[Savannah-dev] DNS backend

[Guillaume Morin]

Dear Savannah folks,

I've been thinking about the DNS backend, since lists backend is almost
ready (needs of course some real life tests, and better Debian packaging
but seems to work).

The point of this is to propose subdomains to projects as a vhost for
their web repository, and some useful aliases (CNAME) e.g
cvs.project.whatever.

The worst point about the backend is that you have to design a way of
communication between some data and some programs that people usually
launch by hand. However, the really good thing(tm) with recent bind
releases (>8) is that they support dynamic updating
(http://www.ietf.org/rfc/rfc2136.txt?number=2136). That means that an
host can update a DNS database across network using a special protocol.
That rocks, doesn't it ?

Therefore I suggest that the dumps server could do this job since that
it is very simple and does not require weird software. As usual, the
dumps server will dump in some files, but instead of waiting that some
other server gets the dump, a cronjob will parse the output. We surely
could create another kind of server that would do the job. But I think
that giving this job to the dumps server is a good thing, since, as I've
already stated, it does not induce some overhead and we skip the
rsync'ing thing which is always good :-)

I plan to write a perl script that will use the savannah modules to
parse the configuration file, something like

<savannah>
<configuration>
<dns>
        <server name="foo">
                <rootDomain name="foo.com"/>
                <rootDdomain name="foo2.com"/>
        </server>
        <server name="bar">
                <rootDomain name="bar.com"/>
        </server>
</dns>
</configuration>
</savannah>

After that, it will parse the dns dump and update the DNS with Net::DNS.

The only little concern I have with dynamic updating is the ttl
argument. We have to provide a TTL for CNAME and we don't want since
they are supposed to stay forever.

I basically see two approaches to adress that problem :

1) we add the CNAME with the highest TTL, which is 2147483647 seconds
(almost 68 years)

2) We add each new CNAME with a TTL of ~400 days and we choose one day
of the year when we update all entries.

I would the prefer the first one, which is not that bad _IF_ documented
:-). What do you think ?

The last concern is security. It seems to be achievable with DNSSEC, but
afaik Net::DNS does not support it (yet, I can help on that). If we use
it, we'll have to enforce Bind 9.1. I think if it is okay, but maybe
some people wants to discuss this issue...

Any comments on this welcome.

-- 
Guillaume Morin <address@hidden>

                  Batailler corps et âmes pour un maudit refus
                              (No one is innocent)