9:28:43 AM bwatson@jabber.oarc.isc.org: hmmm, trying to attend the cisco meeting place on the web, but it still says "meeting unavailable or too soon"
9:51:37 AM bwatson@jabber.oarc.isc.org: is there supposed to be video on meetingplace, or only audio?
bwatson@jabber.oarc.isc.org joined the chat (10:15:22 AM)
null0@jabber.tisf.net joined the chat (10:15:22 AM)
dns-ops-mtg joined the chat (10:15:22 AM)
daveknight joined the chat (10:15:22 AM)
rstory joined the chat (10:15:22 AM)
tkvix joined the chat (10:15:22 AM)
keith joined the chat (10:15:22 AM)
olaf joined the chat (10:15:22 AM)
Md joined the chat (10:15:22 AM)
sebastian.castro joined the chat (10:15:22 AM)
ogud joined the chat (10:15:22 AM)
geoff joined the chat (10:15:22 AM)
RussMundy joined the chat (10:15:22 AM)
doron joined the chat (10:15:22 AM)
jabley joined the chat (10:15:22 AM)
orange joined the chat (10:15:22 AM)
jtk@jabber.oarc.isc.org joined the chat (10:15:22 AM)
trinary joined the chat (10:15:22 AM)
jaap joined the chat (10:15:22 AM)
jad joined the chat (10:15:22 AM)
brad joined the chat (10:15:22 AM)
BarryRGreene joined the chat (10:15:22 AM)
oatwillie joined the chat (10:15:22 AM)
plosher joined the chat (10:15:22 AM)
suresh joined the chat (10:15:22 AM)
bverd joined the chat (10:15:22 AM)
9:56:52 AM null0@jabber.tisf.net: Hullo.
9:57:01 AM null0@jabber.tisf.net: [Roland Dobbins @ Cisco]
9:57:38 AM oatwillie: DNS over HTTP over IP over XML
9:58:42 AM BarryRGreene: #5 on the phone to mute.
9:58:54 AM null0@jabber.tisf.net: And #5 to unmute, if you've questions or comments.
10:04:51 AM oatwillie: so are people seeing slideware yet?
10:05:11 AM jabley: no, something is broken but will be fixed in the break, I hear
10:05:24 AM null0@jabber.tisf.net: That's correct, Joe - we'll work on it during the break.
10:06:18 AM oatwillie: so the fun/games are a rehash of the CoDoNs preso and  the idea that they can be complimentary to DNS
10:07:04 AM oatwillie: question raised... ops & academia not talking to each other
10:07:08 AM oatwillie: why?
10:07:37 AM null0@jabber.tisf.net: Being answered now.
10:07:41 AM jtk@jabber.oarc.isc.org: part of the reason is that each group has little experience on the other's turf
10:08:00 AM oatwillie: thats a good answer... 
10:08:14 AM tkvix: tell them to join oarc
10:09:29 AM oatwillie: Rick Wesson speaks
10:10:48 AM oatwillie: may speak... eventually
10:11:24 AM keith: More laptop proj fiddling..... ready now
10:12:12 AM oatwillie: preso... "Community Response to problem networks"
10:14:07 AM oatwillie: now there was a term of art ...  "hopping glue" 
rstory has set the subject to: DNS-OPS-MTG: messages mirrored on big screen @ meeting site. #5 to mute/unmute your phone. (10:15:22 AM)
10:15:41 AM oatwillie: Rcik covers patterns of abuse and his new effort (support intelligence) to track this stuff
michael-berkeley joined the chat (10:17:04 AM)
randy joined the chat (10:17:12 AM)
randy left the chat. (10:17:17 AM)
davidu joined the chat (10:17:45 AM)
mave joined the chat (10:17:52 AM)
sebastian.castro left the chat. (10:18:43 AM)
10:19:54 AM oatwillie: has a tool... REACT ... looking for abuse patterns using BGP & DNS
10:20:08 AM tkvix: http://public.oarci.net/files/WESSON-REACT-v4.pdf
10:20:17 AM oatwillie: woot!
10:20:21 AM oatwillie: thk paul
10:20:57 AM tkvix: the other two are also present at http://public.oarci.net/dns-operations/workshop-2006 now, and more will be added as i buttonhole the various speakers
Sean Leach joined the chat (10:22:00 AM)
dblacka joined the chat (10:22:28 AM)
10:23:19 AM oatwillie: so i'll cease random commentary ...  but someone should try and post the questions/answers from the f2f mtg
10:25:38 AM jabley: bill has a tough time believing that there are no open proxies in northern europe
dblacka left the chat. (10:25:52 AM)
10:26:18 AM jabley: possibly s/northern europe/something else/ :-)
10:26:22 AM jabley: "what is your business model?"
10:26:55 AM oatwillie: /jabley - north america... not europe
10:28:41 AM oatwillie: woody... on content distribution networks
jdow joined the chat (10:29:34 AM)
kurtis joined the chat (10:31:53 AM)
mave left the chat. (10:32:46 AM)
wessels joined the chat (10:32:56 AM)
Mike Damm joined the chat (10:33:26 AM)
10:33:36 AM oatwillie: the anycast d/p show....  it's all routing haws
10:33:42 AM oatwillie: haqs ...  sorry
wessels left the chat. (10:34:33 AM)
McTim joined the chat (10:35:54 AM)
null0@jabber.tisf.net left the chat. (10:37:56 AM)
10:38:24 AM olaf: Is this presentation on-line?
10:38:38 AM davidu: yeah, I think so, lemme find a url
null0@jabber.tisf.net joined the chat (10:38:38 AM)
10:38:40 AM null0@jabber.tisf.net: re
erik joined the chat (10:39:02 AM)
10:39:28 AM davidu: http://www.pch.net/resources/papers/dns-service-architecture/
10:39:29 AM oatwillie: its the same one he gave @ NZNOG earlier this year... and is remarkably similar to the one he gave @ LACNIC 
10:39:32 AM davidu: I think that's the right one.
10:39:43 AM null0@jabber.tisf.net: Consistency is a virtue.
10:39:54 AM null0@jabber.tisf.net: ;>
10:40:24 AM oatwillie: foolish consistency is the hobgoblin of small minds.... 
matto joined the chat (10:40:41 AM)
mave@nic.cl joined the chat (10:40:48 AM)
10:41:42 AM oatwillie: the PCH "wagon-wheel" looks a whole lot like the Stanford 'cube'  architecture 
10:41:46 AM tkvix: to avoid future consistency, volunteer now to help assemble future agendas.  (i wasn't at nznog or lacnic.)
10:42:05 AM oatwillie: me neither...
10:42:20 AM null0@jabber.tisf.net: It's good he's giving this talk - there are folks here who probably haven't been given an opportunity to hear it, previously.
10:42:26 AM davidu: yep. ;)
10:42:30 AM oatwillie: but webcasting is a fine tool
10:42:35 AM jabley: so the answer is clearly for everybody to attend nznog next year :-) (issued on behalf of the nznog marketing and world domination committee)
10:42:41 AM null0@jabber.tisf.net: haha
10:43:04 AM oatwillie: book now... 914USD LAX-AUK
wessels joined the chat (10:43:19 AM)
10:43:38 AM null0@jabber.tisf.net: http://www.pch.net/resources/papers/dns-service-architecture <--- pointer to Bill's preso
10:43:41 AM jabley: steve says: one clarification on getting transit from different people in different places
jdow left the chat. (10:43:55 AM)
jdow joined the chat (10:43:56 AM)
10:45:29 AM jdow: FWIW, I'm finding it useful and interesting.
10:45:42 AM jabley: also, for monitoring issues, see draft-ietf-grow-anycast-03
10:46:37 AM oatwillie: actually... there was a rumor that a mtg on anycast (a follow on to one held in YVR last year) is to occur just after NANOG 
10:46:49 AM null0@jabber.tisf.net: *knows nothing of this*
10:46:58 AM oatwillie: checking...
10:48:33 AM oatwillie: rumor originated from Joao Damas ... plz check w/ him @ <joao_damas@isc.org> for details
10:48:39 AM null0@jabber.tisf.net: Danke.
10:48:53 AM jabley: it's on wednesday afternoon at the isc office at 950 charter, redwood city
rick joined the chat (10:48:54 AM)
rick left the chat. (10:48:54 AM)
10:49:21 AM null0@jabber.tisf.net: Ah, so.
10:49:24 AM null0@jabber.tisf.net: Thanks, Joe.
10:49:55 AM tkvix: mr. null0, could you pick a more meaningful netname, maybe that corresponds to your meatspace identity in some way?
10:50:03 AM null0@jabber.tisf.net: doh
10:50:05 AM null0@jabber.tisf.net: Sorry.
10:50:07 AM null0@jabber.tisf.net: brb
null0@jabber.tisf.net left the chat. (10:50:11 AM)
10:50:13 AM jabley: rodney is offering advice for solving the problems that bill just described
rdobbins joined the chat (10:50:51 AM)
10:50:55 AM rdobbins: Ire
10:50:56 AM rdobbins: re
10:51:15 AM oatwillie: of course monitoring/measurement would be helped w/ the NSID option being available... nudge, nudge...
10:51:43 AM jabley: rodney is talking about bind resolvers weighting queries towards servers in an NS set towards those which have low demonstrated RTT
10:51:49 AM jabley: rodney says A and B clouds are not enough
10:51:52 AM jabley: you need A, B, C, D, E, F
10:51:56 AM tkvix: rodney is describing an even/odd local/global arrangements of more than two NS.NSDNAMEs for anycasted zones
10:52:20 AM oatwillie: /vix  - you type faster than me... as usual
10:54:39 AM oatwillie: woody is done  . ... . sebastian is up
10:55:56 AM kurtis: Wait! I am not native!
10:56:04 AM keith: "The IDN Experience" from Chile
10:56:09 AM jabley: nor am I, according to some people! :-)
10:56:09 AM rdobbins: Does that mean you're emulated?
10:56:15 AM kurtis: yupp.
10:56:15 AM jabley: kurtis is universal
10:56:18 AM rdobbins: haha
jad left the chat. (10:56:36 AM)
mpounsett joined the chat (10:57:03 AM)
wessorh joined the chat (10:57:14 AM)
10:58:15 AM rdobbins: .cl do a 30-day hold on registration for dispute resolution, etc. - nice.
jdow left the chat. (10:59:08 AM)
jdow joined the chat (10:59:09 AM)
10:59:11 AM wessorh: can we find all .cl names in 30-day-hold?
10:59:30 AM rdobbins: Dunno - ask when he pauses for Q&A.
11:00:04 AM tkvix: http://public.oarci.net/files/Sebastian Castro - The IDN Experience.pdf
11:00:32 AM mave@nic.cl: you can register your name... and if the name is in conflict, then in 30 days of cat fight, it's all solved :-)
11:00:55 AM oatwillie: last one standing?
11:01:11 AM rdobbins: Rock-paper-scissors, loser changes his legal name.
11:01:12 AM rdobbins: ;>
11:01:39 AM mave@nic.cl: they reunite with one of our lawyers and we wet the floor and let them fight
11:02:02 AM rdobbins: 'The Chilean Way' - I like it.
11:02:03 AM rdobbins: ;>
11:02:18 AM plosher: I have seen your offices, I am more worried about the wood spliters from the walls :)
11:02:24 AM plosher: er splinters
mpounsett left the chat. (11:02:29 AM)
11:02:30 AM mave@nic.cl: :D
11:02:35 AM plosher: or have you moved to the new offices now?
11:02:51 AM mave@nic.cl: after we come bak, we will move
11:03:02 AM tkvix: better url... http://public.oarci.net/files/castro-idn.pdf
11:03:02 AM mave@nic.cl: (they are expecting us to carry on the things)
bverd left the chat. (11:05:39 AM)
jdow left the chat. (11:06:12 AM)
jdow joined the chat (11:06:12 AM)
matto left the chat. (11:06:49 AM)
jtk@jabber.oarc.isc.org left the chat. (11:07:25 AM)
matto@jabber.tisf.net joined the chat (11:08:46 AM)
Tim Wilde joined the chat (11:10:42 AM)
11:10:56 AM davidu: tim are you here?
11:11:02 AM Tim Wilde: I am now
11:11:07 AM davidu: here in person?
11:11:10 AM Tim Wilde: Oh, no
11:11:19 AM davidu: doh.
11:12:04 AM oatwillie: rwesson asks abt request corrollation to public events
jtk@jabber.oarc.isc.org joined the chat (11:13:06 AM)
11:13:08 AM oatwillie: dbarton asks abt policy issues on registrations
11:13:55 AM keith: can audio participant please mute via #5 ?
11:15:00 AM oatwillie: lunch break ... abt 30 min or so
daveknight left the chat. (11:15:03 AM)
markk joined the chat (11:15:21 AM)
11:16:25 AM oatwillie: not lunch... tea break... :)
11:16:46 AM matto@jabber.tisf.net: they took away the breakfast food :(
doron left the chat. (11:18:34 AM)
plosher left the chat. (11:19:22 AM)
edlewis joined the chat (11:22:26 AM)
plosher joined the chat (11:22:59 AM)
Sean Leach left the chat. (11:23:37 AM)
Rodney joined the chat (11:25:05 AM)
11:26:37 AM keith: Break will end @ 11:40 local - have muted audio feed until then
alw joined the chat (11:26:46 AM)
11:27:14 AM keith: Awaiting on-site help to get privs to install PDF and java remote viewers on presentation PC..
11:32:15 AM olaf: The audio seems completely dead now...
rdobbins left the chat. (11:34:42 AM)
11:35:55 AM keith: Olaf's presentation should now be available in both the shared presentation space, and at http://www.secret-wg.org/NSD-dnsoarc2006.pdf
olaf@jabber.secret-wg.org joined the chat (11:37:35 AM)
11:37:49 AM keith: We should now have remote viewing of PDF and PPT presentations given here.
11:37:57 AM olaf: That file is very large.
olaf left the chat. (11:39:23 AM)
11:39:33 AM keith: Can someone confirm they can see Olaf's presentation remotely 
11:39:40 AM Tim Wilde: I'm seeing it
mattlarson joined the chat (11:40:03 AM)
11:40:04 AM geoff: I can see it.  Is there any way to resize it?  It doesn't fit onto an XGA screen.
11:40:15 AM mattlarson: Would it make sense to grab lunch now and just work through the scheduled lunch break?
11:40:51 AM matto@jabber.tisf.net: those cookies look good.
11:41:01 AM keith: Okay, trying to resize. Would prefer to keep lunch @12:30
11:41:11 AM mattlarson: then tell everyone to stop :-)
11:41:28 AM jabley: I'm calling this breakfast :-)
11:41:54 AM keith: Restarting. Olaf 11:40 to 12:10, Peter Losher @ISC 12:20 to lunch @ 12:30
11:42:40 AM mattlarson: yes
sebastian.castro joined the chat (11:43:25 AM)
sebastian.castro left the chat. (11:43:26 AM)
Sean Leach joined the chat (11:43:41 AM)
sebastian.castro joined the chat (11:43:41 AM)
11:44:31 AM rstory: hmm.. i can only see the top half of the slides..
11:45:07 AM keith: We have an unresolved sizing problem - I'll try and keep the key text in-window..
rdobbins joined the chat (11:46:42 AM)
11:46:45 AM rdobbins: re
11:49:43 AM jtk@jabber.oarc.isc.org: barry, many thanks for putting this together, and cookies are very nice (sorry remote attendees), would it be too much to ask for some milk? :-) j/k
11:50:10 AM Sean Leach: john - grab some for me and hold on to them until monday...thanks
11:52:22 AM wessorh: how many hosts can nsd3 defend against in a DDoS?
11:52:40 AM rdobbins: That's going to be situationally-specific - pps, qps, etc., right?
11:53:04 AM jdow: 48.
11:53:10 AM rdobbins: heh
11:53:17 AM bwatson@jabber.oarc.isc.org: that would be 42
11:53:30 AM jdow: Sorry, I was assuming a Windows mix.  42 UNIX-only hosts, of course.
11:53:39 AM jabley: http://lists.oarci.net/pipermail/dns-operations/2006-May/000604.html shows nsd behaviour under load
11:53:50 AM jabley: I don't know whether that's nsd3 or some earlier nsd though
11:53:53 AM sebastian.castro: there are some "operations problems" in NSD2, specially with multihomed hosts
11:54:06 AM sebastian.castro: those are supposed to be handled on NSD3, right?
11:56:55 AM jaap: As the pictures says, the graph was nsd 2.3.3
11:57:11 AM jabley: ah, thanks jaap
11:58:22 AM michael-berkeley: So nsd now has its own AXFR process?  It used to use BIND8's named-xfer.
11:58:26 AM jaap: If there are "operational problems" with nsd2 O hoe people rported them to us
11:59:06 AM jaap: Yes, nsd3 is going to have it's own Xfer process
11:59:15 AM sebastian.castro: nsd2 also has his own nsd-xfer program
11:59:25 AM sebastian.castro: since 2.3.0 version i think
11:59:29 AM jabley: will nsd3 also support IXFR and NOTIFY?
11:59:32 AM sebastian.castro: I should check the CHANGES file
11:59:48 AM jabley: oh, no matter :-)
11:59:57 AM jaap: yep, on popular request, ixfer & notifu will be supported
11:59:59 AM sebastian.castro: yep, I reported those problems and prepared a patch
12:00:18 PM sebastian.castro: well, NSD2 has a nsd-notify external program to do that
12:01:09 PM jaap: they will now be better integrated
12:01:37 PM jabley: so, nsd3 will support AXFR/IXFR/NOTIFY as a slave, but how about as a master?
12:01:42 PM jtk@jabber.oarc.isc.org: olaf:  i'd be curious to hear examples of cases you can share where you had to make changes based on another implementation's playing fast and loose with the specs/protocol or simply where there isn't clarify in what a server should do
12:02:18 PM jaap: As master as well
bverd joined the chat (12:03:06 PM)
Suz joined the chat (12:03:09 PM)
12:06:14 PM oatwillie: /olaf - so this means nsd3 will grok the transport a query was received on and "sort" the RRset for the answer?
12:07:15 PM oatwillie: there is a DDoS vector there...
12:09:05 PM oatwillie: a private party asks.... Q3 what year?
12:09:28 PM jabley: I think 2006, from other side discussions
12:09:50 PM oatwillie: kind of like dnssec in 6 months :)
12:10:08 PM edlewis: and in 6 months, it'll still be there. ;)
12:10:10 PM jabley: at least nsd has a history of actual deployment :-)
12:10:30 PM matto@jabber.tisf.net: did he call nsec3 a DOS a few slides back?
12:10:43 PM edlewis: you make it sound like actual deployment is a goal! ;)
12:11:12 PM jabley: he observed that nsec3 processing was computationally expensive, and hence repeated queries which require nsec3 processing might be rate-limited
12:11:21 PM oatwillie: na... its an academic exercise... like nsec3
12:12:13 PM mattlarson: NSEC3 is not necessarily computationally expensive--it depends on the iterations field (the number of times the domain name is hashed)
12:12:36 PM mattlarson: you can do a bunch of SHA1 calculations in the time it takes to do one RSA or DSA sig verification, for example
12:12:41 PM oatwillie: hashed names... kind of like CoDoNs?
12:12:51 PM geoff: The potential for using NSEC3 to DOS servers is described here: http://psg.com/lists/namedroppers/namedroppers.2006/msg00172.html
12:12:53 PM mattlarson: don't make me come over there, Bill
12:13:20 PM jabley: "expensive" is relative, I think. in the context of nsd, computing an SHA1 is more expensive than pulling a pre-computed answer to a query out of a hash table
12:13:48 PM oatwillie: but SHA1 is weak/old... the new'n improved technique is SHA256, yes?
12:14:00 PM mattlarson: I'm really going to have to come over there, aren't I?
12:14:17 PM jabley: we'll get the nic.cl guys to wet the floor
12:14:36 PM rdobbins: er, the restrooms are just down the hall, no need to 'wet' the floor.
12:14:38 PM rdobbins: ;>
12:14:53 PM Suz: I can tell I'm missing a great deal by not being there :)
12:14:58 PM rdobbins: haha
12:15:06 PM rdobbins: We're rockin' with Dokken.
12:15:19 PM mave@nic.cl: call the lawyers :P
Mike Damm left the chat. (12:15:19 PM)
12:15:41 PM rdobbins: Lawyers, guns, and money?
12:15:59 PM oatwillie: actually, size matters... i'm getting a headache with the jumping preso...
12:16:15 PM oatwillie: livemtg is not my friend
12:17:47 PM rdobbins: Down the hall to your left.
12:17:47 PM rdobbins: ;>
12:17:49 PM michael-berkeley: It's not so bad with text, but the diagrams were really hard to read.
12:18:27 PM oatwillie: true enough
12:18:34 PM oatwillie: Pete's up
plosher left the chat. (12:18:40 PM)
12:18:57 PM olaf@jabber.secret-wg.org: Joe, NSD3 will have integrated IXFR and NOTIFY
12:19:08 PM jabley: as master and slave, I think Jaap said
12:20:11 PM olaf@jabber.secret-wg.org: jtk: The one case that we ran into did not have to do with a performance as well as a regression test
12:21:13 PM matto@jabber.tisf.net: url for this pdf?
12:21:24 PM olaf@jabber.secret-wg.org: I do not remember the details but it was a bug that had to do with the TTL of the SOA and the TTL used elsewhere. Some interaction that we not caught because the zones we tested against did not contain this particular combination of records
12:22:08 PM olaf@jabber.secret-wg.org: Q3 2006 ...
daveknight joined the chat (12:22:10 PM)
12:22:30 PM jtk@jabber.oarc.isc.org: olaf: thx
12:23:14 PM olaf@jabber.secret-wg.org: matto: I did not say that NSEC3 is a DOS but it NXDOMAIN answers do cause more processing that regular NSEC NXDOMAIN answers
12:23:16 PM oatwillie: /olaf - SHA256 support?
12:23:49 PM olaf@jabber.secret-wg.org: (I am reading my jabber comments sequentially..)
12:23:55 PM oatwillie: ok
12:23:58 PM olaf@jabber.secret-wg.org: What do you mean by SHA256 support?
12:24:20 PM oatwillie: will that be in nsd3 or future?
12:24:32 PM olaf@jabber.secret-wg.org: SHA256 support for what?
12:26:01 PM olaf@jabber.secret-wg.org: (SHA256 appears in DS and potentially in RRSIG, those records are generated by the signer, NSD does not come with a signer. But NSD will take the blob of bits generated by the signer so to speak)
12:27:34 PM oatwillie: i guess i need to re-review your slides... i thought you indicated that rrsigs would/could be generated "on the fly" 
olaf joined the chat (12:28:07 PM)
12:28:43 PM jabley: question: was bind 9.4 changed to turn off recursion by default?
12:28:51 PM jabley: vixie says: no, because the bind forum said no
12:28:56 PM jabley: likely to come in 9.5, says paul
12:29:55 PM jabley: paul is talking about pre-compiled zones, i.e. zones which are stored on disk in binary form so they are quicker to load than their ASCII equivalents
12:30:07 PM jabley: designed just to speed up loading
jdow left the chat. (12:32:03 PM)
jdow joined the chat (12:32:04 PM)
12:32:54 PM michael-berkeley: here's the URL for my question -- look at the PS: http://marc.theaimsgroup.com/?l=bind-users&m=112622657106727&w=2
12:32:56 PM oatwillie: lunch... 
12:33:07 PM geoff: Bill: II think Olaf said RRSIGs are assembled into the reply dynamically (by NSD 2.x)
daveknight left the chat. (12:33:21 PM)
edlewis left the chat. (12:33:24 PM)
12:34:06 PM oatwillie: true...  my presumtion was "assembly" might include signing...
olaf@jabber.secret-wg.org left the chat. (12:37:49 PM)
bverd left the chat. (12:37:51 PM)
jdow left the chat. (12:43:39 PM)
jdow joined the chat (12:43:40 PM)
cdy joined the chat (12:50:20 PM)
12:57:11 PM cdy: It's me on the big screen.
12:57:22 PM rdobbins: heh
jaap left the chat. (1:00:09 PM)
1:00:50 PM jtk@jabber.oarc.isc.org: So roland, we local participants are getting GSRs for parting gifts?!?!  Thanks!  Cisco rocks.
1:01:20 PM matto@jabber.tisf.net: darn, i knew i should have driven the u-haul today
1:10:12 PM jabley: I presumed that cisco normally pay people to drive the GSRs away
1:10:19 PM jabley: it's pretty cheap for them to expect their guests to do it for free
1:10:46 PM Tim Wilde: Yeah, it must cost them quite a bit in disposal fees, especially with all the environmental regs here in CA.  Much cheaper to make you all take them.
1:10:48 PM mave@nic.cl: also for latin american people? :-D
1:12:00 PM McTim: and Africans? (too bad we don't have any Ggiabit capable fiber within a thousand miles of here
daveknight joined the chat (1:12:59 PM)
1:15:47 PM rdobbins: heh, John.
1:15:56 PM rdobbins: I'm sure I can scare up an AGS+ for you, somewhere.
1:16:02 PM rdobbins: Or a nice Token Ring Bridge.
1:16:03 PM rdobbins: ;>
jaap joined the chat (1:17:46 PM)
daveknight left the chat. (1:18:25 PM)
davidu left the chat. (1:18:29 PM)
1:19:13 PM jtk@jabber.oarc.isc.org: oh broken ring, source route bridging, beacons, how i do not miss thee
1:19:18 PM rdobbins: heh
1:19:23 PM rdobbins: Phantom-current.
oatwillie left the chat. (1:22:02 PM)
wessels left the chat. (1:24:36 PM)
1:26:06 PM matto@jabber.tisf.net: is it me, or has it reached 'sweltering' in here
1:26:27 PM jabley: it's getting there, no question
1:26:56 PM keith: Next presentation should now be available via application sharing - can someone please verify ?
1:26:59 PM cdy: ya i live in the desert now and this is kinda ick.
1:27:17 PM geoff: yup, see it.
1:28:46 PM jdow: It's pretty darn hot.  The AC can't go any lower.
1:29:09 PM matto@jabber.tisf.net: i have a theory that the AC is disabled as long as doors are open.
1:29:11 PM geoff: Is it available via URL, for those of us with XGA screens?
1:29:12 PM jdow: Really makes you appreciate whoever it was who invented antiperspirants
oatwillie joined the chat (1:29:18 PM)
1:29:39 PM jabley: matto: test your theory please, kthx
1:30:34 PM jdow: Seconded.
1:30:40 PM jdow: Go for it, matto.  
1:30:43 PM matto@jabber.tisf.net: the problem is, if i am wrong, it gets 1000x worse
1:30:54 PM keith: Paul will post the presentations on the public.oarci.net website shortly
Mike Damm joined the chat (1:31:04 PM)
1:31:10 PM keith: anyone seeing sizing issues with current screen ?
dave@jabber.isc.org joined the chat (1:31:11 PM)
1:31:28 PM oatwillie: 1080i its not
1:31:39 PM jabley: looks blue and square to me
1:32:17 PM keith: ok - remote screen is unlikely to be easily fixable, but uploading now..
1:32:38 PM rdobbins: here is nothing wrong with your television set. Do not attempt to adjust the picture. We are controlling the transmission. If we wish to make it louder, we will bring up the volume. If we wish to make it softer, we will tune it to a whisper. We will control the horizontal. We will control the vertical. We can roll the image; make it flutter. We can change the focus to a soft blur or sharpen it to crystal clarity. For the next hour, sit quietly and we will control all that you see and hear. We repeat: there is nothing wrong with your television set. You are about to participate in a great adventure. You are about to experience the awe and mystery which reaches from the inner mind to the Outer Limits.
1:32:44 PM rdobbins: ;>
1:32:53 PM rstory: i did figure out that there aren't scroll bars, but I can click in the window and drag it around..
davidu joined the chat (1:34:07 PM)
plosher joined the chat (1:34:15 PM)
1:34:24 PM oatwillie: /rdobbins - if you have that level of control, can you also adjust the humidity?
1:34:32 PM rdobbins: haha
1:34:57 PM oatwillie: Sebastian is back....   
mattlarson left the chat. (1:35:14 PM)
1:35:15 PM rdobbins: *will go talk to the Facilities people*
bverd joined the chat (1:35:19 PM)
edlewis joined the chat (1:35:41 PM)
1:35:46 PM michael-berkeley: You mean the screen wasn't supposed to be blue?
1:35:51 PM oatwillie: his talk is "monitoring tools"  - built them 
1:35:52 PM davidu: here's mine, FYI: http://david.ulevitch.com/tmp/Cache-Stats-David_Ulevitch.pdf
1:36:06 PM tkvix: http://public.oarci.net/files/castro-monitoring.pdf
1:36:11 PM keith: All remaining speakers - please can you give me a copy of your presentation on memory stick (I have one spare if needed) in advance of speaking
1:36:38 PM Tim Wilde: Jeez, Dave, could you make your PDF a bit bigger?
1:37:09 PM davidu: apple-i. ;-)
1:37:26 PM davidu: err, apple-minus
1:38:00 PM Tim Wilde: I meant filesize, dorkus.
wessels joined the chat (1:38:09 PM)
1:40:24 PM oatwillie: you did say you have Ge to your house... right?
1:42:17 PM oatwillie: so... did sebastian say if the graphics are visable to the great unwashed?
1:43:03 PM mave@nic.cl: no.. is for internal use only
1:43:19 PM keith: See also http://www.uknof.org.uk/uknof4/Meikle-DNS_Monitoring.pdf for related recent talk
1:43:33 PM oatwillie: ok... happier... the vulnerability is in the http server
1:43:43 PM wessorh: where are the new tools
1:43:59 PM jabley: plosher asks: are your modifications to dnstop public? or just internal?
1:44:12 PM oatwillie: mods to DNStop.... not available
1:46:15 PM plosher: but he's been encouraged to do so by the group...
1:46:28 PM rstory: yes, please
1:46:32 PM sebastian.castro: i will made the avail soon...
1:46:37 PM tkvix: http://public.oarci.net/files/Cache-Stats-David_Ulevitch.pdf
1:47:15 PM rstory: sebastian.castro: how can we know when it's ready? will you post a message to the dns-operations list?
1:47:43 PM rdobbins: Apparently, the HVAC problem is not just this room, but the whole first floor of the building.  The Facilities folks are aware of it, but there's no ETR.
1:47:49 PM rdobbins: Sorry.
1:47:54 PM rdobbins: :(
1:48:01 PM sebastian.castro: ok, i will
1:48:04 PM oatwillie: etr ...  tuesday!!!
1:48:10 PM jdow: Oy.  Thanks for checking into it, though!
1:48:16 PM rdobbins: heh
1:48:22 PM rstory: sebastian.castro: thanks!
1:48:39 PM oatwillie: /sebastian -thanks
1:48:46 PM Tim Wilde: my AC's working just fine! :)
1:49:01 PM Tim Wilde: too bad those GSR's they're giving away can't keep you cool
1:49:11 PM jdow: They're hot!
1:50:27 PM oatwillie: GSR needs the AGS+ fan
1:50:30 PM rdobbins: heh
1:50:37 PM Tim Wilde: did he say ISDN users?
1:51:03 PM Tim Wilde: don't trust him, he's sketchy!
1:51:14 PM Tim Wilde: Yes, I do
1:51:15 PM Tim Wilde: :-P
jdow left the chat. (1:52:17 PM)
jdow joined the chat (1:52:17 PM)
1:53:32 PM jabley: duane is logging into oarc using a web browser on the big screen
1:53:35 PM jabley: in order to demo dsc
1:53:49 PM jabley: (for those who are not here. those who are in the room should have noticed this already :-)
1:54:27 PM kurtis: I did - by reading it here :-)
wessels left the chat. (1:56:42 PM)
1:59:02 PM geoff: My favourite artifact thad DSC picks up by default is the consistent diurnal variation of % of queries with EDNS0.
1:59:15 PM geoff: Various between 40% -> 60% depending on time of day.
1:59:19 PM jabley: oh, interesting
1:59:22 PM geoff: s/Various/Varies/
2:00:08 PM matto@jabber.tisf.net: i didnt know maryland had its own tld!
2:00:22 PM jabley: paul is thanking frederico neves/registro.br who funded the server at isc that duane is using to run dsc
2:00:55 PM Rodney: Is there any near-real time app that can handle volume and give this kind of data?
2:01:19 PM jabley: dsc can be fed from a passive tap off gig trunks, I think
2:01:33 PM jabley: I would guess that performance depends on how much iron you throw at the sniffer box
2:01:38 PM sebastian.castro: how much storage is necessary for the data?
2:01:39 PM davidu: /back
dns-operations joined the chat (2:01:51 PM)
2:02:08 PM tkvix: http://public.oarci.net/files/raj-netperf4.pdf
matt-larson joined the chat (2:02:53 PM)
2:03:31 PM matt-larson: VeriSign has home-brew monitoring tools that can monitor and aggregate hundreds of thousands of queries in real time
2:03:36 PM matt-larson: I'll give a demo during my talk
2:04:04 PM oatwillie: if  its the one i've seen, its pretty nice stuff
2:04:11 PM jabley: an alternative is to just run tcpdump and concentrate really, really hard
2:04:17 PM davidu: matt-larson: that'd be fantastic.
2:04:50 PM bwatson@jabber.oarc.isc.org: wow, never met anyone else (besides me) who worked on mpe/ix! :)
jdow left the chat. (2:06:08 PM)
jdow joined the chat (2:06:08 PM)
2:06:56 PM Rodney: MattL: Cool! Open Source? ;-)
marz joined the chat (2:07:09 PM)
marz left the chat. (2:07:09 PM)
2:07:13 PM matt-larson: Errr...  no.
2:07:17 PM matt-larson: But not out of the question.
2:08:11 PM jtk@jabber.oarc.isc.org: rodney, can we trade some domain names for it? :-)
2:08:34 PM Rodney: Sure. yhgtrfgty.org is available.
marz joined the chat (2:09:12 PM)
2:09:36 PM matto@jabber.tisf.net: is not! i bought h3rb4l v14gr4 from them last week!
jdow left the chat. (2:13:10 PM)
jdow joined the chat (2:13:11 PM)
jdow left the chat. (2:14:08 PM)
jdow joined the chat (2:14:08 PM)
2:15:14 PM tkvix: http://public.oarci.net/files/jtk-dnsbotmon.pdf
2:18:21 PM rstory: just lost audio
2:18:34 PM geoff: Someone need to mute their phone . . . :(
2:18:35 PM rstory: i think someone needs to mute
2:18:48 PM rdobbins: A reminder = #5 mutes and unmutes.
2:18:54 PM keith: Can remote telephone particpant mute via #5 PLEASE

2:18:54 PM marz: can not hear anything....
jdow left the chat. (2:19:04 PM)
jdow joined the chat (2:19:07 PM)
2:19:53 PM marz: back...
2:20:25 PM keith: Sorry - had to interrupt speakerphone due to non-muter :-(
2:20:40 PM keith: Re-enabled but we've had to turn speaker ->room down
jdow left the chat. (2:23:45 PM)
jdow joined the chat (2:23:45 PM)
Doug Barton joined the chat (2:24:33 PM)
jdow left the chat. (2:25:28 PM)
jdow joined the chat (2:25:28 PM)
marz left the chat. (2:25:32 PM)
2:26:13 PM tkvix: http://public.oarci.net/files/wessels-openresolvers.pdf
Doug Barton left the chat. (2:27:07 PM)
2:27:14 PM davidu: sebastian.castro: Do the pics end up on flickr?
2:27:30 PM rdobbins: No, they end up on MySpace.
2:27:31 PM rdobbins: ;>
2:27:32 PM rdobbins: jk
2:27:33 PM sebastian.castro: may be
2:27:38 PM davidu: Tom is not my friend.
2:27:42 PM sebastian.castro: I can send them to the interested
2:27:47 PM matto@jabber.tisf.net: that's _not_ hot.
Doug Barton joined the chat (2:27:53 PM)
2:27:54 PM sebastian.castro: or watch them at my personal gallery...
2:28:36 PM davidu: sebastian.castro: cool
Tim Wilde left the chat. (2:35:42 PM)
dave@jabber.isc.org left the chat. (2:41:35 PM)
suresh left the chat. (2:42:41 PM)
bverd left the chat. (2:45:34 PM)
Doug Barton left the chat. (2:45:35 PM)
wessorh left the chat. (2:48:32 PM)
jdow left the chat. (3:03:27 PM)
jdow joined the chat (3:03:27 PM)
jdow left the chat. (3:04:09 PM)
jdow joined the chat (3:04:09 PM)
kc joined the chat (3:05:48 PM)
3:10:49 PM jdow: Is it just me or is it getting a little cooler?
3:11:01 PM cdy: we spotted some cisco facilities guys out in the hall
dave@jabber.isc.org joined the chat (3:11:03 PM)
dave@jabber.isc.org left the chat. (3:11:08 PM)
3:11:09 PM rdobbins: I think the AC finally kicked back in.
3:11:11 PM jabley: I think it's because people are starting to die, and are hence not contributing to the heat to the same extent
3:11:19 PM jdow: Bless you, Cisco Facilities! Bless you!
3:11:20 PM jabley: when the biomass begins to decompose, the temperature will go up again
daveknight joined the chat (3:11:26 PM)
3:11:31 PM jdow: I take back everything I ever said about CCO and the 6509s!
3:11:49 PM rdobbins: haha
3:13:01 PM rdobbins: When we deal with the Facilities people, we actually open a case, just like calling a help-desk, heh.
3:13:56 PM matto@jabber.tisf.net: A+++ WOULD DO SUPPORT WITH AGAIN
3:13:58 PM jabley: did they insist that you upgrade the room to the latest version of IOS before they would look at the problem?
3:14:54 PM jdow: I think the problem was we started the day with an upgrade, but it turned out the version of IOS we chose was incompatible with the specific power cord model used on the AC for the room.
bverd joined the chat (3:15:52 PM)
3:16:29 PM keith: Are off-site audio and presentation feeds okay ?
3:17:17 PM geoff: Yes (except for size issue, but I guess that's a lost cause . . .)
3:17:55 PM jabley: size isn't everything, geoff
3:18:16 PM geoff: :)
3:18:27 PM geoff: BTW is there a URL for this preso?
3:19:33 PM jabley: I don't know one
bverd left the chat. (3:21:05 PM)
matt-larson left the chat. (3:21:15 PM)
doron joined the chat (3:23:38 PM)
3:24:04 PM oatwillie: its on the PCH site
3:24:18 PM oatwillie: and... which root server is in Atlanta?
3:24:45 PM jabley: J
3:25:13 PM kurtis: Leaving north of Sweden, Finland and Norway empty is not really true...
3:26:11 PM oatwillie: and one forgets the not so recent install of a root in Ohio
Mike Damm left the chat. (3:26:15 PM)
3:26:23 PM keith: OH ? Where ?
3:27:33 PM plosher: we also will have Chicago up soon
bverd joined the chat (3:27:56 PM)
Doug Barton joined the chat (3:27:58 PM)
3:28:01 PM kurtis: i is already in Chicago
3:28:08 PM kurtis: Steve just missed it
3:29:42 PM oatwillie: greater metro Cincinnati
jaap left the chat. (3:30:05 PM)
3:30:08 PM keith: Ah - opposite end of the state from me, then.
3:30:16 PM oatwillie: where in chi-town kurtis?
3:30:49 PM jdow: plosher is the Johnny Appleseed of . nameservers :)
3:31:01 PM jtk@jabber.oarc.isc.org: starlight?  710 n. michigan perhaps?  someone is there, forget who
3:31:32 PM oatwillie: we are @ starlight via IU
3:32:00 PM plosher: ahh, we are going in @EQ
3:32:01 PM kurtis: i is at startap
3:32:05 PM jtk@jabber.oarc.isc.org: not sure what the means, @starlight via iu?  starlight/startap is northwestern
3:32:12 PM bverd: 2 instances in Brazil and 2 instances in Canada
3:32:39 PM sebastian.castro: the f-root has also an instance in Monterrey, Mexico
mattlarson joined the chat (3:32:52 PM)
3:33:00 PM plosher: Yeah, I didn't want to interrupt :)
3:33:18 PM sebastian.castro: me neither
3:33:28 PM bverd: for clarification that was for COM/NET
3:34:56 PM edlewis: For kicks, try this using the local recursive server on the guestnet: $ dig 198.8.207.216.in-addr.arpa  ptr
3:35:20 PM edlewis: Came across this trying to traceroute to g.root-servers.net
3:35:25 PM jtk@jabber.oarc.isc.org: i noticed that too
3:35:38 PM oatwillie: /ed - don't bait the local hosts imbedded DNS service... :)
3:35:55 PM edlewis: sorry, the AC woke me up, and this happens.
Mike Damm joined the chat (3:39:52 PM)
3:40:38 PM davidu: edlewis: yeah, they are wildcarding us.
3:40:42 PM davidu: edlewis: for https too
3:40:54 PM davidu: (meaning, they are listening on 443)
3:41:03 PM kurtis: even worse - what htey are wildcarding us to replies on ssh...
3:41:18 PM davidu: kurtis: wildcarding happens regardless of port.
3:41:20 PM mattlarson: help--could we get the link to Steve's paper again?  the slide disappeared before I could copy it down
3:41:21 PM davidu: happens before. ;)
3:41:28 PM jdow: Give me a sec
3:41:31 PM mave@nic.cl: http://www.pch.net/resources/papers/infraestructure-distribution
3:41:38 PM mave@nic.cl: doesn't exist :(
3:41:39 PM Rodney: http://www.pch.net/resources/papers/infrastructure-distribution/
3:41:45 PM Rodney: You spelled it wrong ;-)
3:41:53 PM mave@nic.cl: my fault :-P
3:41:55 PM Rodney: not that there's anything there, tho
3:45:13 PM RussMundy: does someone have the remote access url handy? I'm having trouble reading the screen
3:45:41 PM jdow: http://denali2.meetingplace.net
3:45:54 PM RussMundy: thanks
3:45:58 PM jdow: Enter meeting ID (087030) and click ATTEND MEETING
mattlarson left the chat. (3:46:36 PM)
3:50:01 PM tkvix: http://public.oarci.net/files/castro-anycast.pdf
wessels joined the chat (3:50:04 PM)
3:50:34 PM jtk@jabber.oarc.isc.org: fyi... if someone wants a ride to the hilton when we're done, come see me, should have room for two
3:50:48 PM davidu: hmm, tempting.
3:53:06 PM olaf: Yes I am :-)
olaf left the chat. (3:53:27 PM)
olaf joined the chat (3:53:35 PM)
3:55:23 PM edlewis: Olaf, deal - you get to the Cisco offices and we'll take you to the Hilton.
mattlarson joined the chat (3:56:28 PM)
3:56:29 PM Doug Barton: I could actually use a ride to the Hilton, particularly if someone is planning to hang out here for a short time to socialize
trinary left the chat. (3:57:27 PM)
3:59:17 PM mave@nic.cl: we also like a ride to the hilton... (if there is space left, of course)
3:59:55 PM jtk@jabber.oarc.isc.org: let the bidding start
4:00:00 PM Doug Barton: heh
4:00:23 PM Doug Barton: I got one offer already, so I'm sure it will work out one way or another
4:03:36 PM tkvix: http://public.oarci.net/files/mlarson-dnsops.pdf
bverd left the chat. (4:10:02 PM)
4:16:37 PM oatwillie: i continue to marvel that VSGN has the bench depth and patience to watch this stuff for this long and not stomp it out.
4:17:31 PM rdobbins: Someone needs to mute.
4:22:13 PM olaf: Speak up Bill
wessels left the chat. (4:22:13 PM)
4:22:17 PM olaf: What did Bill say?
4:22:26 PM jabley: bill said he's amazed at the bench depth, etc, per above
4:22:45 PM jabley: and what does vgrs recommend that others with shallower pockets do when facing similar attacks
4:23:04 PM Doug Barton: bill: How did verisign withstand this attack for weeks? matt: we didn't, we were looking at traffic from other points on the net
4:23:08 PM Doug Barton: (roughly)
4:23:31 PM jabley: rodney is asking about verisign's monitoring systems
4:23:37 PM jabley: brad is going to demonstrate
4:23:41 PM olaf: Thanks
4:24:23 PM geoff: Joe: thanks for relaying.
4:24:42 PM jabley: big map of the world with exciting graphics and real-time graphs on the big screen
4:24:47 PM jabley: nic.cl are taking photos :-)
4:25:00 PM Rodney: can you see this on line?
4:25:11 PM Doug Barton: ooooo, shiny
4:25:19 PM geoff: No. :(
4:25:30 PM Sean Leach: tell him to share the app via webcast
4:25:38 PM jabley: I am guessing there is not a public url for you to use to view it yourself :-)
4:25:41 PM cdy: i'm betting they'd prefer the data not be captured. :)
4:25:56 PM oatwillie: there is not a public URL
4:25:58 PM jabley: mmm, more shiny things
4:26:05 PM jdow: I want one!
4:26:53 PM jabley: if it helps form a mental picture, imagine what kind of monitoring graphics you would spend developer dollars on if you had .com and .net revenue in perpetuity
4:26:57 PM jabley: oh, did I say that out loud? :-)
4:27:04 PM rdobbins: haha
4:27:04 PM Sean Leach: hehe
4:27:13 PM oatwillie: they built this long before that was a done deal
4:27:28 PM plosher: joe: you have .org money to spend ... :)
4:27:44 PM jtk@jabber.oarc.isc.org: oatwille: then i want my $10 name fee back
4:27:52 PM jabley: I should note that jabley != PIR, and afilias != PIR at this point :-)
4:28:15 PM oatwillie: /jtk - get your refund from godaddy
4:28:24 PM rdobbins: This is very impressive stuff - and it's impressive precisely because there's no rocket science behind it.  They're simply making maximal use of all the data at their disposal and are presenting it in a visually appealing format.  It's very rare that you see an operator of any stripe mine the available telemetry so effectively.
4:28:31 PM oatwillie: RIPE built their stuff after seeing this
4:28:41 PM jabley: rdobbins: agreed
4:29:07 PM geoff: Bill: you mean DNSMON?
4:29:17 PM oatwillie: yup
4:29:46 PM rdobbins: Mining DNS and doing combinatorial analysis with NetFlow, etc., is a largely untapped field.
tkvix left the chat. (4:29:51 PM)
tkvix joined the chat (4:30:04 PM)
4:30:24 PM jtk@jabber.oarc.isc.org: rdobbins, i got some avi's and screenshots you may be interested in
4:30:32 PM rdobbins: Danke, John.
4:30:40 PM rdobbins: You can call me 'Roland', you know.
4:30:41 PM rdobbins: ;>
4:31:06 PM jtk@jabber.oarc.isc.org: whatever gets me a grs
bverd joined the chat (4:31:12 PM)
4:31:14 PM oatwillie: na... then i'm tempted to add "... the headless thompson gunner"
4:31:53 PM jtk@jabber.oarc.isc.org: grs, gsr, whatever it takes
4:32:22 PM oatwillie: i've got a couple holding down the floor...  offers?
4:32:39 PM jtk@jabber.oarc.isc.org: rodney, that domain name still available?
4:32:48 PM Rodney: suer!
4:32:51 PM Rodney: sure
4:36:15 PM mattlarson: I'd deploy DNSSEC, but I don't want to do crypto on the fly.
4:36:45 PM Doug Barton: *cough*troublemaker*cough*
4:36:51 PM oatwillie: so don't do it on the fly...  
4:36:56 PM geoff: epsilon is RFC 4470 and (soon) 4471
4:37:04 PM olaf: I'd do it too, Matt
4:37:27 PM oatwillie: that pesky near-realtime lure is not required
4:37:45 PM jdow: Oh wow.  I really want one of those evil devil PC cases.  I wonder where Sparta got them.
4:38:06 PM davidu: and what about resolvers?
4:38:10 PM Rodney: same place they get their black helicopters
4:38:17 PM Doug Barton: no, that's ICANN
4:38:47 PM olaf: Repeat the question?
4:39:01 PM davidu: olaf: Brian asked about Auth servers not doing crypto on startup
4:39:01 PM mattlarson: Does anyone want their master server to verify signatures upon load?
4:39:03 PM Rodney: startup validation
4:39:06 PM Doug Barton: some people want the auth server to verify the data on startup
4:39:10 PM oatwillie: wants to validate on startup
4:39:14 PM Doug Barton: (and I'm assuming zone load, update, etc)
4:39:20 PM olaf: Yes
4:39:59 PM olaf: That draft does not include validation on loading
4:40:16 PM oatwillie: we -could- add the devilPC icon to the shared PPT download page on the OARC site?
4:40:28 PM tkvix: http://public.oarci.net/files/mundy-dnssec.pdf
4:40:37 PM matto@jabber.tisf.net: is there other dns functions we get to ignore besides ddns when we use dnssec?
4:40:47 PM oatwillie: sure... 
4:40:51 PM oatwillie: IXFR
4:40:54 PM matto@jabber.tisf.net: answering queries is hard too!
4:42:17 PM Rodney: answering correctly is hard
4:42:46 PM oatwillie: answers == $1.00 -- correct answers == $1,000,000
4:43:50 PM oatwillie: MX  has a trial ongoing now too
Sean Leach left the chat. (4:44:11 PM)
4:44:32 PM tkvix: ddns works just fine with dnssec if you're comfy with an online zone key.  (i am.  only the keysigning key needs to be offline in my world.)
4:44:53 PM tkvix: dunno why ixfr won't work, too.
4:45:47 PM mattlarson: Someone asked me how many targets the monitored reflector attacked and I didn't know.  The stat is in the presentation and I forgot.  Slide 11 has this (it went by fast and I didn't mention it):
4:45:50 PM mattlarson: "During that time the reflector sent 1.9 million DNS answers out to 
1,593 victims, using 605 different queries to generate answers! "
4:46:24 PM jabley: rodney: is that dnssec by the end of june for all customers, or just for non-TLD customers?
4:46:25 PM oatwillie: /vix - how often do you roll the ZSK?
4:47:16 PM tkvix: http://public.oarci.net/files/dlv-december-2005.pdf
alw left the chat. (4:47:37 PM)
davidu left the chat. (4:50:09 PM)
4:50:19 PM oatwillie: 11th hour.... why didn't someone do that w/ SMTP?
4:51:01 PM Doug Barton: smtp eventually got deployed
4:54:07 PM RussMundy: there is an individual ID for the DNSSEC API that has  been published - I can find the url if anyone is interested
4:56:16 PM oatwillie: actually, there are three dnssec api docs that have been published... two have expired as IDs
4:57:55 PM RussMundy: here is the current one:
4:57:57 PM RussMundy: draft-hayatnagarkar-dnsext-validator-api-00
4:59:11 PM RussMundy: oatwillie, can you provide a url or old file name for the earlier versions
4:59:48 PM jtk@jabber.oarc.isc.org: www.watersprings.org perhaps?
5:01:34 PM oatwillie: draft-gieben-resolver-application-interface-00.txt  
5:01:56 PM oatwillie: draft-bmanning-RLDV-00.txt
5:02:17 PM RussMundy: okay, thanks
5:06:27 PM oatwillie: all in favor of DLV??   
5:07:24 PM oatwillie: me, i want to see an exit stratagy for DLV other than "shouldn't scale too well"
5:07:29 PM dns-operations: Only because we can't do the Right Thing yet.
5:08:01 PM oatwillie: this is not the "Right Thing" we are looking for... :)
5:08:35 PM jabley: the exit strategy is "there is clear demand for this, and momentum for growth, so now let's sign the root"
5:08:41 PM cdy: It's "some thing" tho. hm.
5:08:43 PM dns-operations: oatwillie - sometimes it is best (or required) to do, so that someone can complain and fix it.  Later.
5:09:03 PM michael-berkeley: DLV is *literally* better than nothing?
5:09:20 PM oatwillie: hey!!!   we could get shrub to stand in front of a banner "MISSION ACCOMPLISHED" over DLV...
5:10:53 PM oatwillie: signing the root will not kill off DLV, esp if there is a revenue stream for someone
5:10:58 PM michael-berkeley: There's a group in Internet2 that's pushing DNSSEC and we're *interested* in DLV, but I am not sure if we'll go there yet.
5:11:41 PM jtk@jabber.oarc.isc.org: can we get a copy of that paper, conference site charges a fee
5:12:03 PM dns-operations: The latest writeup is a technote on the ISC website
5:12:25 PM jabley: who is "dns-operations"? did someone type the conference room name into the wrong box?
5:12:30 PM oatwillie: i've got a copy of the first paper (published in japan) but not online
5:12:32 PM cdy: i was wondering that too
5:12:40 PM oatwillie: sentient room
5:12:44 PM matto@jabber.tisf.net: i thought the mailing list was talking to me
5:13:00 PM olaf: Can somebody echo this long question 
5:13:18 PM dns-operations: Probably me.  Never used jabber before.  It said "room name" and I put that there.  
5:13:18 PM keith: It's the PC on the podium projecting this chat to the LH screen
5:13:24 PM dns-operations: But the URL is anyway http://www.isc.org/index.pl?/pubs/tn/index.pl?tn=isc-tn-2006-1.html
5:13:41 PM jabley: rodney pointed out that the zone owner still holds the private key, so the back door people were suggesting ISC might be housing does not necessarily exist
5:14:02 PM jabley: (olaf: ^)
5:14:26 PM edlewis: is the remote audio dead/bad
5:14:26 PM mattlarson: Rick does not want ISC to escrow the DLV private key
dns-operations left the chat. (5:14:36 PM)
jorhett joined the chat (5:14:47 PM)
5:14:48 PM oatwillie: ah... but the problem is that s/w & applications  do trust the DLV reg.... not the zone owner
5:14:53 PM olaf: How about the other DLVs that have grown bigger because they have better marketing than ISC?
5:15:09 PM keith: no changes to the audio
5:15:10 PM jorhett: Fixed my name (thus highlighting myself as the idiot)
5:15:15 PM oatwillie: the almost duplicate data problem?
5:15:52 PM olaf: We only need one that grows bigger and that has the markting power (although the power over the named.conf will help in preventing this)
5:16:07 PM michael-berkeley: Paul's mic seems to have died...we can here him fine in the room, though.
5:17:05 PM jabley: bmanning/oatwillie is explaining his opinions on DLV
5:17:06 PM plosher:  someone needs to put in another quarter :)
5:17:36 PM olaf: Yes..
5:17:41 PM geoff: Keith: heard it.
5:17:55 PM keith: ok - phone is back in speaker mode
5:18:04 PM keith: is paul audible now ?
5:18:08 PM geoff: Yes.
5:19:07 PM olaf: Paul is audible
5:19:31 PM jabley: question was "DS records are like NS records. Are we going to have lame delegation problems with DS just like with NS?"
5:20:26 PM olaf: See http://tools.ietf.org/wg/dnsop/draft-ietf-dnsop-dnssec-operational-practices
5:20:36 PM olaf: For the details of rollovers
5:20:43 PM olaf: and the timing
5:21:00 PM olaf: "security lameness" is what we call it
5:21:09 PM bwatson@jabber.oarc.isc.org: folks, and aside,  i got woody's early talk this morning uploaded.  it's at the bottom of the attachment list on http://public.oarci.net/dns-operations/workshop-2006
5:21:51 PM jabley: Ed was the person talking in the room just now
5:21:55 PM jabley: (Lewis)
5:22:50 PM jorhett: Paul is concerned with the chicken and the egg, but it's clear that unless Verisign finds bacon .... *snort*
jdow left the chat. (5:22:57 PM)
5:23:02 PM oatwillie: snicker 
5:23:19 PM oatwillie: VSGGN has already brought home the bacon
5:23:24 PM jabley: (cheers for cisco, for hosting this meeting)
5:23:30 PM oatwillie: bye
5:23:33 PM michael-berkeley: Thanks!!
daveknight left the chat. (5:23:40 PM)
edlewis left the chat. (5:23:42 PM)
jtk@jabber.oarc.isc.org left the chat. (5:23:47 PM)
jabley left the chat. (5:23:53 PM)
jorhett left the chat. (5:23:55 PM)
matto@jabber.tisf.net left the chat. (5:23:57 PM)
olaf left the chat. (5:23:58 PM)
doron left the chat. (5:24:01 PM)
cdy left the chat. (5:24:01 PM)
mattlarson left the chat. (5:24:03 PM)
Doug Barton left the chat. (5:24:05 PM)
kurtis left the chat. (5:24:07 PM)
erik left the chat. (5:24:12 PM)
5:24:13 PM tkvix: this room will remain alive
geoff left the chat. (5:24:36 PM)
5:24:39 PM rdobbins: *waves*
rdobbins left the chat. (5:24:41 PM)
plosher left the chat. (5:24:46 PM)
mave@nic.cl left the chat. (5:24:56 PM)
orange left the chat. (5:25:27 PM)
keith left the chat. (5:25:46 PM)
sebastian.castro left the chat. (5:28:18 PM)
tkvix has set the topic to: dns-operations@lists.oarci.net realtime version (5:28:45 PM)
Mike Damm left the chat. (5:30:33 PM)
tkvix left the chat. (5:32:09 PM)
michael-berkeley left the chat. (5:32:29 PM)
dns-ops-mtg left the chat. (5:36:15 PM)
oatwillie left the chat. (5:40:10 PM)
bverd left the chat. (5:41:05 PM)
geoff joined the chat (6:11:42 PM)
geoff left the chat. (6:12:20 PM)