Re: rsync vs. axfr-clarify (was: in support of axfr-clarify)

[Derek Atkins <derek@ihtfp.com>]

"D. J. Bernstein" <djb@cr.yp.to> writes:

> Derek Atkins writes:
> > Setting up axfr is simple.  I list my secondaries, and they just say
> > "master <my-ip-adderess>".  There.  Done.  End of configuration.  How
> > could setting up a secondary be any easier than that?
> 
> What do you do when you change named.conf---for example, to add a zone?
> You have to copy the changes to the secondary. With server replication,
> this is handled automatically.

If I am the primary, I email it to the maintainer of the secondardies
and say "add this section to named.conf".  If I'm the secondary, then
the admin of the primary usually contacts me with similar information.
The configuration of the zones themselves are nearly static; changing
the IP addresses of primary and secondary servers is rare -- certainly
much more rare than changing the zone data.

The point is that each DNS server is autonomous.  There is no
requirement that NS1.FOO.EXAMPLE. and NS5.BAR.EXAMPLE., which both
happen to be authoritative for the QUUX.EXAMPLE zone, be mirrors of
each other.

> Your notion of ``out-of-band'' is religious nonsense. Does it frighten
> you that the FTP protocol uses more than one port?

Religious nonsense, eh?  Dan, are you trying to be intentionally
belligerent or are you just unaware of how your tone comes across in
email?  I don't recall you being this quick to judge, nor do I
remember you trying to be mean or hostile, but then again I was much
younger then.  If your tone is accidental, may I suggest you "tone
down" your messages in the future?  Personally, I'm trying to have a
peaceful conversation here, and honestly I'm not sure how to interpret
your message.  Regardless, I do have to wonder how is it nonsense to
call "use protocol Y to communicate data for protocol X" out-of-band,
when protocol-X has its own way of communicating that very same data?

As for FTP, does it frighten me in what way?  The FTP spec clearly has
the PORT command documented.  It is part of the FTP protocol
specification.  I think it was a poor design choice, but then again I
wasn't there at the time it was created (and besides, that was not the
question).  No, the FTP PORT callback channel is not "out of band",
because it is just a second connection that remains part of the ftp
protocol.

No, out of band is when some protocol says to "run this _OTHER_
protocol to copy data from A to B".  Note that in this case (for DNS
zone files) I can use email, ssh, ftp, http, or even the US Postal
Service and OCR to transmit zone data.  Indeed, there are LOTS of
"out-of-band" means to transfer the data.  There are, however, two
"in-band" methods defined by the DNS specification, called AXFR and
IXFR.  Let's not confuse apples with kumquats here.  :-)

-derek
-- 
       Derek Atkins
       Computer and Internet Security Consultant
       derek@ihtfp.com             www.ihtfp.com

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>