[openstack-dev] [nova][moniker] DNSaaS but DNS Updates not first class interface ?

Mac Innes, Kiall kiall at hp.com
Wed May 1 16:35:33 UTC 2013 

Hi Simo,

On 01/05/13 16:07, Simo Sorce wrote:
> I have been looking at the DNS as a Service proposal stuff that was
> recently brought up on the list and on IRC.
> 
> And I am very surprised to see people here want to actually own the DNS
> server backend (writing to databases directly and stuff) instead of
> simply using DNS Updates and letting the deployer choose the DNS server
> infrastructure it likes best.

RFC2136 DNS Updates don't offer the ability to do things like add/remove
zones and is not always available. Many providers, like Akamai, UltraDNS
etc simply don't offer support for RFC2136.

We don't require that the deployer maintains their own DNS servers. HP
Cloud DNS, for example, takes advantage of Akamai's DNS offering.

> 
> Why DNS Updates are not the primary interaction method with a DNS Server
> in moniker (or nova-dns) ?

IMO, The primary method of interaction implemented should be usable for
all primary interactions. Creation and deletion of zones are primary
interactions.

Down the line, we expect to support features like allowing customers to
slave zones from moniker managed DNS servers, requiring the provisioning
of ACLs and TSIG keys, again, this is not supported by RFC2136.

> 
> They are standard and quite simple to use, and any DNS Server worth this
> name support them with multiple authentication methods (TSIG or GSS-TSIG
> being the most prominent).
> 
> So I am baffled to see people going the direction of creating much more
> complex deigns to interact directly with databases and stuff when that
> is basically a solved problem in today infrastructures and trying to
> *own* the DNS Server is going to cause more problems than it solves when
> trying to integrate in an existing network.

We DO expect to own the DNS infrastructure to which customer domains
will be provisioned. Mixing customers zones and operator zones is just
not something we specifically support (That said, there is nothing
currently preventing that, today)

Moniker does *much* more than the DNS functionality currently built into
Nova does, if we were simply creating A records for instances, RFC2136
would have been a better choice.

> 
> Please comment.
> 
> Simo.
> 

And.. Anyway! Moniker is completely modular, a RFC2136 backend could
easily be written, assuming you have a secondary method of handling
configuration that the RFC does not support.

--

Kiall Mac Innes
HP Cloud Services - DNSaaS

Mobile:   +353 86 345 9333
Landline: +353 1 524 2177
GPG:      E9498407

More information about the OpenStack-dev mailing list