Re: bind9 graphical admin interface
On Apr 2, 2008, at 12:53 AM, Boris Pavlov wrote:
[cut]
Craig's information is correct, but the "ugly tricks" comment isn't
fair. Those "ugly tricks" aren't that bad, and they've been WELL
documented since 1998 in RFC 2317!
Those, well documented ,in rfc, tricks are, indeed, UGLY tricks.
Having something well documented does not make it beautiful.
Yeah, but the tricks are only necessary because IP's don't map well to
a hierarchical namespace that has the least significant field on the
right, and the most significant field on the left, while people fluent
in "IP" read least specific to most specific left to right..
Honestly, pointing CNAMES from one zone to another is done all the
time for Forward DNS, example a company with a main domain and sub-
domains administered by more local admins...
bigcompany.com
CNAME to delegate intranet.bigcompany.com to the internal website people
CNAME for us.intranet.bigcompany.com to send that to the nameserver
run by the US IT folks
CNAME for au.intranet.bigcompany.com to send that to the nameserver
run by the folks in Oz
This is all completely normal for DNS. The RFC is just applying that
knowledge to the reverse mapping of IP addresses. It's not difficult,
not that uncommon in forward zones, and not really all that "ugly".
I think the problem is, people don't really get "delegation" of sub-
zones, even in the forward direction. Then they're asked to read IP
addresses "backward" on the screen and they just end up hopelessly
confused, because whoever taught them, didn't explain the concept of
delegated zones clearly.
All zones are delegated from ".", which is seeded into all resolvers
by hard-coded files, after all. Then you just work your way down from
the top of the tree. Same with reverse DNS, but it's all listed
backwards, which drives people batty who can't force themselves to
"think like DNS, not the router" and "work from right to left".
Honestly, there are too much classful/octal ugly shit still floating
around.
Fire up IPv6 and make it worse. Then you can start struggling with
broken clients that refuse to look up your AAAA records in your DNS
server once they've cached an A record, and similar. Giant hex
numbers are definitely a step forward in usability... (cough)!
:-)
DNS just isn't hard. For a completely distributed mini database
(imagine what anyone could do with TXT files but don't...) --
including administration of the servers -- that operates worldwide,
it's pretty impressive. Some of the router tricks and things done to
Anycast the root servers (some of them anyway) is also some neat work.
The only system more impressive that's as distributed as DNS (or
should I say similar design, but a much more controlled user-base and
certification requirements for clients and servers, and closed access)
is SS7 in telecom, mostly because it has strict rules about lookup
times that DNS does not. (Cough, Comcast DNS admins... slow...
cough...)
--
Nate Duehr
nate@natetech.com
Reply to: