[bind10-dev] SQL in BIND 10

JINMEI Tatuya / 神明達哉 jinmei at isc.org
Thu Feb 7 02:18:23 UTC 2013 

At Wed, 6 Feb 2013 19:13:02 -0500,
Stephen Frost <sfrost at snowman.net> wrote:

> > Yeah this scenario is understandable, but my concern is that it's just
> > a speculation.  
> 
> It's not speculation, it's the reason for PowerDNS's popularity and why
> it's taking market share away from bind.  I've run into multiple hosting
> providers who use PowerDNS as a hidden master and bind slaves on the
> edges because they need a DNS system which will integrate with their
> provisioning systems.

Okay, this is indeed good to know.  To be clear, I was not disagreeing
with you.  But, until now, all I've heard in this list was in fact a
guess, not actual request from candidate users or an existing user
story (see, for example, the very first message of this thread:
https://lists.isc.org/pipermail/bind10-dev/2013-January/004302.html
where Shane explained "what he thought", not requests he heard
from users).  I think this is the first non-imaginary story I've seen,
and I really appreciate it.

> > I can imagine such operators, but what I really wanted
> > to know is that whether there are indeed such (possible) users or
> > whether they currently only live our imagination.  
> 
> I'm interested in bind10, to employ for both my company's DNS and
> possibly for PG infrastructure, specifically because of this.  I had
> already been looking at PowerDNS until someone mentioned that bind10 was
> planned to support SQL backends.  We already track DNS information in
> our provisions systems (both for my company and for PG infra), hence the
> need for an open schema.

If this is the (or at least one) major use case of database backend,
our next step should be to implement a much simpler DB-client layer
that (at least initially) focuses on getting data, and probably
excluding DNSSEC related features.  The user will configure that layer
with the type of DB and DB-specific parameters such as DB/table name
and user/password, and a template of SQL sentence(s) to retrieve
necessary data to handle DNS queries.

One other thing I'm interested in about this mode of operation is
expected response performance.  I guess it's not difficult to achieve
a few thousands of qps even without any caching within the DNS server,
but if the required performance is higher than that level, we'll need
something more sophisticated.  And, depending on the background reason
for the performance requirement, usual approaches like caching may not
be a good solution.  For example, if the concern is resiliency to DoS
attacks, caching won't be really effective because it should be pretty
easy for the attacker to attach the cache itself.

Do you have any idea about this point, either from what other users
wanted or from what you'd expect yourself?

Thanks,

---
JINMEI, Tatuya
Internet Systems Consortium, Inc.

More information about the bind10-dev mailing list