DRAFT - DNS Admin Guide

Ken Smith kensmith at cse.Buffalo.EDU
Wed Jun 25 00:17:09 PDT 2003 

On Wed, Jun 25, 2003 at 08:10:59AM +0200, Daniel Lang wrote:
> Hmmm, the not TLD-divided namespace is/should be part of
> discussion anyway. I think there have already been some
> suggestions to regorganise it (put the US mirrors under
> us.freebsd.org, select most responsive set of worldwide
> mirrors to populate ftpX.freebsd.org, etc).

Cool.  I've sorta felt the US-centric nature of the net should be adjusted
whenever possible so us.freebsd.org is good IMO...

But this does kind of circle back to dnsadm@ not necessarily being the
best people to decide these issues, and that these sorts of decisions
should be done by one person or a group of people who are more intimately
involved in the mirror system (the Coordinators).

> > Could you give some examples of the sorts of questions/email/whatever
> > that you want the system we design to take care of?
> [..]
> 
> Handling delegation for country code subdomains. This is requested
> every once in a while, and it's more crucial, because it can affect
> many sites and many services. Not only an authorization mechanism
> (like PGP) needs to be established, but also guidelines for
> mirror/service operators of that zone how to select and authorize
> their responsible zone admin, who can issue requests for changes
> in the delegation (or ask for delegation in the first place, if
> the subdomain does not exist, yet).

The proposal's suggestion for that was to "internalize" it inside of
dnsadm@ and they decide strictly based on the *DNS* mechanics of
things.  Are the DNS servers overloaded?  Are there so many requests
for <country> that it would be convenient to have another set of hands
doing the edits for that?  Would we like to have another DNS server
in <country> but perhaps it is sufficient to make it a pure slave
server and still keep <country> master info on the main master site
(thus nameservice queries in <country> may flow better but updates
still happen centrally).  Creation of the country code based subdomains
happen automatically and with no "special" authorization as a side-effect
of the Mirror Coordinator (or whatever, that's the question Jun raised)
saying there is a new mirror site in that country.

I think this is one of those things that need to be evaluated on
a cost/benefit basis.  What is the benefit to allowing this sort
of delegation to begin with?  I'm not completely sure what the answer
is to that - I'm sure I only have a partial picture of it.  I have
seen the cost though - it seems to confuse a lot of people and they're
not sure where to ask for stuff.

The current layout seems to be that a "Region" as much as possible is
left to decide issues like how many FTP mirror sites to have, etc. on
their own.  That's a really good thing as long as the Regions are well
defined, those Regions have a strong leadership within themselves, etc.
But I'm not sure it's working.  Working with an example at hand, we
have a site in Croatia that has been given access to ftp-master and
is ready to join in as ftp.il.freebsd.org.  But il.freebsd.org doesn't
exist.  It needs to be handled centrally but who is that?  The folks
doing us.freebsd.org by default?  Someone needs to realize that they
are the coordinator for anything that doesn't have its own strong
Regional leadership.  Things fall through cracks.  And, as the delegation
changes, all of that becomes a moving target for the people who are
trying to administer the WWW sites for example (now suddenly a new
Region popped up so person X doesn't need to worry about requests
from that region any more, it's person Y).  And as you say, what happens
if there is a LOT of interest in Croatia for FTP mirror service and
they want to administer that locally but they have zero interest in
CVSup?

All of this is something you need to live with in a truly large
organization.  But is the DNS administration such a heavy load that
it can't be handled by a relatively small number of people?  I can't
answer that, it's an open question.  If it isn't a very heavy load
"end-user frustration" can be avoided by a one-stop-shopping low overhead
setup as I proposed.  If it is a heavy load then what I proposed is
inadequate. :-)

-- 
						Ken Smith
- From there to here, from here to      |       kensmith at cse.buffalo.edu
  there, funny things are everywhere.   |
                      - Theodore Geisel |

More information about the freebsd-hubs mailing list