DNS stuff...

Ken Smith kensmith at cse.Buffalo.EDU
Mon Jun 23 15:43:48 PDT 2003 

I started to work on the DNS thing.  If nobody provides input (I asked
dnsadm@ to see if they want to provide any insight) this is a quick
preview of what I thought of.  If this seems like a horrible mistake
let me know...  There is a lot more to it (PGP signatures,
@freebsd.org email addresses, etc.) that can be worked out over time
but this is the "core"...

If nobody thinks this is a horrible direction to take I'll post the
whole thing late this week after enough people have had a chance to
provide some initial thoughts.

			FreeBSD.org DNS Admin Guide V0.0
			================================

DNS by its nature is designed to allow delegation of authority.  For
organizations that are very large this is a good thing but at this
time the FreeBSD Organization is not large enough to require much
delegation.  Having things delegated too much also leads to confusion
about who is responsible for what, end-users do not know whom to
contact for relatively simple things, etc.

There are several more or less distinct groups whose function at least
partially involves DNS.  The groups are:

	1) WWW site administrators
	2) cvsup site administrators
	3) FTP mirror site administrators
	4) email system administrators (support for @freebsd.org email)
	5) operations support administrators (provide machine(s) for
	   release builds, ports builds, etc).

The group who administer the DNS system itself are assumed to be in
(5).

Proposed Layout
---------------
We propose identifying one person who is the "Coordinator" of each
group listed above.  By default this will be the only person who can
request DNS updates.  To make things simpler for the dnsadm@ staff
there will be no explicit rules on what sorts of updates any
individual Coordinator is allowed to request - it will be assumed each
Coordinator knows enough about DNS to make only the requests
appropriate to their group's needs and can be trusted to not act
maliciously.  These Coordinators may appoint other people who are
allowed to request DNS changes.

FreeBSD Namespace
-----------------
Some requests may result in the creation of a new Zone in the FreeBSD
Namespace.  For example if a brand new Mirror site comes online in a
new country its name should be "ftp.<country-code>.freebsd.org".  The
dnsadm@ staff will take care of adding in the new country code and
handle the new zone on the existing DNS server infrastructure.  At
their discretion dnsadm@ may delegate the namespace and will route
update requests to the people responsible for any given namespace.
The above mentioned Coordinators need not worry about how this
delegation is laid out.

-- 
						Ken Smith
- From there to here, from here to      |       kensmith at cse.buffalo.edu
  there, funny things are everywhere.   |
                      - Theodore Geisel |

More information about the freebsd-hubs mailing list