An open question on ampr.org hostnames (see my response below):
On 2014-04-08 15:32, Brian Kantor wrote:
Dean, I feel it would be a bad idea to delegate the forward lookup to your nameserver without also delegating the reverse lookup, which would be difficult and we do not do. You can continue to have as many names in the ampr.org dns like ns1.ae7q as you like by having John set them up for you, which will automatically set up the appropriate PTR record as well. I'd much rather you did it this way.
Best wishes. - Brian
On 2014-04-04 17:47, Dean Gibson wrote (tobkantor@ucsd.ude):
I have IP address 44.24.240.173 in Bart Kus’s 44.24.240.0/20 block. I sent a request to John Hays, the admin for the 44.24.0.0/16 block to add the following records to the ampr.org domain: ns1.ae7q IN A 44.24.240.173 ae7q IN NS ns1.ae7q This would allow me to create additional hostnames in the ae7q.ampr.org sub-domain, in my own DNS server. I’ve run BIND for 15 years, and this is a nice way to delegate a sub-domain; the ampr.org domain remains protected. John was able to add the first line to the domain, but not the second line, and he suggested that I contact you. I see other NS records in the ampr.org domain; is this something that you can do? Sincerely, Dean AE7Q
I understand the difficulty with delegating the reverse lookup in general, which I was not requesting and don't need. It's often not done on the Internet anyway for small (eg, hobby) servers, except for mail servers, where it is a means of spam server detection. I've run multiple sites with various functions (DNS, mail, web) on one box on the Internet for 15+ years, and the only reverse DNS I've ever needed was for mail servers.
Usually, a hobby machine serves several functions within the same box, and multiple hostnames are mapped to the same IP address. In fact, for ae7q.com (and my other domains), due to DNS requirements, I can't use CNAMEs for the domain hostname (for those that leave off www.), the nameserver hostname, or the mail server hostname (NS and MX records can't reference a CNAME -- RFC 2181 https://tools.ietf.org/html/rfc2181 section 10.3). These all use an "A" record to assign the *same IP address* as the mail server (which also can't use a CNAME, due to spam detection). That's three "A" records to one IP address (and that's just in one domain), and it is a very common practice. I do use CNAMEs other places.
I understand that you would like a PTR record for every hostname, but that has the following negative consequences that I can see:
1. It encourages people to request a larger IP address block than they need, and then create a multi-homed machine for the various functions. I think it's a really bad idea to consume unnecessary IP addresses, and I think it's already happening in the 44.x.x.x network. 2. For frequent changes, it unfairly and unduly burdens those volunteers who have to respond to requests. I make *very* frequent changes to my Internet and LAN domain records. I have over 50 network devices on my LAN at home on five subdomains, and I use DDNS (both manually and via DHCP) for most of them (it's just easier than changing a zone file and restarting BIND). Granted, most of those won't be on the 44.x.x.x network, but the present scheme discourages experimenting with configurations by amateurs who don't want to burden the volunteers who make the ampr.org changes.
I would suggest that you reconsider your position of requiring a PTR record for each hostname.
Much better to have a policy of encouraging *user-managed* subdomains, in my opinion; that would help lead to a consistency in hostnames in ampr.org (eg, all of the form <whatever>.<callsign>.ampr.org). A much poorer alternative (also my opinion) is the present practice of having end users to *submit to coordinators* CNAME records for subdomains of any "A" records that are allocated to them.
Frankly, the former suggestion (user-managed subdomains where an ampr.org coordinator adds the "NS" record *once*), is a lot less work, in my opinion. Or is there a risk I'm not aware of? Remember, the subdomains are served off of the user's DNS server(s), not the ampr.org DNS servers.
Sincerely, Dean Gibson AE7Q
On Wed, Apr 16, 2014 at 6:33 PM, Dean Gibson AE7Q ampr@ae7q.com wrote:
(Please trim inclusions from previous messages) _______________________________________________ An open question on ampr.org hostnames (see my response below):
On 2014-04-08 15:32, Brian Kantor wrote:
Dean, I feel it would be a bad idea to delegate the forward lookup to your nameserver without also delegating the reverse lookup, which would be difficult and we do not do. You can continue to have as many names in the ampr.org dns like ns1.ae7q as you like by having John set them up for you, which will automatically set up the appropriate PTR record as well. I'd much rather you did it this way.
Best wishes. - Brian
(Brian)
Exactly why is it, " a bad idea to delegate the forward lookup to your nameserver without also delegating the reverse lookup, which would be difficult and we do not do."? For that matter when address space is delegated in the portal why not have the portal set reverse dns for that address space as wel or even better, establish a NS record that delegates reverse DNS as well? BCP20 Tells us how. Maybe require that those who request reverse DNS also run a swip server for their allocated space as well.
It does appear that DNS delegation would place less strain on coordinators and others responsible for keeping ampr.org/net44 dns running. Why not allow individuals who request it run their own? I'd propose we run a trial and let that prove the pluses and minuses of DNS delegation and not delegation. If it's such a bad idea, then why not demonstrate why to those who disagree by allowing a small trial. If it's the horendous idea you claim it to be then all of us who disagree and think it's a great idea ought end up looking like fools with egg on our face and you get to go see... OTOH, if it works out It could be of great benifet to the AMPRNET community and a relief for the coordinators.
Eric AF6EP
-
Dean Gibson AE7Q -
Eric Fort