This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ncc-services-wg@ripe.net/
[ncc-services-wg] Reverse DNS Restructuring Project
- Previous message (by thread): [ncc-services-wg] Reverse DNS Restructuring Project
- Next message (by thread): [ncc-services-wg] Reverse DNS Restructuring Project
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Joerg Schumacher
schuma at gaertner.de
Thu Oct 9 03:56:29 CEST 2003
In article <20031008145711.C7178 at iprg.nokia.com>, David Kessens <david at iprg.nokia.com> wrote: > [...] > > However, we currently use the domain objects to maintain reverse > > delegations. Those domain objects do end up in the database while > > simultaneously updating zone files. So if everybody would use the > > proper interface to update domain objects than we would have full > > consistency. So when implementing the proposal we loose the > > ambiguity in the update path, we get consistent WHOIS and ZONE data. > > Besides we gain access, and use of new authorization mechanism that > > become available to the database (e.g. X509). > > Yes, that is certainly useful. However, we would also get full > consistency if we got rid of both 'domain:' and 'rev-srv:' attributes > and use a simple specialized interface to do reverse delegations. The > DNS is already a fully public database. There is no need to keep the > data in yet another backend database or publish it in more than one > place. I beg to differ. The redundancy in the database is needed for us operators. If you were right, we could drop all the IRR databases, sice the bgp table is a fully public database. That's fine as long as no errors happen, but error do happen so we need some out-of-band method to know how it should look like and whom to cantact if it doesn't. A quick example: let's assume that the nameservers for iprg.nokia.com and nokia.com are all lame delegations. Who'e the right contact to fix this? Since they are all lame, I can't retrieve the RNAME in the SOA. I guess I could get the RNAME of .com, but contacting nstld at verisign-grs.com would certainly not solve the problem. > I think the focus should be on the people who use the interface: we > need to choose the most simple and easy way for the user to get the > job done. The goal is not to make a complicated interface and declare > victory because we have reached data consistency! It's not getting more complicated. You already have to submit a domain object to get a reverse delegation. In fact it's getting easyer since you don't have to remember that this object has go to auto-inaddr at ripe.net. It's an ripe database object, so auto-dbm at ripe.net seems to be the natural choice. > [...] > To give another example: > > - Somebody sends in: 3-10.193.in-addr.arpa > - Next, requests a change to: 4.193.in-addr.arpa > - Next, somebody requests a deletion of: 3-10.193.in-addr.arpa > > Should the deletion fail since 3-10.193.in-addr.arpa is actually many > different objects and one of them is not the same anymore so in fact > there is really two sets of different objects ?!? Try again, this time with inetnums and rev-srv. What's the meaning of rev-srv on a /20 followed by a more specific /24 followed by the less specific /20? The problem space is exactly the same. Joerg
- Previous message (by thread): [ncc-services-wg] Reverse DNS Restructuring Project
- Next message (by thread): [ncc-services-wg] Reverse DNS Restructuring Project
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]