Date: Wed, 26 Feb 2014 16:37:36 +0100 From: Fabian Wenk <fabian@wenks.ch> To: freebsd-hubs@freebsd.org Subject: Re: Future of DNS, DNSSEC, country code delegations, etc. Message-ID: <530E0A40.3030103@wenks.ch> In-Reply-To: <530C59D7.30204@wemm.org> References: <530C59D7.30204@wemm.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Peter On 25.02.14 09:52, Peter Wemm wrote: > We (freebsd.org) use ISC's global anycasted ISC-SNS dns servers. In our > experience they have excellent coverage around the world so we'd prefer to > fold the *.cc.freebsd.org zone into the main freebsd.org zone (like > wwwN.us.freebsd.org and ftpN.us.freebsd.org are right now). Actual > sub-zones could be done if there's a regional reachability problem but I > would rather not unless we absolutely had to. In the end this is the right thing to do. Even if there are two different points of view, even from myself. One is from me as the ch.freebsd.org DNS zone operator, which I am proud of doing it for the FreeBSD project. But as it can be seen in [1], I also have some unresolved challenges. I even did forward this to cvsup-master@ in December without any answer yet. As I put workarounds in place, it is not critical, but also not a nice and permanent solution. [1] http://lists.freebsd.org/pipermail/freebsd-hubs/2013-October/002699.html And the other one is from me as a FreeBSD user depending and trusting into the project infrastructure (which also includes the cc.freebsd.org DNS zones and severs) and the people who operate it. In retrospect to how easy it was to become the operator of the ch.freebsd.org DNS zone (it was handed over to me from a friend who run it before), this also worries me. If I would e.g. point DNS entries to rogue servers, I could probably cause some damage to users using it. This is something which I will never do, as in the end this would hurt my own reputation. So I support the decision that the FreeBSD project itself should operate the cc DNS zones on their own infrastructure. I think the argument about regional reachability can probably be ignored, because if a regional resolving DNS server does not already know on which DNS server e.g. the ch.freebsd.org DNS zone is, it still needs to resolve this through the root and then the freebsd.org DNS servers. bye Fabian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?530E0A40.3030103>