[ncc-services-wg] Reverse DNS Restructuring Project
- Previous message (by thread): [ncc-services-wg] Reverse DNS Restructuring Project
- Next message (by thread): [ncc-services-wg] Reverse DNS Restructuring Project
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Joerg Schumacher
schuma at gaertner.de
Thu Oct 9 03:56:29 CEST 2003
In article <20031008145711.C7178 at iprg.nokia.com>, David Kessens <david at iprg.nokia.com> wrote: > [...] > > However, we currently use the domain objects to maintain reverse > > delegations. Those domain objects do end up in the database while > > simultaneously updating zone files. So if everybody would use the > > proper interface to update domain objects than we would have full > > consistency. So when implementing the proposal we loose the > > ambiguity in the update path, we get consistent WHOIS and ZONE data. > > Besides we gain access, and use of new authorization mechanism that > > become available to the database (e.g. X509). > > Yes, that is certainly useful. However, we would also get full > consistency if we got rid of both 'domain:' and 'rev-srv:' attributes > and use a simple specialized interface to do reverse delegations. The > DNS is already a fully public database. There is no need to keep the > data in yet another backend database or publish it in more than one > place. I beg to differ. The redundancy in the database is needed for us operators. If you were right, we could drop all the IRR databases, sice the bgp table is a fully public database. That's fine as long as no errors happen, but error do happen so we need some out-of-band method to know how it should look like and whom to cantact if it doesn't. A quick example: let's assume that the nameservers for iprg.nokia.com and nokia.com are all lame delegations. Who'e the right contact to fix this? Since they are all lame, I can't retrieve the RNAME in the SOA. I guess I could get the RNAME of .com, but contacting nstld at verisign-grs.com would certainly not solve the problem. > I think the focus should be on the people who use the interface: we > need to choose the most simple and easy way for the user to get the > job done. The goal is not to make a complicated interface and declare > victory because we have reached data consistency! It's not getting more complicated. You already have to submit a domain object to get a reverse delegation. In fact it's getting easyer since you don't have to remember that this object has go to auto-inaddr at ripe.net. It's an ripe database object, so auto-dbm at ripe.net seems to be the natural choice. > [...] > To give another example: > > - Somebody sends in: 3-10.193.in-addr.arpa > - Next, requests a change to: 4.193.in-addr.arpa > - Next, somebody requests a deletion of: 3-10.193.in-addr.arpa > > Should the deletion fail since 3-10.193.in-addr.arpa is actually many > different objects and one of them is not the same anymore so in fact > there is really two sets of different objects ?!? Try again, this time with inetnums and rev-srv. What's the meaning of rev-srv on a /20 followed by a more specific /24 followed by the less specific /20? The problem space is exactly the same. Joerg
- Previous message (by thread): [ncc-services-wg] Reverse DNS Restructuring Project
- Next message (by thread): [ncc-services-wg] Reverse DNS Restructuring Project
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]