Dear Savannah folks, I've been thinking about the DNS backend, since lists backend is almost ready (needs of course some real life tests, and better Debian packaging but seems to work).
The point of this is to propose subdomains to projects as a vhost for their web repository, and some useful aliases (CNAME) e.g cvs.project.whatever. The worst point about the backend is that you have to design a way of communication between some data and some programs that people usually launch by hand. However, the really good thing(tm) with recent bind releases (>8) is that they support dynamic updating (http://www.ietf.org/rfc/rfc2136.txt?number=2136). That means that an host can update a DNS database across network using a special protocol. That rocks, doesn't it ? Therefore I suggest that the dumps server could do this job since that it is very simple and does not require weird software. As usual, the dumps server will dump in some files, but instead of waiting that some other server gets the dump, a cronjob will parse the output. We surely could create another kind of server that would do the job. But I think that giving this job to the dumps server is a good thing, since, as I've already stated, it does not induce some overhead and we skip the rsync'ing thing which is always good :-) I plan to write a perl script that will use the savannah modules to parse the configuration file, something like <savannah> <configuration> <dns> <server name="foo"> <rootDomain name="foo.com"/> <rootDdomain name="foo2.com"/> </server> <server name="bar"> <rootDomain name="bar.com"/> </server> </dns> </configuration> </savannah> After that, it will parse the dns dump and update the DNS with Net::DNS. The only little concern I have with dynamic updating is the ttl argument. We have to provide a TTL for CNAME and we don't want since they are supposed to stay forever. I basically see two approaches to adress that problem : 1) we add the CNAME with the highest TTL, which is 2147483647 seconds (almost 68 years) 2) We add each new CNAME with a TTL of ~400 days and we choose one day of the year when we update all entries. I would the prefer the first one, which is not that bad _IF_ documented :-). What do you think ? The last concern is security. It seems to be achievable with DNSSEC, but afaik Net::DNS does not support it (yet, I can help on that). If we use it, we'll have to enforce Bind 9.1. I think if it is okay, but maybe some people wants to discuss this issue... Any comments on this welcome. -- Guillaume Morin <[EMAIL PROTECTED]> Batailler corps et âmes pour un maudit refus (No one is innocent)
