[Opendnssec-develop] face2face agenda: design diagrams

[Rick van Rein]

Hello Rickard,

There are a few more agenda items that I would like to propose for Monday.

* Tasks, priorities, scheduling

  I would like to discuss what tasks pop up, where they come from, which
  component is in charge of scheduling.  I think this will be a major
  source of complexity if we want to deliver a reliable signer.

  One of the possible problems that could arise is that there are many
  sources of events, and nobody has an overview of what should be done
  when.  Let alone that it would be possible to schedule downtime for
  maintenance.  (Matthijs pointed out this issue.)

  All these issues make me think that we need some form of realtime
  scheduler, so we don't have to invent too many wheels.

* Robustness through redundancy

  For some applications, such as TLDs and the root zone, we should look
  into what it takes to create a robust setup.  We do not want to fail
  our most important domains "just" because of a local earthquake.
  Designing this into the system is not very difficult, using existing
  clustering techniques, but it is good to have in mind early in the
  design process.

  This can probably be established in the KASP with either of the following
  approaches:

    a) The KASP is redundant, for example because it uses a distributed
       redundancy mechanism (think of MySQL replication, DRBD, ...) and
       the result is that keys are available to all signers.  Slaves can
       simply be directed to the signer that is currently to be trusted.

    b) The DNSKEY records of each of two (or more) independent signers are
       brought into all the signers, in some way that integrates with the
       IXFR approach and/or with the master name server.


Thanks,
 -Rick