[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: DNSSRV (was: Splitting directory over backends)

To: Adam Williams <awilliam@whitemice.org>
Subject: Re: DNSSRV (was: Splitting directory over backends)
From: Rick van Rein <rick@vanrein.org>
Date: Thu, 12 Sep 2002 07:03:14 +0200 (CEST)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <1031793816.18383.1.camel@estate1.whitemice.org>

Hello Adam Williams,

> >Just curious: How many domains have a SRV RR _ldap._tcp.<domain> so that 
> >it's worth thinking about offloading root.openldap.org?
> 
> On the public side?  We don't, but I'd certainly be willing to add one
> if somebody actually wrote something that used it.  This sounds very
> interesting.

This is just the problem why SRV records have difficulties getting adopted
-- most DNS admins say "interesting, now let's wait until it's used" while
application makers don't use the records because there are hardly any
domains publishing SRV records.  Catch-22.

DNS admins have nothing to loose.  A query for A records will not return
the SRV records that are independently defined for it, as in
	_ldap._tcp.example.com.  IN SRV 0 0 389  zeus.example.com.
	ldap.example.com.        IN CNAME        zeus.example.com.
Note that the IN A form, although commonly used, is abuse of the CNAME
facility, which is intended for hostname aliasing, not server pointers.

Since LDAP has a default port allocated, almost all servers run there.
So the port-lookup feature of SRV records is "just" and add-on gimmick that
specifies how load should be distributed over master/slave servers. But hey,
you can simulate 3:1 ratios with IN A RR too, by using decls like
	ldap.example.com.  IN A 1.2.3.4
			   IN A 1.2.3.4
			   IN A 1.2.3.4
			   IN A 5.6.7.8
But we can probably agree quickly that this is ugly.  Not to mention that
hardly any socket code will actually iterate over all IPs returned for the
name.  Thereby loosing one big advantage of replication, namely that of
robust service.

One true advantage of SRV records is that it allows you to get rid of that
unprofessional "ldap." prefix before your domain name and that you can
still relay the protocol anywhere you want it.  Useful if you host your
website at an LDAP-neglecting web service.


It's the total SRV-package that can help improve reliability of the
Internet, but someone must make a start -- a DNS admin for instance.
 * http://DNS.vanrein.org/srv
 * http://FingerHosting.com
 * http://www.openldap.org/faq/index.cgi?_highlightWords=root%20openldap%20org&file=393


Sorry if my view on this issue is somewhat biased ;-)

Rick van Rein.

References:
- Re: DNSSRV (was: Splitting directory over backends)
  - From: Adam Williams <awilliam@whitemice.org>

Prev by Date: Re: Searching for Group memberships of users
Next by Date: Re: DNSSRV (was: Splitting directory over backends)
Index(es):
- Chronological
- Thread