From owner-freebsd-hubs@FreeBSD.ORG Wed Feb 26 21:22:52 2014 Return-Path: Delivered-To: hubs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 38E5F10C for ; Wed, 26 Feb 2014 21:22:52 +0000 (UTC) Received: from mail-ie0-x22f.google.com (mail-ie0-x22f.google.com [IPv6:2607:f8b0:4001:c03::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 0420D1D67 for ; Wed, 26 Feb 2014 21:22:51 +0000 (UTC) Received: by mail-ie0-f175.google.com with SMTP id at1so1242633iec.20 for ; Wed, 26 Feb 2014 13:22:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=FsnnuF/DtezC1XWdrbnUu7H/nFx4E90++Oadt3TnhWQ=; b=ELVnrMGvEK+birbdPDGurzzFJojJuG4DJGoc3pZ3xjWYRjkHZ0r8RvPLSu9EpTbYAM t/m9U16EcBh58S+IyuTIJ7GT9Z1iq6NIQ5dP6rjMlWlTcZxuvi5a2na6tULf2p5j55IO d3huWDFXwadlOMXmZAOiQNHqSSbYrSaJX5uJdE+BBobpMMCGK3ZySCl7CSDkO78vQ+s0 MN/nshEewXrRbnhB4rx0L2GhMiswcQYVGjtAh8gU4V0ZlEPGdunZyI/AMyCd+pvbswaz Y1qp+JHvfFmCOw74/+k6dUbrC/g3rG5W6yAN7PlP6eDZKpVhQlq9Ep+Llseu/r5UVxDs /DPA== MIME-Version: 1.0 X-Received: by 10.42.61.4 with SMTP id s4mr1679130ich.58.1393449771459; Wed, 26 Feb 2014 13:22:51 -0800 (PST) Received: by 10.42.227.133 with HTTP; Wed, 26 Feb 2014 13:22:51 -0800 (PST) In-Reply-To: <530C59D7.30204@wemm.org> References: <530C59D7.30204@wemm.org> Date: Wed, 26 Feb 2014 16:22:51 -0500 Message-ID: Subject: Re: Future of DNS, DNSSEC, country code delegations, etc. From: Will Mitayai Rowe To: Peter Wemm Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.17 Cc: hubs@freebsd.org X-BeenThere: freebsd-hubs@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "FreeBSD Distributions Hubs: mail sup ftp" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Feb 2014 21:22:52 -0000 I've been honoured to have the responsibility of maintaining a CC domain for many years, but i can see the value in central management and have no arguments against Peter's proposal -Mit On Tue, Feb 25, 2014 at 3:52 AM, Peter Wemm wrote: > We (with clusteradm@ hat on) have been looking at another round of broken > mirrors, delegated DNS servers that have gone lame/missing, subzones that > have gone missing. wwwN.freebsd.org / wwwN.cc.freebsd.org that now point > to > Ubuntu or Microsoft IIS pages, stale/missing ftp mirrors etc. > > (by "cc" I mean country codes - "us", "eu", "au", "ru", etc.. I am not > picking on anyone in particular) > > One of the problems we've been hitting is that *.cc.freebsd.org was > originally set outside of the core project infrastructure. When they go > stale and the volunteers who originally set it up go missing, the data > simply disappears and is lost. In retrospect, this was a mistake. > > As things stand today, more than half of the original *.cc.freebsd.org > subzones have been lost. An uncomfortable number of the remaining records > are tragically stale. > > There's also the DNSSEC and ipv6 reachability question. Many of our > cc.freebsd.org zones are ipv4-only and only one has DNSSEC signatures. > > The question of what to do about it have come up many times inside > clusteradm@/dnsadm@ and ideas have bounced around ranging from extremes > like > simply abandoning the whole *.cc.freebsd.org idea, through just taking > them > back, or simply letting them die and quietly deleting them when they go > stale. > > I'm leaning towards a middle ground. My preferred option at this point is > to take the zones back so that we have a copy of the data within the core > infrastructure, and switch to a regional coordinator model. We kind of > already have this, except when current regional coordinators move on, we > tend to lose the data. > > What I'm talking about is something like this.. > > As they stand now, in the parent dns zone: > ; zone cc email for MIA april 2008, data lost > ; zone cc email for email bouncing may 2012 > ; zone cc current contact is > cc.freebsd.org. IN NS someserver1.cc. > cc.freebsd.org. IN NS someserver2.cc. > > And after such a change, it'd be email alias: > coordinator-cc@freebsd.org: somebody@somedomain.cc > > .. and we host the records inside the freebsd.org zone. This coordinator > will directly arrange with dnsadm@ to update the records in their area. > They would receive commit messages when records in their area were updated, > and be reachable via coordinator-cc@freebsd.org. > > We (freebsd.org) use ISC's global anycasted ISC-SNS dns servers. In our > experience they have excellent coverage around the world so we'd prefer to > fold the *.cc.freebsd.org zone into the main freebsd.org zone (like > wwwN.us.freebsd.org and ftpN.us.freebsd.org are right now). Actual > sub-zones could be done if there's a regional reachability problem but I > would rather not unless we absolutely had to. > > Advantages: > * We get better continuity and handovers if/when people want to move on. > * In theory, we should never lose zone data, contact addresses again. > * We still get local regional knowledge and coordination. > * 100% DNSSEC coverage and IPV6 connectivity. > > Disadvantages: > * There has been resistance and hurt feelings when ideas like this have > come up in the past. > * Loss of independence. > * There are residual bad memories from when working with dnsadm@ was > really > painful and slow. (I assure you, this is no longer a problem!) > > Ideally this would be done zone by zone, by contacting the current > coordinator for obtaining the current zone source, setting up email > aliases, > and adopting it into ns0.freebsd.org/ISC-SNS. > > If we can do it this way then we get to preserve notes, comments, history > etc. On the other hand, doing a blind zone transfer or scraping/iterating > through likely records and documented mirrors is far less satisfactory and > practically begging for hurt feelings. > > We even have a number of zones where we have *no working contact address* > for the current operator. I'm sure we can track them down eventually but > it > doesn't look good if we have to resort to asking on public mailing lists > questions like "Does anyone know who runs yy.freebsd.org?" > > Thoughts? How can we make this work without provoking (too many) ruffled > feathers? > > -- > Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com; > KI6FJV > UTF-8: for when a ' just won\342\200\231t do. > > -- Mit Rowe Toronto, Canada mitayai@gmail.com