Open Stack

On Wed, 2013-05-01 at 16:35 +0000, Mac Innes, Kiall wrote:
> Hi Simo,
> 
> On 01/05/13 16:07, Simo Sorce wrote:
> > I have been looking at the DNS as a Service proposal stuff that was
> > recently brought up on the list and on IRC.
> > 
> > And I am very surprised to see people here want to actually own the DNS
> > server backend (writing to databases directly and stuff) instead of
> > simply using DNS Updates and letting the deployer choose the DNS server
> > infrastructure it likes best.
> 
> RFC2136 DNS Updates don't offer the ability to do things like add/remove
> zones and is not always available. Many providers, like Akamai, UltraDNS
> etc simply don't offer support for RFC2136.
> 
> We don't require that the deployer maintains their own DNS servers. HP
> Cloud DNS, for example, takes advantage of Akamai's DNS offering.
> 
> > 
> > Why DNS Updates are not the primary interaction method with a DNS Server
> > in moniker (or nova-dns) ?
> 
> IMO, The primary method of interaction implemented should be usable for
> all primary interactions. Creation and deletion of zones are primary
> interactions.
> 
> Down the line, we expect to support features like allowing customers to
> slave zones from moniker managed DNS servers, requiring the provisioning
> of ACLs and TSIG keys, again, this is not supported by RFC2136.
> 
> > 
> > They are standard and quite simple to use, and any DNS Server worth this
> > name support them with multiple authentication methods (TSIG or GSS-TSIG
> > being the most prominent).
> > 
> > So I am baffled to see people going the direction of creating much more
> > complex deigns to interact directly with databases and stuff when that
> > is basically a solved problem in today infrastructures and trying to
> > *own* the DNS Server is going to cause more problems than it solves when
> > trying to integrate in an existing network.
> 
> We DO expect to own the DNS infrastructure to which customer domains
> will be provisioned. Mixing customers zones and operator zones is just
> not something we specifically support (That said, there is nothing
> currently preventing that, today)
> 
> Moniker does *much* more than the DNS functionality currently built into
> Nova does, if we were simply creating A records for instances, RFC2136
> would have been a better choice.
> 
> > 
> > Please comment.
> > 
> > Simo.
> > 
> 
> And.. Anyway! Moniker is completely modular, a RFC2136 backend could
> easily be written, assuming you have a secondary method of handling
> configuration that the RFC does not support.


Thanks for the explanation that makes a lot more sense, maybe it would
be nice to have it in distilled form here in the overview section:
https://wiki.openstack.org/wiki/Moniker

Currently that page does not give enough information about the
requirements and the objectives of the project.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York