This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[dns-wg] Replacing reverse zone delegations by DNAMEs

Previous message (by thread): [dns-wg] Replacing reverse zone delegations by DNAMEs
Next message (by thread): [dns-wg] Fwd: FYI: ARPA DS record in the root

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Peter Koch pk at DENIC.DE
Thu Dec 2 18:05:31 CET 2010

Chris,

> Locally we have been using a scheme to map such reverse lookups into
> a single common zone, described at
> 
>  http://people.pwf.cam.ac.uk/cet1/prune-reverse-zones
> 
> To take full advantage of this, however, requires promoting DNAMEs
> into the parent reverse zone.

for this particular list it might be advised to focus the discussion
on the reverse mapping case (for both v4, still, and v6).  Not sure
I understand what the implicit problem statement is, but it seems
there are two stages:

1) You want to maintain zone data in only one place
   "first derivative", changes to zone data

2) You also want to set up as few zones as possible
   "second derivative", changes to zone meta data

The proposal/suggestion/hack linked above optimizes all this for a
subset of scenarios and all towards the provisioning side. Can it be
done? Sure.  Would it scale, i.e., what would be the effects if
10%, 50% or 90% of the reverse zones would be replaced by this?
I have no idea.  Should it be recommended?  Probably premature to ask
pending understanding of the side effects.

Just some questions to chew on, in no particular order and without
being exhaustive:

o (How) would this work with the parent zone determination for DNS Dynamic
  Updates?

o Would this impose more or less load on the "parents'" name servers?

o What would be the scaling effects on (validating) resolvers?

o Is the maintenance of multiple zones, including data maintenance and
  infrastructure maintenance (setting up, checking and changing slaves)
  really an operational issue of significance?

o Will this become better or worse for IPv6 reverse?

o To what extent are today's tools, scripts, IPAM solutions _not_
  solving the task?

o What are the side effects of putting all PTRs in one basket^Wzone?

> As DNAMEs do not redirect the name itself, there would be a problem
> for reverse zones containing significant records at the apex, e.g.
> PTR records pointing to a gateway host. (I think that practice,
> recommended in RFC 1033, has pretty much fallen into disuse.) If the

That's probably section 3.3 of RFC1101. Not widely used since CIDR times.
There's little to find except meta data at the apex of most v4
reverse zones and that should also be true for v6.

-Peter {no hat}

Previous message (by thread): [dns-wg] Replacing reverse zone delegations by DNAMEs
Next message (by thread): [dns-wg] Fwd: FYI: ARPA DS record in the root

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ dns-wg Archives ]