Meetings/Minutes/2010-01-15

OpenDNSSEC > Meetings > Minutes > 2010-01-15

Present: Jakob, Matthijs, Patrik, Rick van Rein, Rickard, Sion, Stephen

0. Who will write minutes?

Stephen volunteered.

1. Agree on the agenda

The agenda was agreed.

2. Changes to website

Pages of the existing  web site were examined. Comments were:

Home Page

  • It is not clear that the items below the technology preview picture are news items.
  • The picture should be removed - it is redundant.
  • The home page should be a "jumping off" page for the rest of the site - it should have pointers to other pages in the main body of the page.
  • News items should be on a separate page.

"About" Page

  • Move some of the "About" text to the front page.
  • About requires more information than is there now.
  • Need to explain concept of an HSM - how you can use software emulation.

Suggested content of this page should include:

What is DNSSEC?

  • Shortcomings of DNS
  • Need to improve security

What is OpenDNSSEC?

  • Open software to run DNSSEC on your DNS system
  • Suitable for anything between one zone with millions of names to thousands of zones, each with few names
  • Can support cryptographic hardware
  • (Comparison to other products?)

In addition, a description of the architecture should be moved to another page or be a chapter in the documentation.

"Features" Page

  • Need sub-headers to group the features.
  • Features that will be in new releases should be on another page (else there may be some confusion as to what is in the current release and what is promised).

This led to the idea that there should be a page outlining the release schedule and listing what is expected to be in each release.

"Documentation" Page
Discussion on the documentation ranged throughout the meeting. In summary:

There are three options are available as to how to manage it:

  • Have the main documentation in Wordpress on the main site ( http://www.opendnssec.org).
  • Have the main documentation on the wiki ( http://trac.opendnssec.org)
  • Have the main documentation as files in subversion (e.g. Microsoft Word files) and generate PDFs before each release.

The question was left unanswered for now. However, it was agreed that for version 1.0.0 of OpenDNSSEC, the documentation on the wiki would be used. Patrik offered to put the wiki documentation in Wordpress and display it on the main web site for version 1.0.0.

"HSM Buyer's Guide" Page

  • There should be a section on SoftHSM.
  • A pointer to this should be on the home page.

"Download" Page

  • Add a section on downloading and building trunk.

"Support" Page

  • All seems OK here.

Other Comments

  • Once organisations start using OpenDNSSEC, add a list of users. Where this page is located can be decided later.

3. Changes to wiki

The ultimate aim is that the wiki is the site for developers and the web site is the site for users.

Although it is recognised that it contains a copy of the documentation (so users may land there via a Google search), it will be left as-is for now. A task after the release of V1.0.0 will be a reorganisation to make things more logical and to emphasise the "developers" orientation of the site.

4. Changes to documentation

After some discussion, the following outline and order seemed to emerge:

Background
This will point to the "About" page.

Installation
The existing documentation is OK but:

  • Need improvement of dependency list. It was felt that all this information should be in what is currently the guide page (else a list of dependencies and their versions is split across two pages).
  • Before release, the version numbers need to be update to reflect the current versions of the dependencies.
  • Need to add the text on how to install MySQL.
  • Need to note what distributions OpenDNSSEC and its dependencies are packaged for. (At present, packages of OpenDNSSEC dependencies fare available for FreeBSD and NetBSD, and can be downloaded from  http://pkgsrc.se/wip/opendnssec. These packages may not be those of the current versions of the software. Also note that packaging for OpenBSD will not occur until late February.)

Configuration
Although it is wordy, the section on time formats was felt too important to be moved to an appendix. However, the section shopuld explicitly mention that:

  • One month is assumed to be 31 days.
  • One year is assumed to be 365 days.

The way the four configuration files is presented was felt to be OK for version 1.0, but should be re-examined for a future release.

Running OpenDNSSEC
This was felt to be OK for version 1.0, but should be re-examined for a future release. In particular, it should be expanded with:

  • Different scenarios (e.g. how to set up for one zone, how to set up for multiple zones).
  • Reassurance for the user (i.e. "after entering this command you should see …").
  • Any alternatives should be moved to the reference section; this section should be straightforward and concentrate on getting the system running.

Command Utilities

  • This is fine for version 1.0. After that, "man" pages should be provided.
  • The page should be renamed "Command Utilities Reference".

Migration
Probably don't need to do too much more here as (a) few people have implemented DNSSEC and (b) anyone who has and wants to migrate is probably technically competent enough to do it without much help.

FAQ
Need to go through the mailing list and see what has been asked.

Reporting Bugs
This seemed to be OK.

Other Comments
A "Trouble-Shooting" page to aid fault-finding was felt to be necessary, distinct from the FAQ list. Ideally every error message that can appear in the log should have some entry here.

Effort
The following people had some spare time over the next couple of weeks to help with the documentation:

  • Matthijs
  • Patrik
  • Rick
  • Rickard
  • Sion

5. When can we release RC3?

A problem whereby in some cases on CENTOS the KASP enforcer does not see the signer running when it is was raised. This will be added to the known issues list.

ldns 1.6.4 is due out next week, so it was agreed that rc3 would be tagged at that time. Rickard will update his system and do some testing.

6. When can we release 1.0.0?

If all goes OK, about two weeks after rc3. This would coincide with the face-to-face meeting in Amsterdam at the end of January.

7. Future events

  • There is an OpenDNSSEC planning meeting at the end of January.
  • .SE will be organising some OpenDNSSEC training.
  • Both Nominet and .SE aim to be using OpenDNSSEC to sign their zones before the RIPE-60 meeting in May. A presentation on experiences with the software can be given there and/or at the associated CENTR meeting.

8. AOB

Performance
SIDN have been complaining that OpenDNSSEC is not fast enough to sign their zone. It was suggested that the problem could like in the configuration of the operating system (perhaps it is paging to disk). Matthijs will get in touch with Rick Zijlker and perhaps arrange a visit to SIDN.

Next Meeting
A face-to-face meeting at NLNetLabs in Amsterdam on 28/29 January 2010, starting at 10:30 CET.