weizhouapache commented on issue #9958: URL: https://github.com/apache/cloudstack/issues/9958#issuecomment-3803877082
> > > Does the "account" suffix make it any clearer? Because it's a generic DNS server. Usually these have a single API > Yes, but we should also consider this case: Public cloud provider offering VMs. They have their own PowerDNS environment behind it. Customers can use CloudStack to: > > * Deploy Virtual Machines > * Manage Object Storage > * Managed DNS Zones and Records > > A single API to talk to for the customer. They have no idea what DNS environment is behind it, they just create a zone and that's it. > good use case. I added two columns to `dns_server` table - is_public (BOOLEAN) - Whether the DNS server is publicly accessible by other accounts without credentials. - public_domain_suffix (VARCHAR(255)) - The domain suffix can be used by other accounts without credentials. it can work in two scenaraios - admin creates DNS server without credentials and `is_public` is `false`, users create DNS zones with their own credentials - admin creates DNS server with credentials and `is_public` is `true`, users create DNS zones without specifying credentials, but the domain suffix is restricted. how about it ? > Come to think, I think that per provider/driver you should also be able to set the NS records. If set, these will be returned by CloudStack as the NS records people can use > > dns_server_nameservers > > * dns_server_id > * hostname > it may be useful for Public DNS server (`is_public` is `true` in the above cases) CloudStack just needs to store the NS and returns to users, right ? > > > > the `dns_zone` table stores the information of DNS zones/domains, as well as some cloudstack information, for example ownership or dedication. I added a column `external_reference` to store the additional information of the dns zone on external dns servers. > > > > > > > > > The "external_reference" column would have to be populated by the driver. The driver would return this reference once the zone is created. That's what we then use to look up the zone again in that driver. The driver might return the zone name, an ID (integer) or a UUID. That's up to the driver. > > > > > > Yes, make sense. that's what I intend to do: save necessary information in database to speed up operations afterwards. > > > I would also make sure that from the start there is DNSSEC support. That you can enable/disable DNSSEC by asking this and the provider can return the KSK and ZSK from the zone. > > > > > > we will consider the use case. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
