On 03/14/2013 02:09 PM, Mark Andrews wrote:
In message <16704.1363267...@sandelman.ca>, Michael Richardson writes:
"Mark" =3D=3D Mark Andrews <ma...@isc.org> writes:
>> I'm not a namedropper, but that doesn't sound like kosher DNS to
>> me... sort of a weird split horizon.
Mark> It is quite common for the stealth masters to exist (not
Mark> listed in the NS RRset). It is also quite common for
Mark> recursive servers to have local copies of zones that are in
Mark> use locally but not be listed in the NS RRset. The update
Mark> protocol supports forwarding of signed UPDATE requests where
Mark> the forwarding server does NOT have the shared secret.
Mark> homenet <> CER (master) <> listed authoritative servers <>
Mark> rest of the world
Mark> Now if you want this to work with the CER turned off while you
Mark> are away and update to the zone to work then protocol work is
Mark> needed to get multi-master working.
I think that you are saying that there is software work, not that there is
standards work?
The DNS model is a single master server. That server can be the
CER or a master hosted elsewhere (ISP). Both have advantages and
disadvantages.
CER hosting:
pro: the homenet is not dependent on anything external for local DNS resolution.
con: you need the CER to always be on or else you cannot update the zone when
you are travelling.
ISP hosting:
pro: The CER can be turned off when traveling.
con: you require the local link and ISP server to be running to make changes
to the zone.
Now for travelling we could manually switch the server roles around.
Multi-master (if defined) would do this automatically and allow for
updates to the zone when partition whether that was due to a link
failure or powering off of the CER due to travel.
This last part requires standards work as it needs to be cross vendor.
Mark, I am still confused as to whether there is anything new/unimplemented
here too. If my CER, say, is the master, but my ISP runs the globally visible
NS RRset on their servers, so far so good. But if we want my CER to *also*
act as an authoritative server within my homenet so that, for example, it still
works when my ISP link is dead, is that a problem? Of is this just some
configuration
voodoo that doesn't actually need standardization?
I hadn't really considered it, but your post make me realize that the opposite
scenario could happen as well: ie, the master is actually in the cloud
somewhere,
and my CER is one of its slaves which, again, would play authoritative on my
homenet. Both scenarios are interesting.
Mike
_______________________________________________
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet
