Date: Mon, 23 Jun 2003 18:43:46 -0400 From: Ken Smith <kensmith@cse.Buffalo.EDU> To: hubs@freebsd.org Subject: DNS stuff... Message-ID: <20030623224346.GA26558@electra.cse.Buffalo.EDU>
next in thread | raw e-mail | index | archive | help
I started to work on the DNS thing. If nobody provides input (I asked dnsadm@ to see if they want to provide any insight) this is a quick preview of what I thought of. If this seems like a horrible mistake let me know... There is a lot more to it (PGP signatures, @freebsd.org email addresses, etc.) that can be worked out over time but this is the "core"... If nobody thinks this is a horrible direction to take I'll post the whole thing late this week after enough people have had a chance to provide some initial thoughts. FreeBSD.org DNS Admin Guide V0.0 ================================ DNS by its nature is designed to allow delegation of authority. For organizations that are very large this is a good thing but at this time the FreeBSD Organization is not large enough to require much delegation. Having things delegated too much also leads to confusion about who is responsible for what, end-users do not know whom to contact for relatively simple things, etc. There are several more or less distinct groups whose function at least partially involves DNS. The groups are: 1) WWW site administrators 2) cvsup site administrators 3) FTP mirror site administrators 4) email system administrators (support for @freebsd.org email) 5) operations support administrators (provide machine(s) for release builds, ports builds, etc). The group who administer the DNS system itself are assumed to be in (5). Proposed Layout --------------- We propose identifying one person who is the "Coordinator" of each group listed above. By default this will be the only person who can request DNS updates. To make things simpler for the dnsadm@ staff there will be no explicit rules on what sorts of updates any individual Coordinator is allowed to request - it will be assumed each Coordinator knows enough about DNS to make only the requests appropriate to their group's needs and can be trusted to not act maliciously. These Coordinators may appoint other people who are allowed to request DNS changes. FreeBSD Namespace ----------------- Some requests may result in the creation of a new Zone in the FreeBSD Namespace. For example if a brand new Mirror site comes online in a new country its name should be "ftp.<country-code>.freebsd.org". The dnsadm@ staff will take care of adding in the new country code and handle the new zone on the existing DNS server infrastructure. At their discretion dnsadm@ may delegate the namespace and will route update requests to the people responsible for any given namespace. The above mentioned Coordinators need not worry about how this delegation is laid out. -- Ken Smith - From there to here, from here to | kensmith@cse.buffalo.edu there, funny things are everywhere. | - Theodore Geisel |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030623224346.GA26558>