Re: [nscp] Updating zone *content* in-scope or not?

Tony Finch <dot@dotat.at> Mon, 20 September 2010 22:27 UTC

Return-Path: <fanf2@hermes.cam.ac.uk>
X-Original-To: nscp@core3.amsl.com
Delivered-To: nscp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id C16143A6AF0 for <nscp@core3.amsl.com>; Mon, 20 Sep 2010 15:27:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.19
X-Spam-Level:
X-Spam-Status: No, score=-5.19 tagged_above=-999 required=5 tests=[AWL=0.013, BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WullYCGW1lSx for <nscp@core3.amsl.com>; Mon, 20 Sep 2010 15:27:55 -0700 (PDT)
Received: from ppsw-33.csi.cam.ac.uk (ppsw-33.csi.cam.ac.uk [131.111.8.133]) by core3.amsl.com (Postfix) with ESMTP id 7FEE03A689C for <nscp@ietf.org>; Mon, 20 Sep 2010 15:27:55 -0700 (PDT)
X-Cam-AntiVirus: no malware found
X-Cam-SpamDetails: not scanned
X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/
Received: from [87.115.9.241] (port=56392 helo=[192.168.1.8]) by ppsw-33.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.159]:587) with esmtpsa (PLAIN:fanf2) (TLSv1:AES128-SHA:128) id 1OxoqO-0005Oe-i9 (Exim 4.72) (return-path <fanf2@hermes.cam.ac.uk>); Mon, 20 Sep 2010 23:28:16 +0100
References: <4C9091C8.1030702@isc.org> <p062408d6c8b692e2c226@10.20.30.158> <A5289BAE-189D-4FF0-8AEC-2CCDC06D3B43@sinodun.com> <p062408dbc8b6aaf55b1a@10.20.30.158> <F41F5A3D292BA66474A70422@minbar.fac.cs.cmu.edu> <20100916130131.GA29091@nic.fr> <p0624081fc8b7e8b23cc0@10.20.30.158> <22r5gtcwtj.fsf@ziptop.autonomica.net> <p06240837c8b839e8f192@10.20.30.158> <22k4mlbb6k.fsf@ziptop.autonomica.net> <p0624083ac8b8499641a3@10.20.30.158> <4C6A8B95E7FAF06E143D9425@minbar.fac.cs.cmu.edu> <p0624086fc8b998cb98d6@10.20.30.158> <076D7E021C1972DBD3D412B8@minbar.fac.cs.cmu.edu> <AANLkTikbeJSrc0Xp6-=AhWU1LYYcwtNHT2sRGhubVC==@mail.gmail.com> <sd62y0yvhi.fsf@wjh.hardakers.net>
In-Reply-To: <sd62y0yvhi.fsf@wjh.hardakers.net>
Mime-Version: 1.0 (iPhone Mail 8B117)
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="us-ascii"
Message-Id: <A3B08AF2-A4CC-4040-8560-7DEFF1A1915F@dotat.at>
X-Mailer: iPhone Mail (8B117)
From: Tony Finch <dot@dotat.at>
Date: Mon, 20 Sep 2010 23:27:13 +0100
To: Wes Hardaker <wjhns1@hardakers.net>
Sender: Tony Finch <fanf2@hermes.cam.ac.uk>
Cc: "nscp@ietf.org" <nscp@ietf.org>, Paul Hoffman <paul.hoffman@vpnc.org>, Jeffrey Hutzelman <jhutz@cmu.edu>
Subject: Re: [nscp] Updating zone *content* in-scope or not?
X-BeenThere: nscp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Nameserver control/configuration protocol discussion list <nscp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/nscp>, <mailto:nscp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nscp>
List-Post: <mailto:nscp@ietf.org>
List-Help: <mailto:nscp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nscp>, <mailto:nscp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Sep 2010 22:27:57 -0000

On 20 Sep 2010, at 22:07, Wes Hardaker <wjhns1@hardakers.net> wrote:
> 
> However, one point of netconf is the ability to do a complete dump/restore of config data and you wouldn't want to exclude the zone data from that dump/restore set.

DNSSEC makes zone dump and restore harder, because you may have to re-sign the zone if the dump is old. However the existing protocols already handle online signing of dynamic updates, so very little programming is required to AXFR a zone to make a dump, then restore it with a series of incremental updates. I expect that sites needing a more efficient DR plan will have more sophisticated ways to provision their master servers.

Tony.
--
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/