At 11:49 -0400 9/3/09, Lee Howard wrote:
-----Original Message-----
From: dnsop-boun...@ietf.org ... On Behalf Of Edward Lewis
1) Zone transfers?
Is this a requirement for IP6.ARPA zones used for residential users?
Kind of.
To achieve a sufficient number "9's" of availabilty (that is "99.9"
or "99.999") more than one source of data is needed. That is, you
could have just one server for an IPv6 range but then it is a single
point of failure. Most DNS zones are on at least 2 servers - deep in
the tree. The root zone is on 100's (13 visible at any one place at
a a time), TLDs usually about a half-dozen (visible plus anycast).
If there is no zone transfer, an admin would have to manually get the
multiple sources to be in sync some other way. The admin could use
things like RSYNC, but that means that the constellation is running
in a "special mode" and if the admin is on vacation it might be hard
to fix.
It's safest to always have zone transfer defined for any DNS
extension as this is the only means to provide interoperability and
"in-band" maintenance of the system.
Kind of - in the sense that it is a really good idea and is strongly
encouraged.
2) Dynamic update?
Mutually exclusive per zone. For any given zone, you can either generate
on the fly, or support dynamic updates. If you want both, you'll have to
number them out of different scopes, which may not be as bad as it sounds.
This is a question more based on things like Active Directory. This
is not so vital, but given that "incrementalism" is growing in
importance it would be a desired feature. In this case, I'd like to
be able to add new synthesis rules on the fly (as opposed to DHCP
lease information).
3) DNSSEC?
I think such synthesis is the way to go. The problem is usually
keeping a constellation of servers synchronized with respect to the
synthesis rules, keeping up with changes, and signing the data.
I'd like to see more on this topic.
Me too. I don't mean to shoot down what Fujiwara-san has suggested.
I am shooting down the notion that "what we have now is good enough."
Perhaps this is the next major incremental addition to the DNS
protocol - a more general synthesis mechanism. (I envision something
involving NAPTR...it has the seeds we need.)
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStar You can leave a voice message at +1-571-434-5468
As with IPv6, the problem with the deployment of frictionless surfaces is
that they're not getting traction.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop