Re: draft-jennings-app-dns-update-00
Cullen Jennings <fluffy@cisco.com> Thu, 10 July 2008 15:42 UTC
Return-Path: <apps-discuss-bounces@ietf.org>
X-Original-To: apps-discuss-archive@ietf.org
Delivered-To: ietfarch-apps-discuss-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 621F23A68AB; Thu, 10 Jul 2008 08:42:08 -0700 (PDT)
X-Original-To: apps-discuss@core3.amsl.com
Delivered-To: apps-discuss@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3854A3A67EC for <apps-discuss@core3.amsl.com>; Tue, 8 Jul 2008 18:27:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.539
X-Spam-Level:
X-Spam-Status: No, score=-106.539 tagged_above=-999 required=5 tests=[AWL=0.060, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SsYDeO7SzHbM for <apps-discuss@core3.amsl.com>; Tue, 8 Jul 2008 18:27:38 -0700 (PDT)
Received: from sj-iport-1.cisco.com (sj-iport-1.cisco.com [171.71.176.70]) by core3.amsl.com (Postfix) with ESMTP id B75293A67DF for <apps-discuss@ietf.org>; Tue, 8 Jul 2008 18:27:37 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.30,327,1212364800"; d="scan'208";a="50438012"
Received: from sj-dkim-1.cisco.com ([171.71.179.21]) by sj-iport-1.cisco.com with ESMTP; 09 Jul 2008 01:27:48 +0000
Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id m691Rmf1015854; Tue, 8 Jul 2008 18:27:48 -0700
Received: from [10.0.1.195] (sjc-vpn6-2040.cisco.com [10.21.127.248]) by sj-core-2.cisco.com (8.13.8/8.13.8) with ESMTP id m691RlmP007406; Wed, 9 Jul 2008 01:27:48 GMT
Message-Id: <26C42831-8209-4CF0-9101-F4DB97428EFA@cisco.com>
From: Cullen Jennings <fluffy@cisco.com>
To: Peter Koch <pk@DENIC.DE>
In-Reply-To: <20080708055828.GA6547@x27.adm.denic.de>
Mime-Version: 1.0 (Apple Message framework v926)
Subject: Re: draft-jennings-app-dns-update-00
Date: Tue, 08 Jul 2008 18:30:01 -0700
References: <20080707024501.AE0A33A6947@core3.amsl.com> <89A47DA0-8E2F-4247-A21F-E9B1777A0856@cisco.com> <20080708055828.GA6547@x27.adm.denic.de>
X-Mailer: Apple Mail (2.926)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=2860; t=1215566868; x=1216430868; c=relaxed/simple; s=sjdkim1004; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=fluffy@cisco.com; z=From:=20Cullen=20Jennings=20<fluffy@cisco.com> |Subject:=20Re=3A=20draft-jennings-app-dns-update-00 |Sender:=20; bh=oHS/RxVYDOIOo/3YFhXTIkXZuL5EDOEVb19DiC/FghM=; b=U1UtclJCo0jKoxVAYbrcnxtfuMwZOZNU5xOUdDgcU87EKzYnLbbI+iQf84 YLJA0CL9PFI+M1IVDEDn9M6uKqbWuxyrgTkADJYfp4DLkgrBMq9EStS9dmxp E1qU+RqTL5HjRdA5YWwtxf5y6ctjIUSqNlYv6y4WEwc1WhFT7FN84=;
Authentication-Results: sj-dkim-1; header.From=fluffy@cisco.com; dkim=pass ( sig from cisco.com/sjdkim1004 verified; );
X-Mailman-Approved-At: Thu, 10 Jul 2008 08:42:07 -0700
Cc: apps-discuss@ietf.org
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"; DelSp="yes"
Sender: apps-discuss-bounces@ietf.org
Errors-To: apps-discuss-bounces@ietf.org
Peter - many thanks - appreciate your comments and would like to talk to you more about this On Jul 7, 2008, at 10:58 PM, Peter Koch wrote: > On Sun, Jul 06, 2008 at 09:12:24PM -0700, Cullen Jennings wrote: > > > > The draft proposes a HTTP based API to update DNS records similar to > > the system at dyndns.org. Be pleased to get peoples thoughts but I'm > > a cursory review raises these questions from a DNS protocol and > operational > perspective: > > 1) We do have Dynamic Updates and EPP as "provisioning" protocols. > Which deficiencies is this approach trying to address in > particular? > Clearly this is the fundamental question in trying to decide what to do with this draft. This approach is very simplistic with less features than other but approaches. However, an simple HTTP approach seems to be one that an is gaining a fair amount of adoption in actual deployments. > > > 2) The list of RR types is pretty arbitrary. Some RR type > independence in > the spirit of RFC 3597 would be urgently needed, making error "501" > not occur. > I can easily imagine a parameter with the record type and a second parameter with the value. Interesting the implementors of the servers don't seem to be keen on that - hard to tell why but some part of it is they don't want to negotiate capabilities. No matter what happened, saying all record types need to be supported is very unlikely to be implemented and at the same time the draft needs to define some minimum set needs to specified. > > > 3) How is the SOA serial increment initiated? > I was sort of hoping the draft did not have to get into this. Ideas on what you think is needed? > > > 4) Interaction with DNSSEC needs to be described > Not sure what to say. If the records are signed or not seem somewhat separable topic than this. > > > 5) What kind of intra-RRSet ordering is assumed in section 3? > good point - I suspect that there should be no assumptions about the order used here and what might actually end up in DNS > > > 6) Why would a user be allowed to add/modify/delete arbitrary RRSets? > The whole security model is very simplistic, a given user is authorized (or not authorized) to update anything in a domain. Suggestions? > > > NITS: > o SRV RRs require domain names as targets , not IP addresses > oops > > o The reference to RFC 1464 ngling - which is OK, since 1464 has no > practical relevance > o The draft is aiming at Standards Track, but references the > Experimental > RFC 5205 in a way that should be normative > hmm - probably not real important one way or the other but why do you think this should be a normative reference? I'm just passing a string which happens to cary some data that > > > -Peter _______________________________________________ Apps-Discuss mailing list Apps-Discuss@ietf.org https://www.ietf.org/mailman/listinfo/apps-discuss
- draft-jennings-app-dns-update-00 Cullen Jennings
- Re: draft-jennings-app-dns-update-00 Frank Ellermann
- RE: draft-jennings-app-dns-update-00 Dan Wing
- Re: draft-jennings-app-dns-update-00 Peter Koch
- Re: draft-jennings-app-dns-update-00 Frank Ellermann
- Re: draft-jennings-app-dns-update-00 Stephane Bortzmeyer
- Re: draft-jennings-app-dns-update-00 Mark Baker
- Re: draft-jennings-app-dns-update-00 Stephane Bortzmeyer
- Re: draft-jennings-app-dns-update-00 Mark Baker
- Re: draft-jennings-app-dns-update-00 Patrik Fältström
- Re: draft-jennings-app-dns-update-00 Simon Leinen
- Re: draft-jennings-app-dns-update-00 Cullen Jennings
- Re: draft-jennings-app-dns-update-00 Cullen Jennings
- Re: draft-jennings-app-dns-update-00 Patrik Fältström
- Re: draft-jennings-app-dns-update-00 Cullen Jennings