[bind10-dev] BIND 10 administrator interface sessions

Thu Oct 22 11:17:25 UTC 2009

I have notes from a third session at NANOG (attended by folks from CIRA, 
Afilias, Google) and will post later today.

Shane Kerr wrote:
> All,
>
> We have some ideas about the administrator interface in BIND 10. At
> the RIPE 59 meeting in Lisbon, I talked to some BIND users about
> these, in order to see what users think about administrator interfaces
> for BIND 10.
>
> There were two sessions. The first was on Monday evening, and the
> second was on Thursday after the 1st DNS working group session (before
> lunch). Larissa was present at the second and took notes, I managed
> the first one on my own.
>
> Notes from First Session
> ------------------------
> At the first session we had:
> - Peter Koch (DENIC)
> - Stephane Bortzmeyer (AFNIC)
> - Ondrej Sury (NIC.CZ)
> - (Some gentleman who's name I did not get) (SIDN)
> - Antoin Verschuren (SIDN)
> - David Knight (ICANN)
> - Joao Damas (Bondis)
>
> I explained the basic idea of operating more like a router than a
> standard Unix daemon with a config file holding the configuration.
>
> The immediate reaction was that nobody likes the way configuration
> works in Cisco routers, and we should not try to duplicate them.
> Ciscos allow you to have a running configuration which does not match
> the configuration file, for example.
>
> REQUIREMENT: Use the same configuration on multiple servers. (This is
> easy with file-based configuration.)
>
> Peter: Need to be able to dump, check into RCS, and so on. Need to be
> able to attach reasoning/notes to configurations. ITIL needs change
> management, configuration management, and so on.
>
> REQUIREMENT: Must work with configuration/change management software &
> systems.
>
> Stephane: Need to be able to export configuration. Need to be able to
> send snippets to bind-users for example.
>
> REQUIREMENT: Must be able to export configuration.
>
> (SIDN gentleman): We never touch configuration files - everything is
> in an SQL database.
>
> Joao: Granularity of the configuration is important. Versioning,
> transactions, etc. all very nice.
>
> Peter: Should be something that fits into cfengine (for example).
> Stephane: Yes, needs to work with other software.
>
> Ondrej: Zone management and configuration management are different
> things.
>
> Dave: Changes to zones must not impact the server.
>
> Stephane: Need to appeal to non-experts!
> Dave: Much of this stuff, like version control, is *more* important
> for non-experts.
>
> Shane: In pre-BIND 10 there was some confusion about what
> configuration is and what program data is. So, zones configuration is
> really different from server configuration.
> Joao: This separation also includes views, TSIG keys, and more. 
>
> REQUIREMENT: Need a way of the name server dumping what it thinks the
> current configuration is.
>
> Stephane: How does Apache solve this with 1000s of domains? What about
> Postfix?
>
> REQUIREMENT: All representations of configuration must be in sync.
>
> Ondrej: Do we need interaction? Maybe we just need fast reload?
>
> Dave: JunOS is very good. Change, commit, rollback, XML API. Maybe
> look at Juniper tutorials.
>
> Ondrej: Firefox about:config is a good start.
>
>
> Notes from Second Session (thanks to Larissa)
> ---------------------------------------------
> Present:
> Suzanne, Shane, Larissa ISC
> Johan Ihren             Autonomica      johani at autonomica.se
> Sara Monteiro           FCCN            sara.monteiro at fccn.pt  
> Pedro Ribeiro           FCCN            pedro.ribeiro at fccn.pt
> Joao Afonso             FCCN            joao.afonso at fccn.pt
> Eduardo Duarte          FCCN            eduardo.duarte at fccn.pt
> Stephane Bortzmeyer     Afnic           bortzmeyer at afnic.fr
> Anand Buddhdev          RIPE            anandb at ripe.net
>
>
> Thoughts:
> Anand Buddhev – likes juniper likes to be able to test and to rollback
> config. Easy to solve outdated config by having a tool that writes out
> the current config at frequent intervals with date stamps
>
>
> Johan Ihren – its clear that BIND 9 isn't optimal, however as much as
> he likes the command channel and it does make sense he doubts that
> this would be his primary interface. He has a provisioning system a nd
> generates all the config variants and then ships them all at once. The
> consequence of this from his point of view is that we must remember
> that there is no fit everyone solution. Keep this in mind. That said
> he can already see ways to leverage this new command channel interface
> to batch changes through the command channel. Somewhere we must
> accommodate the very large scale users. (and what about enterprise
> users?)
>
>
> Shane – what is config? Right now zone files are data and every thing
> else is config but this is not the truth,
>
> tools
>
> command line vs web gui vs....
>
> concern from Johan: custom tools – in all honesty I will not only have
> BIND 10 name servers he has a mix. So what he is really looking for is
> a generic control interface with vendor specific
> plugins/hooks/extensions.  He realizes BIND 10 is aiming for lots of
> components and he will select a subset but his concern is that the
> core part he would like to see as an open protocol which could be used
> across platforms and everything vendor specific in a specific corner.
> The open protocol would not change over different versions.
>
>
> Versioning
>
>
> need to serialize – store configs in a database an d somehow get in
> and out
>
>
> johan – netnod/autonomica has moved away from versioning because in
> the whole picture the actual version loses relevance. They chop their
> config into sections (provisioning, keys, customer, infrastriucture,
> etc)
>
>
> could a BIND10 sql database do that?
>
>
> Anand – RIPE does something similar – they have bits they stitch
> together as necessary and each is versioned separately
>
>
> Eduardo from FCN – we're doing two things atr once – good to separate
> bind10 and this command and control management stuff into two
> products.
> Johann agrees. Would need to be really clear that the command and
> control interface might be separate and might also support other DNS
> implementations.
>
> _______________________________________________
> bind10-dev mailing list
> bind10-dev at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind10-dev
>   

-- 

------------------
Larissa Shapiro
ISC Product Manager
larissas at isc.org
+1650.423.1335