Re: [nscp] Updating zone *content* in-scope or not?
Jeffrey Hutzelman <jhutz@cmu.edu> Mon, 20 September 2010 22:49 UTC
Return-Path: <jhutz@cmu.edu>
X-Original-To: nscp@core3.amsl.com
Delivered-To: nscp@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 11B883A67B6 for <nscp@core3.amsl.com>; Mon, 20 Sep 2010 15:49:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.54
X-Spam-Level:
X-Spam-Status: No, score=-106.54 tagged_above=-999 required=5 tests=[AWL=0.059, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HP9aFCgXW6fT for <nscp@core3.amsl.com>; Mon, 20 Sep 2010 15:49:43 -0700 (PDT)
Received: from smtp03.srv.cs.cmu.edu (SMTP03.SRV.CS.CMU.EDU [128.2.217.198]) by core3.amsl.com (Postfix) with ESMTP id 87B4E3A6AF2 for <nscp@ietf.org>; Mon, 20 Sep 2010 15:49:42 -0700 (PDT)
Received: from LYSITHEA.FAC.CS.CMU.EDU (LYSITHEA.FAC.CS.CMU.EDU [128.2.172.62]) (authenticated bits=0) by smtp03.srv.cs.cmu.edu (8.13.6/8.13.6) with ESMTP id o8KMo4AA014667 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 20 Sep 2010 18:50:04 -0400 (EDT)
Date: Mon, 20 Sep 2010 18:50:04 -0400
From: Jeffrey Hutzelman <jhutz@cmu.edu>
To: Edward Lewis <Ed.Lewis@neustar.biz>
Message-ID: <9BF9286E00951B68BD9DACA9@lysithea.fac.cs.cmu.edu>
In-Reply-To: <2697_1285007087_o8KIOkgj014039_a06240800c8bd5615cdee@[10.31.200.147]>
References: <4C9091C8.1030702@isc.org> <p062408d6c8b692e2c226@10.20.30.158> <A5289BAE-189D-4FF0-8AEC-2CCDC06D3B43@sinodun.com> <p062408dbc8b6aaf55b1a@10.20.30.158> <F41F5A3D292BA66474A70422@minbar.fac.cs.cmu.edu> <20100916130131.GA29091@nic.fr> <p0624081fc8b7e8b23cc0@10.20.30.158> <22r5gtcwtj.fsf@ziptop.autonomica.net> <p06240837c8b839e8f192@10.20.30.158> <22k4mlbb6k.fsf@ziptop.autonomica.net> <p0624083ac8b8499641a3@10.20.30.158> <22489_1284679010_o8GNGnKr014689_AANLkTikkgZs3keRo0DcRCx9jSAbrFiHeLsyxE5ss 7hQ7@mail.gmail.com> <4C6A8B95E7FAF06E143D9425@minbar.fac.cs.cmu.edu> <p0624086fc8b998cb98d6@[10.20.30.158]> <076D7E021C1972DBD3D412B8@minbar.fac.cs.cmu.edu> <2697_1285007087_o8KIOkgj014039_a06240800c8bd5615cdee@[10.31.200.147]>
X-Mailer: Mulberry/4.0.8 (Linux/x86)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Scanned-By: mimedefang-cmuscs on 128.2.217.198
Cc: nscp@ietf.org, jhutz@cmu.edu
Subject: Re: [nscp] Updating zone *content* in-scope or not?
X-BeenThere: nscp@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Nameserver control/configuration protocol discussion list <nscp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/nscp>, <mailto:nscp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nscp>
List-Post: <mailto:nscp@ietf.org>
List-Help: <mailto:nscp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nscp>, <mailto:nscp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Sep 2010 22:49:46 -0000
--On Monday, September 20, 2010 02:24:30 PM -0400 Edward Lewis <Ed.Lewis@neustar.biz> wrote: > At 18:27 -0400 9/17/10, Jeffrey Hutzelman wrote: >> As I see it, zone content management should be in scope for the >> to-be-developed protocol, and needs to be one of the things we consider >> as we design that protocol, even if actually defining how it works is >> not one of the first things we work on. > > Have you read RFCs 1995, 1996 and 5936 for inter-authority server > coordination of zone content and RFCs 2136 and 3007 for altering the > content? No, I've never read any DNS-related RFC's, and I don't understand a thing about how the system works. I certainly have never operated a nameserver, let alone operated a moderately complex system of servers supporting several dozen zones and over 25K names for over a decade. And I've never, ever written a line of DNS-related code. I think it should be quite clear that while zone transfers and IXFR (and the associated notification mechanisms) are effective for distributing zone data to slaves, they are not a management mechanism. Since we're here to talk about management, and the immediate question is whether and to what extent management of zone content should be in scope, I fail to see how the existance of zone distribution mechanisms, incremental or otherwise, is relevant. Certainly DDNS is useful for one-off updates. It works well for updates from DHCP servers, or from clients/end-users. It even works well for management, if your operation is simple enough that you can simply declare that the nameserver is the ultimate source of authority and all updates are done by administrators manually issuing DDNS updates. Unfortunately, for _automatic_ management, such as keeping up to date with an external source that is the true authority while simultaneously accepting some kinds of update dynamically from users, DDNS is woefully inadequate. I covered some of this in my first message on the topic, which apparently people didn't bother to read before telling me I was an idiot or that I needed to justify my argument: > To make loading generated zone data work well, I need to keep metadata > alongside each record indicating where it came from, so I can distinguish > changes made by DDNS clients from situations where the zone simply > doesn't match the current version of the generated data. Today I do that > by keeping a specially-formatted TXT record alongside each "real" record, > so they can be updated at the same time (as part of the same (atomic) > DDNS update). I'd much rather do zone content management outside the DNS > protocol, with the server not only keeping my record-origin metadata but > also providing me with information about when a record was last updated > and by what client, which doesn't appear in the DNS. Let me make my position crystal-clear, if I can: I'm not arguing that support for managing zoen content needs to happen now. I _am_ arguing that it needs to be able to happen in the future. If I see work proceeding in a direction that would make it difficult or impossible to add record-level management operations, I will object. If I see a proposed charter that is designed to forestall such objections now and forever by ruling record-level management out of scope, I will object to _that_. > Certainly the specified mechanism(s) have their limitations, but that's > not what I think is needed to be discussed now. On the contrary, what we're discussing now is the scope of the proposed working group. If there's an argument to be made that certain work should be out of scope because it's adequately addressed by existing protocols, then the limitations of such protocols are certainly relevant to the discussion. -- Jeffrey T. Hutzelman (N3NHS) <jhutz+@cmu.edu> Carnegie Mellon University - Pittsburgh, PA
- [nscp] Welcome (and proposed charter) Jelte Jansen
- Re: [nscp] Welcome (and proposed charter) Paul Hoffman
- Re: [nscp] Welcome (and proposed charter) jad
- Re: [nscp] Welcome (and proposed charter) Paul Hoffman
- Re: [nscp] Welcome (and proposed charter) jad
- Re: [nscp] Welcome (and proposed charter) Jeffrey Hutzelman
- [nscp] Updating zone *content* in-scope or not? (… Stephane Bortzmeyer
- Re: [nscp] Updating zone *content* in-scope or no… Paul Hoffman
- Re: [nscp] Updating zone *content* in-scope or no… Lars-Johan Liman
- Re: [nscp] Updating zone *content* in-scope or no… Paul Hoffman
- Re: [nscp] Updating zone *content* in-scope or no… Lars-Johan Liman
- Re: [nscp] Updating zone *content* in-scope or no… Paul Hoffman
- Re: [nscp] Updating zone *content* in-scope or no… Ondřej Surý
- Re: [nscp] Updating zone *content* in-scope or no… Jeffrey Hutzelman
- Re: [nscp] Updating zone *content* in-scope or no… Paul Hoffman
- Re: [nscp] Updating zone *content* in-scope or no… Jeffrey Hutzelman
- Re: [nscp] Updating zone *content* in-scope or no… Ondřej Surý
- Re: [nscp] Updating zone *content* in-scope or no… Tony Finch
- Re: [nscp] Updating zone *content* in-scope or no… Edward Lewis
- Re: [nscp] Updating zone *content* in-scope or no… Wes Hardaker
- Re: [nscp] Updating zone *content* in-scope or no… Tony Finch
- [nscp] Proposed wording for the charter Paul Hoffman
- Re: [nscp] Updating zone *content* in-scope or no… Jeffrey Hutzelman