[bind10-dev] b10-master-only-auth (was Receptionist experiment)
Shane Kerr
shane at isc.org
Mon Mar 11 16:59:51 UTC 2013
Michal,
On Tuesday, 2013-03-05 09:22:07 +0100,
Michal 'vorner' Vaner <michal.vaner at nic.cz> wrote:
> Hello
>
> On Mon, Mar 04, 2013 at 11:25:33AM -0800, JINMEI Tatuya / 神明達哉
> wrote:
> > As a tool for generalization, I see the point, but at the same time
> > I'm not so sure about it. A common user of auth would also use
> > xfrout (and also incoming notify) normally, and they may not like
> > the complexity and overhead of the additional layer. Views are even
> > trickier, especially if we want to fill the gap with BIND 9, because
> > it would require more detailed inspection of incoming messages such
> > as TSIG key name, and it doesn't look obvious to me that different
> > views should be served by different processes.
>
> I know most users of xfrout would use auth, it just seems wrong to
> require it. And I'm ok with auth taking the place of receptionist in
> that usual scenario (like it does now), either by doing the same
> thing as now, or by doing the same thing as the future receptionist
> (so we could have some kind of library-ish thing that we would put
> into auth and the xfrout would act the same each time).
Just as a minor point, we really need some kind of "auth but only
answering SOA queries and AXFR/IXFR requests" daemon. Perhaps we could
call it "b10-master-only-auth" or something equally poetic. :)
Cheers,
--
Shane
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind10-dev/attachments/20130311/54b1dd3e/attachment.bin>
More information about the bind10-dev
mailing list