[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: client dns lookups, can they be disabled?

To: Tony Earnshaw <tonni@billy.demon.nl>
Subject: Re: client dns lookups, can they be disabled?
From: Rick van Rein <rick@vanrein.org>
Date: Wed, 25 Sep 2002 22:46:19 +0200 (CEST)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <1032981413.11795.39.camel@billy.demon.nl>

Hi,

> As BIND DNS Admin, with the knowledge that I have at the moment, I'd
> never use LDAP for storing my zone data.

I fully agree with Tony -- neither would I.  Never.

I doubt if LDAP can beat directly use of a DNS server.
Simply because the use of LDAP would require a translation from one
data model to another, and there'll always be loss of speed.

I recall an essay by one of the LDAP RFC authors in which they describe
that it is expressly not the idea to replace DNS with LDAP.  For one
reason, namely that DNS functions just fine.  (Ehm, he didn't mention
security, by the way.)

DNS in LDAP retrieves every DNS query result from an LDAP database as I've
understood.  Now, if it were a mere matter of storing zone data in LDAP,
and conveniently retrieving it from that location upon name server startup,
it'd be a whole different story.  A story that can resolve several tough
problems with dynamic updates and securely passing information between
servers.  But that story isn't the one that's being told by DNS/LDAP AFAIK.

> Any more than I'd stuff LDAP directory data into an SQL database.

Indeed, that feels like a similar waste of computing energy.

> _Da' er vondt _ vakna i Tr_ndelag, dao so' hjarta ditt ligge i Sogn og
> Fjoradn_

Tony, your Dutch is in a dialect that I don't understand...  grinn.


Cheers,
Rick van Rein.

References:
- Re: client dns lookups, can they be disabled?
  - From: Tony Earnshaw <tonni@billy.demon.nl>

Prev by Date: sasl and LLL
Next by Date: back-sql and oracle and uid
Index(es):
- Chronological
- Thread