nanog mailing list archives
Re: dns authority changes and lame servers
From: Paul Vixie <vixie () vix com>
Date: 19 Oct 2007 00:03:42 +0000
mike () rockynet com (Mike Lewinski) writes:
Justin Scott wrote:I suppose the problem with having an official list to query would be getting all of the various registries to participate and keep it regularly updated. I personally qualify this as a slight inconvenience, but I'm not sure I would call it a flaw in the DNS system.If we just call DNS a distributed database, then it is easy to see that when the keys (glue at root) get updated, the relations to those keys *should* all reflect that change. ... And I'll admit, I'm not sure how to properly fix it either. My first thought was a BIND directive to "expire-stale-zones <interval>;" so that every <interval> the server might check to be sure it is still auth, and if it has found authority changed, would stop giving out AAs for it. But I see all kinds of operational issues arising from that too (such as, how do we gracefully setup new customer's zone before it has transitioned here).
as duane said, it's possible to accomplish this with creative nagios plugins. however, i agree that it's something BIND should do, to be comprehensive. if someone is excited enough about this to consider sponsoring the work, please contact me (vixie () isc org) to discuss details.
Really, in my ideal Internet, once my server was notified that it was no longer authoritative, it would have an option to do a reverse xfer to the new auth servers (who would then be free to accept/reject the old information as necessary - can't count the number of times I've tried to get customers to provide zone file records in advance and failed because they don't know how/where to get them from). But that's an ideal Internet that will never exist, I know.
it's because we didn't know exactly how to scope this problem that RFC 2136 does not permit the insertion or deletion of authority zones. noting that the ideal internet you want is within our grasp if we can only define it and sponsor it, i recommend taking up this thread on namedroppers () ops ietf org or dns-operations () lists oarci net. -- Paul Vixie
Current thread:
- dns authority changes and lame servers Mike Lewinski (Oct 18)
- RE: dns authority changes and lame servers Justin Scott (Oct 18)
- Re: dns authority changes and lame servers Mike Lewinski (Oct 18)
- Re: dns authority changes and lame servers Paul Vixie (Oct 18)
- Re: dns authority changes and lame servers Simon Waters (Oct 19)
- Re: dns authority changes and lame servers Mike Lewinski (Oct 18)
- Re: dns authority changes and lame servers David Ulevitch (Oct 18)
- RE: dns authority changes and lame servers Justin Scott (Oct 18)
- Re: dns authority changes and lame servers Paul Vixie (Oct 18)
- unsuc schahzad (Oct 18)
- Re: unsuc schahzad (Oct 18)
- RE: dns authority changes and lame servers Justin Scott (Oct 18)
- Re: dns authority changes and lame servers Duane Wessels (Oct 18)
- Re: dns authority changes and lame servers Rob Thomas (Oct 18)