[retronet] Subdomains of retrocomp.net…
John P. Willis
jpw at coherent-logic.com
Fri Aug 31 10:18:49 MDT 2018
----- On Aug 30, 2018, at 10:51 PM, gtaylor gtaylor at tnetconsulting.net wrote:
> On 08/30/2018 10:34 PM, John P. Willis wrote:
>
>> Do we want it integrated in any way into the registration system
>> I'm putting together? It will be able to hold <$memberNickname>, and
>> could easily spit out zonefiles/sections of zonefiles/kick off an rndc
>> retransfer.
>
> I think we certainly want to register nick names and use that as the
> subdomain name by default if not by declaration.
>
> Aside: I see no reason at this time why we would need to go beyond one
> subdomain name. (I can see a hypothetical possibility of more than a
> /24 in an extreme case, but we can easily cross that bridge when we get
> there.)
>
Agreed.
>
> That being said, I'm more interested in leveraging Dynamic DNS, using
> TSIG keys and "grant" statements, to allow clients to use the DNS
> protocols to update their zones / records via things like nsupdate.
>
> I would also be quite interested in the possibility of the Web UIs
> re-using the same Dynamic DNS methodology.
>
> The systems that do the update can identify the SOA for the zone /
> subdomain and send Dynamic DNS updates (via nsupdate or anything else
> comparable) to the master name server. Said master name server could be
> BIND running on the local RetroNet client or it could be BIND running on
> the central RetroNet servers. Same method supports different locations.
>
I think it sounds compelling, though my only experience with dynamic DNS
systems was a stint with AD-integrated DNS ca. 2001.
>> Pretty used to automating this sort of thing. Not saying those scripts
>> are useful in this scenario, however.
>
> I think it's an interesting idea. I'm personally interested in trying
> the Dynamic DNS updates using TSIG keys and grant statements first.
>
> What do you think?
>
>
My only concern (minor concern; not a show-stopper) would be shutting out
people who want to run their own DNS on vintage gear/systems that may not
support the more modern features.
Again, though, a bridge we can cross when we get there, and perhaps one
better left to individual cases.
In any event, I think the central servers should probably be something
secure and modern, with the caveat that old resolver libraries must be
able to work with them.
>
> --
> Grant. . . .
> unix || die
>
>
> _______________________________________________
> retronet mailing list
> retronet at mailman.chivanet.org
> http://mailman.chivanet.org/listinfo/retronet
More information about the RetroNet
mailing list