DRAFT - DNS Admin Guide

Olafur Osvaldsson oli at isnic.is
Wed Jun 25 07:28:59 PDT 2003 

Ken,

On Wed, 25 Jun 2003, Ken Smith wrote:

> > If the subdomain does
> > not exist, but the mirror admin in Croatia can not administer
> > the zone, I would say, it's bad luck.
> 
> This is one of the questions that needs to be answered.  How many would
> this hurt versus how many would it help?  My guess was it hurts more
> than it helps.

Here other CC mirror admins can step in, I wouldn't mind hosting the DNS
for other countries alongside is.freebsd.org if there is noone capable
of it in that country.

> > Don't forget the obstacles you have to cope with, if you want to
> > change the running system. I can imagine people feel stepped on
> > their toes, if you want to take away the responsibility they
> > currenty have. Of course this should not be an issue, if there
> > are good reasons to change, but it should be considered.
> 
> If the delegations currently in place are not hurting they would
> not need to be broken down.  But moving forward from here the "new"
> focus on function (WWW/cvsup/ftp) being the primary organization
> and the DNS layout not as focused on country codes is what decisions
> get made by.
> 
> Under this scheme all requests for updates go to dmsadm@ no matter
> what thing(s) it is they are requesting.  If delegation is in place
> for it then the dnsadm@ folks handle bumping it to the right person(s)
> (or if the mail volume on dnsadm@ isn't really all that high everyone
> involved in any DNS changes can get the messages and would know which
> piece they are handling).

Are you suggesting moving all the CC zones into the FreeBSD.org zone?
I hope not as I beleive the load on dnsadm@ would be much higher if that
path is chosen.

I think it would be much better if all countries would be delegated (us.* to)
and the ftp[1-9]?.* and cvsup[1-9]?.* servers would be chosen from what are
the best of the country servers.
Then dnsadm would only have to deal with country delegations and changes to
the status of the primary server names (ftp[1-9].* and similar).
Then it can authenticated by the means of PGP to dnsadm and each country could
do the same or impliment their own security model.

/Oli

-- 
Olafur Osvaldsson
Systems Administrator
Internet a Islandi hf.
Tel:   +354 525-5291
Email: oli at isnic.is

More information about the freebsd-hubs mailing list