On 10/5/10 9:18 AM, Tony Finch wrote:
On Tue, 5 Oct 2010, Michael Sinatra wrote:
Hence the question: How should I provision authoritative DNS servers, given that the prefix information is provided via DNS--including the prefix information for the DNS servers themselves--leading to a chicken-and-egg problem. In addition, I would assume that I need something similar to glue records (instead of A or AAAA glue, I need L64 or LP glue).
Isn't glue the answer to your question? Your name servers get their prefixes from the networks they are connected to, and they do dynamic updates to their parent zone as well as their own zone's master. Then other sites can find them using the usual referral chasing.
Which then implies that parent zones must use DDNS, and must enable secure updates from the child (from wherever the child's DDNS updates are sourced). In addition, the LP and/or L64 records must have very low TTLs, which is very different from the way we do glue today.
I am assuming that the name server's name is in a zone for which it is authoritative. If not, it doesn't appear in glue so it doesn't need to update the parent zone.
Yes. That's what I was implying. [snip]
So I don't think your question is relevant for most zones. It *is* relevant for the root. ILNP will have to come up with a new scheme for the root zone hints. I haven't looked at it in enough detail to see if they already have a plan.
My question was essentially whether this has been thought out from the DNS perspective. The root hints are one issue. Having (for example) .com able to accept dynamic updates from foo.com's BGP-speaking border router whenever foo.com's routing changes (i.e. dropping an upstream because a link went down), having very low ttls (<60sec) on L64 "glue" records which must be queried in order to reach the authoritative nameserver, and having the infrastructure be able to keep up with such queries may also be an issue. Does ILNP have a solution/recommendation for this?