8 Feb
2016
8 Feb
'16
7:30 p.m.
On Mon, 8 Feb 2016, Cory (NQ1E) wrote:
Availability would also be greatly improved as the
"master" LDAP
controlled by Brian could propagate changes to any number of read-only
copies hosted by various networks all over the world (just like DNS
servers with a hidden master). For example, once we have a whois
service up and running, we can simply point each whois server at its
own read-only LDAP copy so traffic doesn't impact the master.
This is good.
Certificate authentication is also possible with LDAP
which means it's
likely we'd be able to support use-cases where updates need to be made
securely over a RF link without using encryption to create a private
channel for a password.
This is better. I am sold. OTOH, there is DNSSEC and other sort of
things already in DNS, as well as TXT fields. The caveats would be
information that needs to be kept hidden or suppressed, or
stored/processed as XML before being exported to zone file and the DNS
master kicked.
This is more of a matter to the internals of the portal application /
interface than DNS itself.
While certainly useful to have an "offline copy" if the WAN link is
down, DNS already has mechanisms to handle things such as TTL.
But alternatively, should one www node go down, it is useful to have
others to fall back on.
--
Kris Kirby, KE4AHR
Disinformation Architect, Systems Mangler, & Network Mismanager