Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/ANAME apex record in PowerDNS
"John Levine" <johnl@taugh.com> Mon, 22 September 2014 11:12 UTC
Return-Path: <johnl@iecc.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13C381A1A4C for <dnsop@ietfa.amsl.com>; Mon, 22 Sep 2014 04:12:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.163
X-Spam-Level: **
X-Spam-Status: No, score=2.163 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, J_CHICKENPOX_36=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EBXkrhJNOJDI for <dnsop@ietfa.amsl.com>; Mon, 22 Sep 2014 04:12:39 -0700 (PDT)
Received: from miucha.iecc.com (abusenet-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:1126::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DCAAD1A1A3C for <dnsop@ietf.org>; Mon, 22 Sep 2014 04:12:38 -0700 (PDT)
Received: (qmail 90539 invoked from network); 22 Sep 2014 11:12:37 -0000
Received: from miucha.iecc.com (64.57.183.18) by mail1.iecc.com with QMQP; 22 Sep 2014 11:12:37 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=2134.54200425.k1409; i=johnl@user.iecc.com; bh=OAWIE9acdsUS3zWqKYDvazKW45GUO38zblNDZ/qRwOk=; b=lzfs5TKUxAn23NOw8cy9yBpxbbYWEFnJrvROniGvwzLe/uISUEDTj8unz/oYO1dE1PaF9GqxT3WKPtRxGGgL428PNcuHcKgXzjX4EKfj/9X8i6c7c+3h1JAMmNyZj0KP3KMVAwJpd21BgQuwB4FOVdFfExk4Pr5S/HkUSN/Cz+Cf9xVV2iroDbWmXVJRe/JUmzJHOfY+hTo+XYTYr5cp+1N8jW2p7QxHRwlYzkXBpwPFepcqHr/LQ8VfbRllJvrt
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=2134.54200425.k1409; olt=johnl@user.iecc.com; bh=OAWIE9acdsUS3zWqKYDvazKW45GUO38zblNDZ/qRwOk=; b=AFI3qNNeHfltP/gp76v7YKJvIGQDBnvce6cLibfwysMnFCGqQ+Ffu0uGnGyfMuUTXJqePYfpDA+CzI3A7nG+YXv+97uMV7V39KQzGiJCj1Whv56ZDtfI9k8VVe6byxqbt1DdE8gnXj3JHAfz+8cC+FlbtHSCcU8tCfP6eeOsEkdRQadowuKMe1qc+ZNKNrBH+gDSb1F/vX4HMg9VQmRq0Y1aKRnAvbIzUq6lAckKU5p6P0FrkuCyLQFYo2OM0QrC
Date: Mon, 22 Sep 2014 11:12:14 -0000
Message-ID: <20140922111214.8499.qmail@joyce.lan>
From: John Levine <johnl@taugh.com>
To: dnsop@ietf.org
In-Reply-To: <alpine.LSU.2.00.1409221047520.3000@hermes-1.csi.cam.ac.uk>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/LKrH6RX9U2xXldeh-t_OGiLRHCA
Cc: dot@dotat.at
Subject: Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/ANAME apex record in PowerDNS
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Sep 2014 11:12:40 -0000
>(1) Master-only. The master observes an ANAME record at the apex of a zone >it loads and uses it to periodically refresh the relevant records in the >zone (as if you had a cron job running dig | magic | nsupdate). I have implemented something like this, with master file syntax foo IN A [rmtip:bar.remote] The implementation fetches any A and AAAA records from bar.remote and invents local A and AAAA records. It rechecks every hour or so. >Disadvantage: potentially lots of XFR traffic if the TTLs are low. My crock manages the zone serial numbers and only changes the serial number and does a notify if the zone changes. It's all done in python scripts on top of NSD. It doesn't do DNSSEC yet but I don't see any problems since the zones that NSD sees are ordinary zones. I agree that Paul's suggestion to limit this to references within the zone would make it useless in practice unless it also resolved CNAMEs, which turns it back into the more complicated case. R's, John
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Paul Vixie
- [DNSOP] fyi [Pdns-users] Please test: ALIAS/ANAME… bert hubert
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Paul Hoffman
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… bert hubert
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Dick Franks
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Suzanne Woolf
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Doug Barton
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Doug Barton
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… David Conrad
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Paul Vixie
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… David Conrad
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Colm MacCárthaigh
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Paul Vixie
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Suzanne Woolf
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Tony Finch
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Tony Finch
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Tony Finch
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… John Levine
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Dick Franks
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Tony Finch
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Andrew Sullivan
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Dick Franks
- Re: [DNSOP] DNSSEC and ALIAS/ANAME apex record in… Paul Hoffman
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Tony Finch
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Colm MacCárthaigh
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Olafur Gudmundsson
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… bert hubert
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… bert hubert
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Paul Wouters