On Mon, 8 Feb 2016, Cory (NQ1E) wrote:
Availability would also be greatly improved as the "master" LDAP controlled by Brian could propagate changes to any number of read-only copies hosted by various networks all over the world (just like DNS servers with a hidden master). For example, once we have a whois service up and running, we can simply point each whois server at its own read-only LDAP copy so traffic doesn't impact the master.
This is good.
Certificate authentication is also possible with LDAP which means it's likely we'd be able to support use-cases where updates need to be made securely over a RF link without using encryption to create a private channel for a password.
This is better. I am sold. OTOH, there is DNSSEC and other sort of things already in DNS, as well as TXT fields. The caveats would be information that needs to be kept hidden or suppressed, or stored/processed as XML before being exported to zone file and the DNS master kicked.
This is more of a matter to the internals of the portal application / interface than DNS itself.
While certainly useful to have an "offline copy" if the WAN link is down, DNS already has mechanisms to handle things such as TTL.
But alternatively, should one www node go down, it is useful to have others to fall back on.
-- Kris Kirby, KE4AHR Disinformation Architect, Systems Mangler, & Network Mismanager