Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/ANAME apex record in PowerDNS

Dick Franks <rwfranks@acm.org> Mon, 22 September 2014 13:27 UTC

MIME-Version: 1.0
Sender: rwfranks@gmail.com
In-Reply-To: <alpine.LSU.2.00.1409221223281.3000@hermes-1.csi.cam.ac.uk>
References: <20140921115222.GB16178@xs.powerdns.com> <541F1AE8.6010709@redbarn.org> <alpine.LSU.2.00.1409221047520.3000@hermes-1.csi.cam.ac.uk> <CAKW6Ri7HYB0BdHGJG9aTXs3=JP4wG1B5uZpk7Y0S60XGAXayQw@mail.gmail.com> <alpine.LSU.2.00.1409221223281.3000@hermes-1.csi.cam.ac.uk>
From: Dick Franks <rwfranks@acm.org>
Date: Mon, 22 Sep 2014 14:27:14 +0100
Message-ID: <CAKW6Ri7OYZKEJ88eGRhfuRUqBqZ3XDVOfKci0E8Y=bS3GnawFw@mail.gmail.com>
To: Tony Finch <dot@dotat.at>
Content-Type: multipart/alternative; boundary="f46d04447e1d1305770503a76b61"
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/myJqdhcrIvLI50x6ihF9J4nkxBU
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/ANAME apex record in PowerDNS
Precedence: list

On 22 September 2014 12:27, Tony Finch <dot@dotat.at> wrote:

> Dick Franks <rwfranks@acm.org> wrote:
> > On 22 September 2014 11:03, Tony Finch <dot@dotat.at> wrote:
> > >
> > > (1) Master-only. The master observes an ANAME record at the apex of a
> zone
> > > it loads and uses it to periodically refresh the relevant records in
> the
> > > zone (as if you had a cron job running dig | magic | nsupdate).
> > >
> > > Disadvantage: potentially lots of XFR traffic if the TTLs are low.
> >
> > Why would TTL be relevant here?
> >
> > Is the master not acting as a "partial slave" for the target RRs?
> > In which case, the timing should depend on the SOA refresh period.
>
> Yes, you could do it that way. But a lot of people want changes to take
> effect quickly.
>
> So whenever TTL times out, master does validated lookup of each ANAME
target, resigns, updates zone, notifies own slaves, services XFRs.

Someone beyond your direct control sets a short TTL (0 or 1) in ANAME
target RRs and your master is in deep, deep [trouble] !!

Thinking about it, (target side) SOA refresh is not much better.



> And I forgot to cover the effects that client-subnet might have ...
>
>  I do not know either


Rs
Dick

Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Paul Vixie
[DNSOP] fyi [Pdns-users] Please test: ALIAS/ANAME… bert hubert
Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Paul Hoffman
Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… bert hubert
Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Dick Franks
Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Suzanne Woolf
Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Doug Barton
Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Doug Barton
Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… David Conrad
Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Paul Vixie
Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… David Conrad
Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Colm MacCárthaigh
Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Paul Vixie
Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Suzanne Woolf
Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Tony Finch
Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Tony Finch
Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Tony Finch
Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… John Levine
Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Dick Franks
Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Tony Finch
Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Andrew Sullivan
Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Dick Franks
Re: [DNSOP] DNSSEC and ALIAS/ANAME apex record in… Paul Hoffman
Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Tony Finch
Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Colm MacCárthaigh
Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Olafur Gudmundsson
Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… bert hubert
Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… bert hubert
Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Paul Wouters