[net-dns-users] Dual-faced Net::DNS? (was: section RR counts read only)

Calle Dybedahl calle.dybedahl at init.se
Mon Jan 7 10:10:32 UTC 2013

On 20 dec 2012, at 16:58, Dick Franks <rwfranks at acm.org> wrote:

> IMHO the secondary mission would be better served by a separate purpose-built test tool distribution, driven by users who need it, and which would not be routinely redistributed as part of general purpose Linux distributions.

It is increasingly feeling like we're fighting Net::DNS rather than being helped by it. To some extent we've always done that (for example, it's impossible to create Net::DNS::Resolver objects with an empty nameserver list, so we create ours with a known-not-to-exist IP address as the only nameserver). But with the post-0.68 versions, it's starting to look like some behaviors can't be worked around, and we're losing functionality. For example, one of our tests is to check if the email address given in the RNAME field of a SOA record looks reasonably functional, and if not give a useful error message. At the moment, it looks like we can still test for broken addresses (since Net::DNS transforms them into another broken form), but we can no longer give a useful error message, since we cannot get the string that the user actually put in the SOA record. If there is a way to get the plain untranslated ASCII string that came over the wire, I'd very much like to know how.

From my point of view, it's increasingly looking like we'll soon have to fork Net::DNS and maintain our own version of it. We need a "raw" interface to DNS, and every new way in which Net::DNS tries to be helpful is, for us, a hindrance. At some point, it will become hard enough for us to use that maintaining a different version ourselves will become a less painful option. I would rather it not get there, since in the long run that would mean a lot of unnecessary duplicated effort.

I can see the usefulness of a friendly interface to DNS, and I'm sure that for the vast majority of use cases the new things really are improvements. My problem is that in making some things easier, the things I need to do are becoming not just harder but impossible. Harder I could deal with. Impossible, not so much.

Anyway. Here's a suggestion: Instead of splitting off a special test tool distribution, let's give Net::DNS two faces. One nice, friendly, helpful and as far as possible optimized for the common case. One raw, unvarnished and unforgiving and aimed at making possible all the weird things nobody's thought of before. Possibly, the first could be built on top of the second. Or not, depending on what's easiest. 

Since .SE has contracted me for the entire year and we depend heavily on Net::DNS, I am able (and willing) to contribute actual programming effort toward this end.

What do you think? Would this be an acceptable direction to move Net::DNS in?

Calle Dybedahl
calle at init.se -*- +46 703 - 970 612

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/net-dns-users/attachments/20130107/c0b37830/attachment.htm>

More information about the net-dns-users mailing list