directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Richard Wallace <rwall...@thewallacepack.net>
Subject Re: Proposed protocol-dns changes
Date Mon, 29 Jan 2007 16:08:31 GMT
Enrique Rodriguez wrote:
> On 1/16/07, Richard Wallace <rwallace@thewallacepack.net> wrote:
> ...
>> That should cover it all.  I'd like to add a few more decoders
>> for things like TXT and SOA records.  That should cover about 90%
>> of the records in use on most DNS servers.
>
> That would be nice.  I also think CNAME, PTR, and SRV should be in
> that group.  In particular, SRV is used during "KDC discovery" and
> to find LDAP servers, both of which are, of course, relevant to us.
>
>
> In order to combat spoofing/phishing we'll see the record types
> related to security rise in usage.
>
Ok, I missed those.  I thought those were already implemented but I
was thinking of the encoders.  You're right, we do need decoders for
those as well because they are other often used records.
>> Then I'd like to get things separated a little bit more and
>> create subprojects within protocol-dns.  I'm thinking something
>> like protocol-dns/ core/ mina-shared/ server/ shared/ mina/
>> store/ client/
>
> I can see splitting to client, server, and shared.  We've done that
> as protocal impl's get bigger.  As I noted in a previous email, I
> don't agree with the need to totally abstract out MINA.
I'm fine with not putting the MINA stuff in a separate project, so
long as the core protocol code (like the encoders/decoders) don't
depend too heavily on MINA.
>
> I think making the store pluggable is a good idea.  Though, the
> synergy with directories is quite nice.  You can see in an old
> experimental build combining OSGi, Directory, and the DNS server
> provider how this looks in an LDAP browser:
>
> http://cwiki.apache.org/confluence/display/DIRxSRVx10/Configuration+Admin+with+LDAP+and+DNS
>
>
>
Oh I completely agree.  A buddy and I have a small hosting business on
the side and we decided to use Power DNS for just that reason.  Using
that, a custom module for apache httpd for looking up virtual domains
in ldap, and the postfix ldap authentication modules we were able to
get all our clients information in a nice tree structure very similar
to that.  We haven't gotten around to writing all the management
interfaces and all for it, but it's so easy for the two of us to
administer with just phpldapadmin that we've never really had the need.

>> I wouldn't mind actually seeing this becoming a separate project
>> of it's own, like dns.apache.org.  That would be really cool.
>
> I'm really glad to see activity on DNS.  It is an important part of
>  the over-arching concept of "realm control" but you need all of
> the protocols working, server-side, to pull it off and that is a
> ton of work.
>
> Enrique



Mime
View raw message