IETF Logo Mail Archive

Re: [dnsext] A new DNS message - SERVEZONES

John Dickinson <jad@sinodun.com> Fri, 16 August 2013 12:48 UTC

Return-Path: <jad@sinodun.com>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDBE611E81A1 for <dnsext@ietfa.amsl.com>; Fri, 16 Aug 2013 05:48:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[BAYES_50=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ylSiWAhLSfVr for <dnsext@ietfa.amsl.com>; Fri, 16 Aug 2013 05:48:32 -0700 (PDT)
Received: from cpanelsmarthost2.zen.co.uk (cpanelsmarthost2.zen.co.uk [82.71.204.226]) by ietfa.amsl.com (Postfix) with ESMTP id E6B0C11E8131 for <dnsext@ietf.org>; Fri, 16 Aug 2013 05:48:31 -0700 (PDT)
Received: from [88.98.24.67] (helo=shcp01.hosting.zen.net.uk) by cpanelsmarthost2.zen.co.uk with esmtp (Exim 4.72) (envelope-from <jad@sinodun.com>) id 1VAJSA-0002D5-3L for dnsext@ietf.org; Fri, 16 Aug 2013 12:48:30 +0000
Received: from 82-68-198-190.dsl.in-addr.zen.co.uk ([82.68.198.190]:31963 helo=[192.168.1.39]) by shcp01.hosting.zen.net.uk with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.80) (envelope-from <jad@sinodun.com>) id 1VAJS4-0007ub-Oh for dnsext@ietf.org; Fri, 16 Aug 2013 13:48:24 +0100
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
From: John Dickinson <jad@sinodun.com>
In-Reply-To: <36FF164D-8176-405B-B226-653B16138C9C@hopcount.ca>
Date: Fri, 16 Aug 2013 12:48:30 +0000
Content-Transfer-Encoding: quoted-printable
Message-Id: <7FE39722-2FBF-4D12-8CE1-5A6FE0EEF05D@sinodun.com>
References: <7C847EDB-F833-4D0E-94B5-1C8C780D63E8@nzrs.net.nz> <20130813040557.E525D3849522@drugs.dv.isc.org> <E20A5A5D-CB4F-49EB-BC65-51C4E5C44655@rfc1035.com> <04CA3CF3-79F7-4529-9C9E-60504BC96F4C@nzrs.net.nz> <5209FB0C.8050502@sidn.nl> <36FF164D-8176-405B-B226-653B16138C9C@hopcount.ca>
To: DNSEXT Working Group <dnsext@ietf.org>
X-Mailer: Apple Mail (2.1508)
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - shcp01.hosting.zen.net.uk
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - sinodun.com
X-Get-Message-Sender-Via: shcp01.hosting.zen.net.uk: authenticated_id: jad+sinodun.com/only user confirmed/virtual account not confirmed
X-Mailman-Approved-At: Fri, 16 Aug 2013 07:23:49 -0700
Subject: Re: [dnsext] A new DNS message - SERVEZONES
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Aug 2013 12:48:54 -0000

On 13 Aug 2013, at 12:38, Joe Abley <jabley@hopcount.ca> wrote:

> 
> On 2013-08-13, at 05:23, Jelte Jansen <jelte.jansen@sidn.nl> wrote:
> 
>> AFAIK, NSCP hasn't had any action since it got kicked back to dnsop,
>> lots of people want it, noone wants to work on it, and perhaps it is
>> also overshooting the goals people have.
> 
> There's an implementation that works with multiple nameservers, right?
> 
> I don't remember how polished it was, but I remember it being good enough for Sara to be able to do live demos from the stage at RIPE meetings. Even considering Sara's nerves of steel, that suggests it works well enough :-)
> 
>  https://dev.sinodun.com/wiki/display/DNSCCM/DNSCCM+Home

Yes - we produced an implementation of NSCP a while back which supports BIND 9 and NSD 3 but is now stuck at beta because a) the funding ran out (billable work got in the way) and b) we didn't ever get anyone interested in testing it in anger. We have version 3 of the draft (based on the working implementation) that is 95% done, just stalled at final review as these things tend to do......

Technically the issues we faced with the implementation were:
- We chose to use NETCONF/ Yang which had some limitations. At the time there was only one Open Source implementation of NETCONF (Yuma) which was missing a couple of key features.
-  NETCONF assumes that devices have an API available to dynamically update single elements of the configuration. This didn't play so nicely with nameservers that need to reload the entire config to pick up any change...
- the NETCONF/ Yang model assumes that there is a nice clear base control protocol which every device (nameserver) implements. Then everything else is treated as an optional extension. When you try to implement this for nameservers (even just the the two we implemented) your base model turns out to be tiny since each nameserver does even the most basic things in different enough ways to make a common model tricky. 

I believe there was some work done by BIND10, KNOT and others to try to align their remote control protocols but I don't know the details.

We would be interested in revisiting, updating the code and ID if there is any interest on the dnsop list.

regards
John



---
jad@sinodun.com

http://sinodun.com

Sinodun Internet Technologies Ltd.
Stables 4, Suite 11,
Howbery Park,
Wallingford,
Oxfordshire,
OX10 8BA,
U.K.

+44 (0)1491 834957

v2.23.0 | Report a Bug | By Email