About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads

Re: [dns-wg] rev delegation robot and selection of NS to pull zone from

  • To: Woeber@localhost
  • From: Niall O'Reilly <Niall.oReilly@localhost
  • Date: Fri, 21 Nov 2008 10:49:14 +0000
  • Organization: University College Dublin IT Services
  • Reply-to: Niall.oReilly@localhost
On Thu, 2008-11-20 at 14:02 +0000, Wilfried Woeber, UniVie/ACOnet wrote:
> So - this may just be a glitch in the alerting script, but I am still
> left with the question: how does the robot at the NCC's end determine
> the "appropriate" host to try zone transfers from?
> 
> Any recommendations?

	IMHO ...

	This is a system-administrative matter to be agreed between 
	the zone administrator and the slave operator.  Zone data is 
	not zone metadata.  Blurring the distinction can only lead
	to unintended consequences.

	If a robot is involved, there needs to be an out-of-zone 
	channel from the zone administrator to the robot.  Peter's
	suggestion of using a new attribute in the database to
	serve this purpose makes sense to me.

	A similar, but more sensitive, issue arises with shared 
	secrets for TSIGs.

	ATB,
	Niall
Post To The List:

Message References

<<< Chronological >>> Author    Subject <<< Threads
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | Copyright Statement
RIPE.NET Homepage LIR Portal RIPE Community