Earl R Shannon wrote:
>I agree that this would be nice. However, to do it "correctly"
>would require the creation of another type of record in
>DNS similar to an MX record for a mail handling machine.
>As I understand it (perhaps incorrectly) an effort was made
>to do this and was met with some resistance.
>
>Yes, other ways could be devised that do not require modification
>of the protocol or RFC. Perhaps even another version of
>DNS that simply tracks AFS related services. But that's a new
>can of worms isn't it?
Not at all. For example, the system implemented in kerberos V uses as
magic (pseudo-)hostname and a TXT type record. There are security
questions with a system like this that haven't been fully answered,
which is why we don't want to eliminate CellServDB, but a system that
wouldn't _require_ a central master file would be appropriate.
To really be successful, such a system should really be implemented in
conjunction with a dynamic root.afs volume, to automagically create
the mount points in /afs as well as find the vldbs. _That_ would be
cool.
Our problem is a little different from krb5. They want to know, given
a host, what the KDC is for the host, and the answer is found by
walking up the name tree from that host. What we want to know, given
an entry /afs/<some.cell.org>, is what the vldb servers are for that
cell. An admin of a cell should be able to request a TXT entry for
_vldb.some.cell.org in almost all cases. The ones that couldn't would
still need to have CellServDB entries from other cells.
--
Dave Thompson <[EMAIL PROTECTED]>
Associate Researcher Department of Computer Science
University of Wisconsin-Madison http://www.cs.wisc.edu/~thomas
1210 West Dayton Street Phone: (608)-262-1017
Madison, WI 53706-1685 Fax: (608)-262-6626
--
