[Twisted-Python] State of Names / DNS server
Evilham
contact at evilham.com
Mon Oct 15 14:22:47 MDT 2018
Always a pleasure to read you Glyph,
Am 15/10/2018 um 2:00 schrieb Glyph:
>> On Oct 12, 2018, at 12:18 PM, Evilham <contact at evilham.com
>> <mailto:contact at evilham.com>> wrote:
>>
>> Dear Twisted people,
>>
>> I've been taking a good look at twisted.names as a sever after checking
>> twisted-infra/braid/services/names and how the zones are saved.
>
> The way the zones are saved there is fairly primitive. It would be nice
> if we had a more robust backend; in particular I'd love it if we had a
> DNS API so that e.g. https://github.com/glyph/lancer could talk to
> something on twistedmatrix.com <http://twistedmatrix.com> to provision
> HTTPS certificates via the LE DNS-01 challenge.
indeed, this is pretty much one of the main reasons why I am looking
into Twisted as a my DNS server :-).
Twisted DNS + Klein --> (große) Awesomeness (reading Twisted's source
code, makes you prone to bad jokes, that should be an official warning
somewhere)
>> Basically, I wonder what the state-of-afairs of running DNS with
>> twisted is.
>
> We run it on production on twistedmatrix.com <http://twistedmatrix.com>
> and that site sees plenty of DNS traffic :-).
>
>> By checking the code I see a couple things like:
>> * That zone transfers are enabled by default and open to any host and
>> only subclassing would help override that (it is the case on
>> twistedmatrix.com <http://twistedmatrix.com> btw).
>
> It would certainly be nice if this were controllable via a flag. As you
> notice, this should be a ticket.
Done, ticket #9551.
(Trac always thinks I am Spam with probability 90%, wonders!)
https://twistedmatrix.com/trac/ticket/9551
>> * Comments saying how some things are not RFC-compliant, but not how.
>
> Some investigation into these comments to make them more specific would
> be good.
Also documented in ticket #9552; mostly to use trac as a quick overview.
https://twistedmatrix.com/trac/ticket/9552
>> * That DNSSEC is not implemented
>
> On the one hand, it would be great if someone would take the DNSSEC
> support already in various branches and get it over the finish line. On
> the other, DNSSEC is bad (see
> <https://sockpuppet.org/blog/2015/01/15/against-dnssec/> for example),
> and is really not necessary to run a real-life DNS server or client, so
> it's a little difficult for various DNS-interested parties to get
> excited about it. Nonetheless if people are going to do DNSSEC I'd
> rather they do it with Twisted than BIND, so if you could help integrate
> DNSSEC work that is a definite goal for the project! So I hope somebody
> who disagrees with me about the utility of DNSSEC contributes to it.
:-D I am also not fond of DNSSEC being *the* thing; but apparently email
servers complain otherwise in certain environments.
Twisted supporting DNSSEC would indeed make things easier.
>> the
>> other points appear to be somewhat documented in the open tickets:
>> https://twistedmatrix.com/trac/query?status=assigned&status=new&status=reopened&component=names&group=priority&max=200&col=id&col=summary&col=status&col=owner&col=type&col=priority&col=milestone&order=priority
>>
>> But I wonder if there is something like a roadmap that I haven't seen or
>> a very specific way to start helping on this front.
>
> Right now the main thing we need is a motivated, interested maintainer
> to advance these goals. This email sounds suspiciously like
> volunteering to be that :).
Ouch, I guess I'll have to invent a time-dilution bubble first :-D. I'll
see what I can do about this (DNS, not time-dilution bubble).
>> Basically, I'd hate to start working on sth and it overlapping with
>> someone else's work ;).
>
> There's lots of other work in progress, but as you can see from most of
> them, most of this work is stalled. I'm 100% sure that if you started
> working on some of these tickets, the people whose work you might
> duplicate would be /overjoyed/ that someone had done that, so I don't
> think you need to worry about stepping on anyone's toes.
>
>> I checked a couple tickets, and see that there is definitely a need for
>> some cleanup, e.g. this one appears to be ready for closing
>> https://twistedmatrix.com/trac/ticket/5048
>> as it is marked as duplicate of a closed ticket.
>
> Please go ahead and close it if you are reasonably sure of that!
I was hoping for one of the involved parties remembering and saying "oh
yeah, that should be closed" otherwise it requires actual analysis, so
I'll leave that for some-time-soon.
>> Also, I recall this PR from early summer, which appears to have been
>> OK'd but is blocked by some failure in appveyor + buildbot:
>> https://github.com/twisted/twisted/pull/954
>
> Sadly we don't have a queue of "already approved" tickets (that I know
> of and check, anyway) so if this is stuck, it would be best to put it
> back into review so it shows up on https://twisted.reviews/ and gets
> attention.
Added the review keyword again and removed the owner as per the
developer documentation.
Thank you for the helpful reply,
--
Evilham
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: </pipermail/twisted-python/attachments/20181015/21a5648a/attachment-0002.sig>
More information about the Twisted-Python
mailing list