[bind10-dev] Forwarding from auth, was ddns
Shane Kerr
shane at isc.org
Mon Nov 28 13:14:55 UTC 2011
Michal,
On Sat, 2011-11-26 at 11:52 +0100, Michal 'vorner' Vaner wrote:
> On Fri, Nov 25, 2011 at 05:57:33PM +0100, Jelte Jansen wrote:
> > - - I think we should pass off DDNS messages from auth to ddns
> > module similarly to how we do it for xfrin
>
> I believe this current state is broken by design. Because:
> • Auth needs a hardcoded list of things to forward somewhere. It should be
> generic, so new type can be added without changing the Auth code.
> • Auth needs to handle case when the recipient module doesn't exist.
> • Now we would need yet another unix domain socket for sending sockets over.
> • We can't turn off auth.
> • It doesn't solve resolver+auth very well either.
This all sort of leads us back to our discussion about how to handle
multiple things all looking for different types of DNS functionality on
the same IP address and port. (NOTE TO PROTOCOL DESIGNERS: OVERLOADING A
PROTOCOL TO DO FUNDAMENTALLY DIFFERENT THINGS IS NOT ELEGANT, IT IS A
HACK. Abusing port 53 to do both recursive and authoritative work was a
mistake, as was using port 53 to do zone transfers, as was using port 53
to do DDNS...)
It seems like what you're asking for is the receptionist. I agree this
is something we need to do, but also that this is something we should
not necessarily do right now.
> Anyway, it might be OK to do it this way as fast way to get DDNS running. But I
> can't say I'd be happy about that, as it gets us one step further from solving
> this problem.
It's a small step though. ;)
--
Shane
More information about the bind10-dev
mailing list