[Twisted-Python] State of Names / DNS server

Glyph glyph at twistedmatrix.com
Sun Oct 14 18:00:23 MDT 2018 


> On Oct 12, 2018, at 12:18 PM, Evilham <contact at evilham.com> wrote:
> 
> Dear Twisted people,
> 
> I've been taking a good look at twisted.names as a sever after checking
> twisted-infra/braid/services/names and how the zones are saved.

The way the zones are saved there is fairly primitive.  It would be nice if we had a more robust backend; in particular I'd love it if we had a DNS API so that e.g. https://github.com/glyph/lancer could talk to something on twistedmatrix.com to provision HTTPS certificates via the LE DNS-01 challenge.

> Basically, I wonder what the state-of-afairs of running DNS with twisted is.

We run it on production on twistedmatrix.com and that site sees plenty of DNS traffic :-).

> By checking the code I see a couple things like:
> * That zone transfers are enabled by default and open to any host and
> only subclassing would help override that (it is the case on
> twistedmatrix.com btw).

It would certainly be nice if this were controllable via a flag.  As you notice, this should be a ticket.

> * Comments saying how some things are not RFC-compliant, but not how.

Some investigation into these comments to make them more specific would be good.

> * That DNSSEC is not implemented

On the one hand, it would be great if someone would take the DNSSEC support already in various branches and get it over the finish line.  On the other, DNSSEC is bad (see <https://sockpuppet.org/blog/2015/01/15/against-dnssec/> for example), and is really not necessary to run a real-life DNS server or client, so it's a little difficult for various DNS-interested parties to get excited about it.  Nonetheless if people are going to do DNSSEC I'd rather they do it with Twisted than BIND, so if you could help integrate DNSSEC work that is a definite goal for the project!  So I hope somebody who disagrees with me about the utility of DNSSEC contributes to it.

> Besides the 1st point which could be a ticket (should I open it?),

Yup :).

> the
> other points appear to be somewhat documented in the open tickets:
> https://twistedmatrix.com/trac/query?status=assigned&status=new&status=reopened&component=names&group=priority&max=200&col=id&col=summary&col=status&col=owner&col=type&col=priority&col=milestone&order=priority
> 
> But I wonder if there is something like a roadmap that I haven't seen or
> a very specific way to start helping on this front.

Right now the main thing we need is a motivated, interested maintainer to advance these goals.  This email sounds suspiciously like volunteering to be that :).

> Basically, I'd hate to start working on sth and it overlapping with
> someone else's work ;).

There's lots of other work in progress, but as you can see from most of them, most of this work is stalled.  I'm 100% sure that if you started working on some of these tickets, the people whose work you might duplicate would be overjoyed that someone had done that, so I don't think you need to worry about stepping on anyone's toes.

> I checked a couple tickets, and see that there is definitely a need for
> some cleanup, e.g. this one appears to be ready for closing
> https://twistedmatrix.com/trac/ticket/5048
> as it is marked as duplicate of a closed ticket.

Please go ahead and close it if you are reasonably sure of that!

> Also, I recall this PR from early summer, which appears to have been
> OK'd but is blocked by some failure in appveyor + buildbot:
> https://github.com/twisted/twisted/pull/954

Sadly we don't have a queue of "already approved" tickets (that I know of and check, anyway) so if this is stuck, it would be best to put it back into review so it shows up on https://twisted.reviews/ and gets attention.

-glyph
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20181014/90698967/attachment-0002.html>

More information about the Twisted-Python mailing list