just initial thought for the https://bugs.launchpad.net/designate/+bug/1852902
When the user add TSIG key to a zone and the backend is BIND, PDNS then using command line Nsupdate, and PDNS api (depend on dns server version) the tsig key will be added to backend plugin
A designate configuration can be added to enable/disable this feature and it will be disabled by default for backward compatibility
for the split view:
Solution 1.
I was working on this before https://review.opendev.org/#/c/693583/
which add the concept of internal/external view to the recordset so when an AXFR/also-notify happens for the recordset it will choose the right tsig-key, or response with the correct recordsets based on the tsig-key
for example if the recordset is marked external, external tsig-key is used for also-notify and this recordset will appear in the external view in AXFR if the external tsig-key is used
but before u said before u need more details about it (if this is ok i can provide more details)
Solution 2:
A new Type of zones is created called split-view when the user create a split-view zone designate will do the following
* Create two zones in the backend Zone-internal Zone-external
* Create two tsig-keys and attach them to the zone Internal-tsig key External-tsig key
* In the backend plugin attach tsig-key to corresponding zone (internal/external)
* AXFR/also-notify will be handled by the backend plugin
what do u think about each direction ( each one has cons/pros )
the idea with designate and split-view the user should know only one zone example.com. (not multiple internal / external zones)
am sending this to point me in the right direction so i can begin writing detailed SPEC
just initial thought for the https:/ /bugs.launchpad .net/designate/ +bug/1852902
When the user add TSIG key to a zone and the backend is BIND, PDNS then using command line Nsupdate, and PDNS api (depend on dns server version) the tsig key will be added to backend plugin
A designate configuration can be added to enable/disable this feature and it will be disabled by default for backward compatibility
for the split view:
Solution 1. /review. opendev. org/#/c/ 693583/
I was working on this before https:/
which add the concept of internal/external view to the recordset so when an AXFR/also-notify happens for the recordset it will choose the right tsig-key, or response with the correct recordsets based on the tsig-key
for example if the recordset is marked external, external tsig-key is used for also-notify and this recordset will appear in the external view in AXFR if the external tsig-key is used
but before u said before u need more details about it (if this is ok i can provide more details)
Solution 2:
Zone- internal
Zone- external
Internal- tsig key
External- tsig key
A new Type of zones is created called split-view when the user create a split-view zone designate will do the following
* Create two zones in the backend
* Create two tsig-keys and attach them to the zone
* In the backend plugin attach tsig-key to corresponding zone (internal/external)
* AXFR/also-notify will be handled by the backend plugin
what do u think about each direction ( each one has cons/pros )
the idea with designate and split-view the user should know only one zone example.com. (not multiple internal / external zones)
am sending this to point me in the right direction so i can begin writing detailed SPEC