17 Apr
2014
17 Apr
'14
1:33 a.m.
An open question on ampr.org hostnames (see my response below):
On 2014-04-08 15:32, Brian Kantor wrote:
Dean, I feel it would be a bad idea to delegate the
forward lookup to your nameserver without also delegating the reverse lookup, which would
be difficult and we do not do. You can continue to have as many names in the ampr.org dns
like ns1.ae7q as you like by having John set them up for you, which will automatically set
up the appropriate PTR record as well. I'd much rather you did it this way.
Best wishes. - Brian
On 2014-04-04 17:47, Dean Gibson wrote (to<bkantor(a)ucsd.ude>)e>):
>> I have IP address 44.24.240.173 in Bart Kus’s 44.24.240.0/20 block. I sent a
request to John Hays, the admin for the 44.24.0.0/16 block to add the following records to
the ampr.org domain:
>> ns1.ae7q IN A 44.24.240.173
>> ae7q IN NS ns1.ae7q
>> This would allow me to create additional hostnames in the ae7q.ampr.org
sub-domain, in my own DNS server. I’ve run BIND for 15 years, and this is a nice way to
delegate a sub-domain; the ampr.org domain remains protected.
>> John was able to add the first line to the domain, but not the second line, and
he suggested that I contact you. I see other NS records in the ampr.org domain; is this
something that you can do?
>> Sincerely, Dean AE7Q
>>
I understand the difficulty with delegating the reverse lookup in
general, which I was not requesting and don't need. It's often not done
on the Internet anyway for small (eg, hobby) servers, except for mail
servers, where it is a means of spam server detection. I've run multiple
sites with various functions (DNS, mail, web) on one box on the Internet
for 15+ years, and the only reverse DNS I've ever needed was for mail
servers.
Usually, a hobby machine serves several functions within the same box,
and multiple hostnames are mapped to the same IP address. In fact, for
ae7q.com (and my other domains), due to DNS requirements, I can't use
CNAMEs for the domain hostname (for those that leave off www.), the
nameserver hostname, or the mail server hostname (NS and MX records
can't reference a CNAME -- RFC 2181
<https://tools.ietf.org/html/rfc2181> section 10.3). These all use an
"A" record to assign the *same IP address* as the mail server (which
also can't use a CNAME, due to spam detection). That's three "A"
records to one IP address (and that's just in one domain), and it is a
very common practice. I do use CNAMEs other places.
I understand that you would like a PTR record for every hostname, but
that has the following negative consequences that I can see:
1. It encourages people to request a larger IP address block than they
need, and then create a multi-homed machine for the various
functions. I think it's a really bad idea to consume unnecessary IP
addresses, and I think it's already happening in the 44.x.x.x network.
2. For frequent changes, it unfairly and unduly burdens those
volunteers who have to respond to requests. I make *very* frequent
changes to my Internet and LAN domain records. I have over 50
network devices on my LAN at home on five subdomains, and I use DDNS
(both manually and via DHCP) for most of them (it's just easier than
changing a zone file and restarting BIND). Granted, most of those
won't be on the 44.x.x.x network, but the present scheme discourages
experimenting with configurations by amateurs who don't want to
burden the volunteers who make the ampr.org changes.
I would suggest that you reconsider your position of requiring a PTR
record for each hostname.
Much better to have a policy of encouraging *user-managed* subdomains,
in my opinion; that would help lead to a consistency in hostnames in
ampr.org (eg, all of the form <whatever>.<callsign>.ampr.org). A much
poorer alternative (also my opinion) is the present practice of having
end users to *submit to coordinators* CNAME records for subdomains of
any "A" records that are allocated to them.
Frankly, the former suggestion (user-managed subdomains where an
ampr.org coordinator adds the "NS" record *once*), is a lot less work,
in my opinion. Or is there a risk I'm not aware of? Remember, the
subdomains are served off of the user's DNS server(s), not the ampr.org
DNS servers.
Sincerely, Dean Gibson AE7Q
17 Apr
17 Apr
2:42 a.m.
On Wed, Apr 16, 2014 at 6:33 PM, Dean Gibson AE7Q <ampr(a)ae7q.com> wrote:
(Please trim inclusions from previous messages)
_______________________________________________
An open question on ampr.org hostnames (see my response below):
On 2014-04-08 15:32, Brian Kantor wrote:
(Brian)
Exactly why is it, " a bad idea to delegate the forward lookup to your
nameserver without also delegating the reverse lookup, which would be
difficult and we do not do."? For that matter when address space is
delegated in the portal why not have the portal set reverse dns for that
address space as wel or even better, establish a NS record that delegates
reverse DNS as well? BCP20 Tells us how. Maybe require that those who
request reverse DNS also run a swip server for their allocated space as
well.
It does appear that DNS delegation would place less strain on coordinators
and others responsible for keeping ampr.org/net44 dns running. Why not
allow individuals who request it run their own? I'd propose we run a trial
and let that prove the pluses and minuses of DNS delegation and not
delegation. If it's such a bad idea, then why not demonstrate why to those
who disagree by allowing a small trial. If it's the horendous idea you
claim it to be then all of us who disagree and think it's a great idea
ought end up looking like fools with egg on our face and you get to go
see... OTOH, if it works out It could be of great benifet to the AMPRNET
community and a relief for the coordinators.
Eric
AF6EP
Dean, I feel it would be a bad idea to delegate
the forward lookup to
your nameserver without also delegating the reverse lookup, which would be
difficult and we do not do. You can continue to have as many names in the
ampr.org dns like ns1.ae7q as you like by having John set them up for
you, which will automatically set up the appropriate PTR record as well.
I'd much rather you did it this way.
Best wishes. - Brian
3878
days inactive
3878
days old
1 comments
2 participants
participants (2)
-
Dean Gibson AE7Q -
Eric Fort