Hi Denis, Thanks for the feed back! The big read arrow symbolized the synchronization between the zone hosted on your HNA and the DNS Public server on the outsourcing infrastructure. This could be your ISP or any third party. One of the motivation to outsource was to prevent DDoS attack on the HNA, so as mention Ted, if your ISP is as reliable as your HNA.... you may use a third party to host your zone. However, the HNA hosts the Hidden primary and is expected to host the most up-to date content. When you switch from one ISP to another, these ISP are hosting secondary servers and your hidden primary are expected to be able to synchronize with these secondaries. As a result the zone published on the Internet is expected to remain synchronized. The problem by switching from one outsourcing infrastructure to the other, is that information stored in cache resolver (NS) may not be up-to-date for TTL seconds. As mentioned Ted, we expect that the hosting infrastructure is able to host relatively safely.
I believe this concern might also be relevant to the dhcp option draft where we explicitly had the discussion of an ISP providing the service. In this draft the DNS Zone Template is a template that is expected to be provisioned by the HNA. In other words, the template is not expected to contain all elements. The template is mostly useful when the HNA is booting. As a result, it is likely that there are very little changes over time and remain the same over the time you switch from one ISP to the other. If not up-to-date, the HNA may also update the template. Yours, Daniel On Tue, Jul 24, 2018 at 12:35 PM, Ted Lemon <mel...@fugue.com> wrote: > My personal feeling on this is that the off-site backup zone is a service > that could be provided by an ISP, could be provided by someone else, or > could just be something that a sufficiently geeky user sets up for > themself. If an ISP connection is as flaky as you describe, I would think > that they would be a poor candidate for offering this service, although as > long as it is reachable through ISP B, and is updated accurately, it should > be fine. If your point is that the homenet should notice if it can't > maintain contact with the off-site backup server, I think that's a good > point. > > On Tue, Jul 24, 2018 at 12:31 PM, Denis Ovsienko <de...@ovsienko.info> > wrote: > >> Hello group. >> >> What I was trying to say at the WG meeting was the following. Looking at >> the slide with the red arrow between a DNS server in the home network and a >> DNS server somewhere on the Internet, the following scenario immediately >> came to my mind. >> >> 1. A home network is connected to the Internet through an ISP A. >> Everything is synchronous and works. >> 2. The link to ISP A fails. >> 3. For the next month the home network remains half time disconnected and >> half time connected through ISP B. Regardless of the Internet reachability, >> devices come and go, and the network tries to update its zone. >> 4. The link to ISP A is restored and works for the next three months. >> 5. The user occasionally connects to ISP B in parallel, as a matter of >> habit. >> 6. Go to 2. >> >> Now, given the suggestion that the ISP maintains the zone, it would make >> sense to think what happens when the ISP's copy is no longer updated and >> the home network copy has changed. I have briefly looked through the I-D >> and have not found anything that would explicitly make sure that the zone >> cannot go split-brain. And if it goes split-brain, will it necessarily >> synchronize afterwards with no human intervention? Maybe those provisions >> are there, but I did not see them, in that case please disregard the >> comment. >> >> Feel free to use this input to improve the document, if it gives you any >> new ideas. >> >> -- >> Denis Ovsienko >> >> >> _______________________________________________ >> homenet mailing list >> homenet@ietf.org >> https://www.ietf.org/mailman/listinfo/homenet >> > > > _______________________________________________ > homenet mailing list > homenet@ietf.org > https://www.ietf.org/mailman/listinfo/homenet > >
_______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet
