[retronet] Subdomains of retrocomp.net…

Grant Taylor gtaylor at tnetconsulting.net
Thu Aug 30 22:51:08 MDT 2018 

On 08/30/2018 10:34 PM, John P. Willis wrote:
> I think this is a wonderful idea. Personally, I don't think there's 
> any real reason we can't effectively offer all three options. BIND is 
> pleasantly flexible that way.

Agreed.

> Do we want it integrated in any way into the registration system 
> I'm putting together? It will be able to hold <$memberNickname>, and 
> could easily spit out zonefiles/sections of zonefiles/kick off an rndc 
> retransfer.

I think we certainly want to register nick names and use that as the 
subdomain name by default if not by declaration.

Aside:  I see no reason at this time why we would need to go beyond one 
subdomain name.  (I can see a hypothetical possibility of more than a 
/24 in an extreme case, but we can easily cross that bridge when we get 
there.)

> I manage my own DNS with a set of scripts (in NetBSD) that set a lockfile 
> preventing concurrent access, read the current serial number, copy the 
> zonefile to /tmp, open it in $EDITOR, and when you save/exit, it makes 
> sure that $oldserial > $newserial, does a git commit/push to a private 
> BitBucket repo, and kicks off an rndc retransfer.

I have no doubt that that does work or that we could make it work for 
what we need.

That being said, I'm more interested in leveraging Dynamic DNS, using 
TSIG keys and "grant" statements, to allow clients to use the DNS 
protocols to update their zones / records via things like nsupdate.

I would also be quite interested in the possibility of the Web UIs 
re-using the same Dynamic DNS methodology.

The systems that do the update can identify the SOA for the zone / 
subdomain and send Dynamic DNS updates (via nsupdate or anything else 
comparable) to the master name server.  Said master name server could be 
BIND running on the local RetroNet client or it could be BIND running on 
the central RetroNet servers.  Same method supports different locations.

> Pretty used to automating this sort of thing. Not saying those scripts 
> are useful in this scenario, however.

I think it's an interesting idea.  I'm personally interested in trying 
the Dynamic DNS updates using TSIG keys and grant statements first.

What do you think?



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3982 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.chivanet.org/pipermail/retronet/attachments/20180830/dd44e2f2/attachment.bin>

More information about the RetroNet mailing list