transfers  . . . . . . . . . . . . . . . . . . .  19
       5.2.2.  Delays in Yeti-Root Zone Distribution . . . . . . . .  20
       5.2.3.  Mixed RRSIGs from Different DM ZSKs . . . . . . . . .  21
     5.3.  DNSSEC KSK Rollover . . . . . . . . . . . . . . . . . . .  22
       5.3.1.  Failure-Case KSK Rollover . . . . . . . . . . . . . .  22
       5.3.2.  KSK Rollover vs. BIND9 Views  . . . . . . . . . . . .  22
       5.3.3.  Large Responses during KSK Rollover . . . . . . . . .  23
     5.4.  Capture of Large DNS Response . . . . . . . . . . . . . .  24
     5.5.  Automated Maintenance of the Hints File . . . . . . . . .  24
Show full document text