[bind10-dev] ddns

Michal 'vorner' Vaner michal.vaner at nic.cz
Sat Nov 26 10:52:06 UTC 2011 

Hello

On Fri, Nov 25, 2011 at 05:57:33PM +0100, Jelte Jansen wrote:
> - - I think we should pass off DDNS messages from auth to ddns
> module similarly to how we do it for xfrin

I believe this current state is broken by design. Because:
• Auth needs a hardcoded list of things to forward somewhere. It should be
  generic, so new type can be added without changing the Auth code.
• Auth needs to handle case when the recipient module doesn't exist.
• Now we would need yet another unix domain socket for sending sockets over.
• We can't turn off auth.
• It doesn't solve resolver+auth very well either.

So I think we want to have something different.

Anyway, it might be OK to do it this way as fast way to get DDNS running. But I
can't say I'd be happy about that, as it gets us one step further from solving
this problem.

> - - Naturally it should only work on zones for which we are master, and
> the datasource should be writable

What is the nice time to globalize zone configuration? Now we have zones
scattered all over the config and I don't really remember where exactly they
are. The users will get lost in it.

> - - I think we could quite easily support multiple updates
> rolled into one change (by waiting for a bit for additional update
> commands before committing), but it does depend on how good
> transactions work on the backend (idling around if you have one giant
> lock on the db does not seem like a good idea).

I don't think we want it just now. And I don't think it is much slower to push
the same amount of changes in multiple transactions than in one, I'd guess the
opposite, as longer transactions make it harder for the DB backend to resolve
conflicts. If we are worried about the RTTs with DB, we can easily run multiple
DDNS threads/processes to amortize it.

Also, if we answer, the transaction should have been closed successfully.

> - - I think the biggest difference between ixfr and ddns is that we have
> prerequisites. So we need to make sure our finder can retrieve all
> necessary information.

AFAIK it already allows that.

> - - Another difference is that, unless updated by the ddns command, we
> need to increase the serial, and we can choose several approaches for
> that. This is something i think should be completely done by the ddns
> module (and not the datasource).

+1 on that, datasrc should be agnostic about what the data really mean and stuff
like updating something by it automagically seems like too much surprise.

Anyway, if we want to do the IXFR diffs, we probably should go with the simplest
possible approach and update it every time.

With regards

-- 
I'm reading your disk
		-- General Failure

Michal 'vorner' Vaner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <https://lists.isc.org/pipermail/bind10-dev/attachments/20111126/d5009795/attachment.bin>

More information about the bind10-dev mailing list