[dns-operations] Best Practices

[Dan York]

Chip,


On 6/14/13 11:07 AM, "Chip Marshall" <chip at 2bithacker.net> wrote:

>There was some talk at a recent meeting about establishing some
>best practices for operating a DNS server. I'm curious if anyone
>is running with this, and if not, if this would be a good forum
>to start working on such a project.

I'm not aware of any such document, but agree it would be useful.

>I know there are some IETF documents around best practices for
>things like DNSSEC,

Yes, the IETF docs I've seen are focused on operational practices related
to DNS as it interacts with technologies such as IPv6 and DNSSEC:

http://tools.ietf.org/html/rfc4472   Operational Considerations and Issues
with IPv6 DNS
http://tools.ietf.org/html/rfc6781   DNSSEC Operational Practices, Version
2
http://tools.ietf.org/html/draft-howard-isp-ip6rdns-06  Reverse DNS in
IPv6 


>but to the best of my knowledge there's not a
>good repository for things like RRL, making sure your recursive
>resolver isn't open, ensuring source port randomization (I know I
>still see a lot of source 53 queries) and so on.

Interestingly, there are efforts underway within a number of the network
operator groups to help document best current operational practices. My
colleague Jan Zorz has been traveling around speaking with a good number
of *NOGs on this particular issue (and is in Zambia at AfriNOG right now)
and we've started trying to document the BCOP activity happening in
various groups here:

http://www.internetsociety.org/deploy360/about/bcop/


Working with one of those groups might be a way to move a document
forward.  Or creating a repository of DNS-related BCOPs might be a great
role that DNS-OARC could play.

Regards,
Dan

--
Dan York
Senior Content Strategist, Internet Society
york at isoc.org <mailto:york at isoc.org>   +1-802-735-1624
Jabber: york at jabber.isoc.org <mailto:york at jabber.isoc.org>
Skype: danyork   http://twitter.com/danyork

http://www.internetsociety.org/deploy360/