Future of DNS, DNSSEC, country code delegations, etc.
Fabian Wenk
fabian at wenks.ch
Wed Feb 26 15:37:40 UTC 2014
Hello Peter
On 25.02.14 09:52, Peter Wemm wrote:
> We (freebsd.org) use ISC's global anycasted ISC-SNS dns servers. In our
> experience they have excellent coverage around the world so we'd prefer to
> fold the *.cc.freebsd.org zone into the main freebsd.org zone (like
> wwwN.us.freebsd.org and ftpN.us.freebsd.org are right now). Actual
> sub-zones could be done if there's a regional reachability problem but I
> would rather not unless we absolutely had to.
In the end this is the right thing to do. Even if there are two
different points of view, even from myself.
One is from me as the ch.freebsd.org DNS zone operator, which I
am proud of doing it for the FreeBSD project. But as it can be
seen in [1], I also have some unresolved challenges. I even did
forward this to cvsup-master@ in December without any answer yet.
As I put workarounds in place, it is not critical, but also not a
nice and permanent solution.
[1]
http://lists.freebsd.org/pipermail/freebsd-hubs/2013-October/002699.html
And the other one is from me as a FreeBSD user depending and
trusting into the project infrastructure (which also includes the
cc.freebsd.org DNS zones and severs) and the people who operate
it. In retrospect to how easy it was to become the operator of
the ch.freebsd.org DNS zone (it was handed over to me from a
friend who run it before), this also worries me. If I would e.g.
point DNS entries to rogue servers, I could probably cause some
damage to users using it. This is something which I will never
do, as in the end this would hurt my own reputation.
So I support the decision that the FreeBSD project itself should
operate the cc DNS zones on their own infrastructure. I think the
argument about regional reachability can probably be ignored,
because if a regional resolving DNS server does not already know
on which DNS server e.g. the ch.freebsd.org DNS zone is, it still
needs to resolve this through the root and then the freebsd.org
DNS servers.
bye
Fabian
More information about the freebsd-hubs
mailing list