[gtld-tech] Svelte CZDS zone files?
John R Levine
johnl at taugh.com
Wed Sep 14 02:35:06 UTC 2022
>> Changing it to work by AXFR/IXFR would be quite a challenge.
>
> On ICANN’s side, what more would it require standing up a name server
> and sharing TSIG keys? If DNS UPDATE were also implemented, it would
> address the timeliness issue (if the registries were willing to play
> along).
Due to the three month expiry, I doubt that any two clients have access to
the same set of zones, which would make ACL management pretty exciting,
particularly since I believe the credentials are stored in some SSO thing
from Okta. There's over a thousand zones and there's certainly over a
thousand users, so we're talking about ACLs with more than a million
entries.
Also, based on some of the chatter here, I suspect that a many of of the
users do not have the expertise to run a secondary DNS server and manage
TSIGs. A lot of CZDS users log into a web site and point and click to
download files.
> Of course, CZDS users would likely need to change their code. However,
> this wouldn’t have to be either/or — both could be done with the benefit
> of using IXFR being only getting the diffs (and, potentially better
> timeliness).
Viktor and I can do whatever we need to, but I don't think that scales.
The automatic scripted stuff is somewhat documented for the daily
downloads, and not at all for all the other stuff like extensions and
renewals.
Regards,
John Levine, johnl at taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
More information about the gtld-tech
mailing list