wido commented on issue #9958: URL: https://github.com/apache/cloudstack/issues/9958#issuecomment-3785240755
> > It will add latency. If this really becomes a problem we can potentially cache, but I wouldn't do that for now. Usually these APIs are rather fast. > > let's not cache them then. > > > Does the "account" suffix make it any clearer? Because it's a generic DNS server. Usually these have a single API key/secret and you manage all the zones. CloudStack will then do the logic of accounting and authorization for it's internal users. > > > > * dns_server > > * dns_provider > > > > Both would work for me. > > for internal cloud platform, if all vms use the same DNS provider with same credential, it is simple. > > if we consider a multi-tenant platform where each domain or project represents a customer, it might be useful if each customer manages multiple accounts on various DNS providers/servers. Each account manages multiple DNS zone/domains. > Yes, but we should also consider this case: Public cloud provider offering VMs. They have their own PowerDNS environment behind it. Customers can use CloudStack to: - Deploy Virtual Machines - Manage Object Storage - Managed DNS Zones and Records A single API to talk to for the customer. They have no idea what DNS environment is behind it, they just create a zone and that's it. Come to think, I think that per provider/driver you should also be able to set the NS records. If set, these will be returned by CloudStack as the NS records people can use dns_server_nameservers - dns_server_id - hostname > > > the `dns_zone` table stores the information of DNS zones/domains, as well as some cloudstack information, for example ownership or dedication. I added a column `external_reference` to store the additional information of the dns zone on external dns servers. > > > > > > The "external_reference" column would have to be populated by the driver. The driver would return this reference once the zone is created. That's what we then use to look up the zone again in that driver. The driver might return the zone name, an ID (integer) or a UUID. That's up to the driver. > > Yes, make sense. that's what I intend to do: save necessary information in database to speed up operations afterwards. > > > I would also make sure that from the start there is DNSSEC support. That you can enable/disable DNSSEC by asking this and the provider can return the KSK and ZSK from the zone. > > we will consider the use case. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
