wido commented on issue #9958: URL: https://github.com/apache/cloudstack/issues/9958#issuecomment-3784518652
> thanks [@wido](https://github.com/wido) for the review > > > * Should we store the record contents locally? How do we sync this? Or should we just use the DNS API to fetch all the records and show the zone contents? What if somebody makes a change on the DNS server's end without telling CS? The zone will get out of sync > > if we do not store the DNS records in database, it will be more simple. the side-effect is, for each DNS record operation (CRUD), we need to get remote DNS records at first. since the operations are not latency-sensitive, I think it fine to not store them. therefore I have removed the definition of `dns_record` table from the design doc. > It will add latency. If this really becomes a problem we can potentially cache, but I wouldn't do that for now. Usually these APIs are rather fast. > > * Maybe we should just store the zone name and an external reference, this could be an ID, UUID, Zone name, etc > > * Shouldn't zones be unique per DNS server? > > > > The DNS server is the Authoritative one here, so should we re-invent the wheel? We could always cache the response locally, but for consistency sake depend on the DNS server. > > For clarification, I renamed `dns_server` table to `dns_server_account` which represents the accounts on external DNS servers. For each account on external DNS server, they can manage multiple DNS zones/domains. > Does the "account" suffix make it any clearer? Because it's a generic DNS server. Usually these have a single API key/secret and you manage all the zones. CloudStack will then do the logic of accounting and authorization for it's internal users. - dns_server - dns_provider Both would work for me. > the `dns_zone` table stores the information of DNS zones/domains, as well as some cloudstack information, for example ownership or dedication. I added a column `external_reference` to store the additional information of the dns zone on external dns servers. > The "external_reference" column would have to be populated by the driver. The driver would return this reference once the zone is created. That's what we then use to look up the zone again in that driver. The driver might return the zone name, an ID (integer) or a UUID. That's up to the driver. > I added a new table `dns_zone_network_map`. Users can Link the zone to multiple networks for auto-registration. user can specify the sub domain (optional) > > cc [@sudo87](https://github.com/sudo87) [@rajujith](https://github.com/rajujith) I would also make sure that from the start there is DNSSEC support. That you can enable/disable DNSSEC by asking this and the provider can return the KSK and ZSK from the zone. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
