Hi Karl,
despite I come with a bunch of criticism below, I still appreciate your
effort and I think it might lead to a significant improvement of catalog
zones usability.
1) I don't like the overall idea:
1a) catalog zones' main goal is enabling synchronized configuration of
the whole primary-secondary tree, where different vendor implementations
play parts. This new feature focuses on configuring the topmost primary
only. It probably makes no harm that the secondaries would "see" those
properties that are useless for them, but it still looks like an
inefficient utilization of catalog zone.
1b) thinking about the idea, it makes me consider the setup where the
topmost primary consumes different catalog zone (with this stuff) than
the secondaries (without it). In such case, such catalog zone, used for
configuring a single server, doesn't really need to be a zone, it seems
just like a proposed vendor-independent way how to configure a server.
Or more accurately, how to merge million zone files into single zone file.
1c) catalog zones are often used in setups with millions of zones and
they might be huge, on the edge of what a software and hardware can
handle (zone file operations, IXFR/AXFR, memory consumption, ...).
Adding significant volume of new stuff might be operationally
problematic, even in cases when it is ignored by consumers.
1d) in the Introduction you mention known proprietary implementations of
such mechanism. Could you please briefly describe (some of) them for me?
2) I don't like some specific design aspects:
2a) stuffing various data in TXT records with custom internal format.
2b) allowing only SOA, apex NS and A+AAAA related to that NS.
2c) there seem to be no way of defining the zone file for a group of zones.
Libor
CZ.NIC, Knot DNS
On 25. 03. 25 16:46, Karl Dyson wrote:
On Tue, Mar 25, 2025 at 05:56:14AM -0700, [email protected] wrote:
Internet-Draft draft-dyson-primary-zonefile-initialisation-01.txt is now
available.
Title: Initialisation of Zone Files on the DNS Primary Server
Author: Karl Dyson
Name: draft-dyson-primary-zonefile-initialisation-01.txt
Pages: 16
Dates: 2025-03-25
Abstract:
This document describes an update to "DNS Catalog Zones" ([RFC9432])
that facilitates a method for the primary server of a DNS zone to
create the underlying master file for member zone(s) using
information contained within a catalog zone.
Hello,
I had spoken to a few folks about this idea in Dublin. I've finally
written it all down and, after some initial review and feedback, feel
like I've got it to a point where I'm happy to circulate more widely.
There's an appendix at the bottom that aims to outline some of my
thoughts as I was writing it, and things I think still might need
answers.
It also occurred to me as I wrote this that it might be nice to be able
to signal to a DNSSEC signer that is also consuming the/a catalog that
when a new zone is added, that it should create keys and begin signing
activities. To that end, I'm writing a second draft that I'll circulate
once I've written more of it.
I'd be grateful for thoughts and comments on the idea(s).
Thanks in advance,
Karl
_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]
