[Freeipa-devel] A new proopsal for Location Based Discovery

Petr Spacek pspacek at redhat.com
Fri Apr 5 15:39:24 UTC 2013 

On 5.4.2013 16:32, Simo Sorce wrote:
> On Fri, 2013-04-05 at 14:54 +0200, Petr Spacek wrote:
>> On 5.4.2013 14:38, Simo Sorce wrote:
>>> On Fri, 2013-04-05 at 14:29 +0200, Pavel Březina wrote:
>>>>>
>>>>> Pavel Brezina discovered that the design doesn't specify how client
>>>>> should behave if expected _location.client.example.com. record
>>>> doesn't
>>>>> exist.
>>>>>
>>>>> I propose to let this aspect on implementer's discretion (or
>>>> configurable).
>>>>>
>>>>> Personally, I would fall back to another pre-configured name, e.g.
>>>> in
>>>>> case of SSSD to configured 'IPA domain' ...
>>>>
>>>> Before I seen the design page, I wanted to implement it in SSSD this
>>>> way:
>>>>
>>>> If '_location.host.domain' gives any result than take it as primary
>>>> servers and SRV from 'domain' as backup servers. Otherwise use
>>>> 'domain'
>>>> result as primary servers.
>>>>
>>>> But I'm not so sure now.
>>>>
>>> This is what I would expect too.
>>> If no 'custom' record are available fallback to global records,
>> What is the difference between 'global records' and 'classic SRV records'?
>
> _ldap._tcp._location.example.com
> vs
> _ldap._tcp.example.com

I don't see any definition of the 'global' name _location.domain.com. in the 
design document [1].

What is the meaning of this 'global' record?
Is it site-specific?
If it isn't site-specific, why we need it?
If it is site-specific, how it will be configured/generated? You proposed to 
generate artificial record '_location.example.com' only if parent name 
('example.com') contains A/AAAA record, but that is not mandatory for zone origin.

We should keep number of queries at minimum, so I would not add any 'global' 
records and other layers of indirection without very very good reason.

You know, each query adds latency and network load. Some caching for 
non-existing records is more than good idea. We should not try to lookup 
_locations.client.domain and _location.domain during each domain lookup (in 
case where it is not configured, of course :-).

[1] http://www.freeipa.org/page/V3/DNS_Location_Mechanism

-- 
Petr Spacek

More information about the Freeipa-devel mailing list