Always a pleasure to read you Glyph,
Am 15/10/2018 um 2:00 schrieb Glyph: >> On Oct 12, 2018, at 12:18 PM, Evilham <cont...@evilham.com >> <mailto:cont...@evilham.com>> wrote: >> >> Dear Twisted people, >> >> I've been taking a good look at twisted.names as a sever after checking >> twisted-infra/braid/services/names and how the zones are saved. > > The way the zones are saved there is fairly primitive. It would be nice > if we had a more robust backend; in particular I'd love it if we had a > DNS API so that e.g. https://github.com/glyph/lancer could talk to > something on twistedmatrix.com <http://twistedmatrix.com> to provision > HTTPS certificates via the LE DNS-01 challenge. indeed, this is pretty much one of the main reasons why I am looking into Twisted as a my DNS server :-). Twisted DNS + Klein --> (große) Awesomeness (reading Twisted's source code, makes you prone to bad jokes, that should be an official warning somewhere) >> Basically, I wonder what the state-of-afairs of running DNS with >> twisted is. > > We run it on production on twistedmatrix.com <http://twistedmatrix.com> > and that site sees plenty of DNS traffic :-). > >> By checking the code I see a couple things like: >> * That zone transfers are enabled by default and open to any host and >> only subclassing would help override that (it is the case on >> twistedmatrix.com <http://twistedmatrix.com> btw). > > It would certainly be nice if this were controllable via a flag. As you > notice, this should be a ticket. Done, ticket #9551. (Trac always thinks I am Spam with probability 90%, wonders!) https://twistedmatrix.com/trac/ticket/9551 >> * Comments saying how some things are not RFC-compliant, but not how. > > Some investigation into these comments to make them more specific would > be good. Also documented in ticket #9552; mostly to use trac as a quick overview. https://twistedmatrix.com/trac/ticket/9552 >> * That DNSSEC is not implemented > > On the one hand, it would be great if someone would take the DNSSEC > support already in various branches and get it over the finish line. On > the other, DNSSEC is bad (see > <https://sockpuppet.org/blog/2015/01/15/against-dnssec/> for example), > and is really not necessary to run a real-life DNS server or client, so > it's a little difficult for various DNS-interested parties to get > excited about it. Nonetheless if people are going to do DNSSEC I'd > rather they do it with Twisted than BIND, so if you could help integrate > DNSSEC work that is a definite goal for the project! So I hope somebody > who disagrees with me about the utility of DNSSEC contributes to it. :-D I am also not fond of DNSSEC being *the* thing; but apparently email servers complain otherwise in certain environments. Twisted supporting DNSSEC would indeed make things easier. >> the >> other points appear to be somewhat documented in the open tickets: >> https://twistedmatrix.com/trac/query?status=assigned&status=new&status=reopened&component=names&group=priority&max=200&col=id&col=summary&col=status&col=owner&col=type&col=priority&col=milestone&order=priority >> >> But I wonder if there is something like a roadmap that I haven't seen or >> a very specific way to start helping on this front. > > Right now the main thing we need is a motivated, interested maintainer > to advance these goals. This email sounds suspiciously like > volunteering to be that :). Ouch, I guess I'll have to invent a time-dilution bubble first :-D. I'll see what I can do about this (DNS, not time-dilution bubble). >> Basically, I'd hate to start working on sth and it overlapping with >> someone else's work ;). > > There's lots of other work in progress, but as you can see from most of > them, most of this work is stalled. I'm 100% sure that if you started > working on some of these tickets, the people whose work you might > duplicate would be /overjoyed/ that someone had done that, so I don't > think you need to worry about stepping on anyone's toes. > >> I checked a couple tickets, and see that there is definitely a need for >> some cleanup, e.g. this one appears to be ready for closing >> https://twistedmatrix.com/trac/ticket/5048 >> as it is marked as duplicate of a closed ticket. > > Please go ahead and close it if you are reasonably sure of that! I was hoping for one of the involved parties remembering and saying "oh yeah, that should be closed" otherwise it requires actual analysis, so I'll leave that for some-time-soon. >> Also, I recall this PR from early summer, which appears to have been >> OK'd but is blocked by some failure in appveyor + buildbot: >> https://github.com/twisted/twisted/pull/954 > > Sadly we don't have a queue of "already approved" tickets (that I know > of and check, anyway) so if this is stuck, it would be best to put it > back into review so it shows up on https://twisted.reviews/ and gets > attention. Added the review keyword again and removed the owner as per the developer documentation. Thank you for the helpful reply, -- Evilham
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com https://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
