Always a pleasure to read you Glyph, Am 15/10/2018 um 2:00 schrieb Glyph:
On Oct 12, 2018, at 12:18 PM, Evilham <contact@evilham.com <mailto:contact@evilham.com>> wrote:
Dear Twisted people,
I've been taking a good look at twisted.names as a sever after checking twisted-infra/braid/services/names and how the zones are saved.
The way the zones are saved there is fairly primitive. It would be nice if we had a more robust backend; in particular I'd love it if we had a DNS API so that e.g. https://github.com/glyph/lancer could talk to something on twistedmatrix.com <http://twistedmatrix.com> to provision HTTPS certificates via the LE DNS-01 challenge.
indeed, this is pretty much one of the main reasons why I am looking into Twisted as a my DNS server :-). Twisted DNS + Klein --> (große) Awesomeness (reading Twisted's source code, makes you prone to bad jokes, that should be an official warning somewhere)
Basically, I wonder what the state-of-afairs of running DNS with twisted is.
We run it on production on twistedmatrix.com <http://twistedmatrix.com> and that site sees plenty of DNS traffic :-).
By checking the code I see a couple things like: * That zone transfers are enabled by default and open to any host and only subclassing would help override that (it is the case on twistedmatrix.com <http://twistedmatrix.com> btw).
It would certainly be nice if this were controllable via a flag. As you notice, this should be a ticket.
Done, ticket #9551. (Trac always thinks I am Spam with probability 90%, wonders!) https://twistedmatrix.com/trac/ticket/9551
* Comments saying how some things are not RFC-compliant, but not how.
Some investigation into these comments to make them more specific would be good.
Also documented in ticket #9552; mostly to use trac as a quick overview. https://twistedmatrix.com/trac/ticket/9552
* That DNSSEC is not implemented
On the one hand, it would be great if someone would take the DNSSEC support already in various branches and get it over the finish line. On the other, DNSSEC is bad (see <https://sockpuppet.org/blog/2015/01/15/against-dnssec/> for example), and is really not necessary to run a real-life DNS server or client, so it's a little difficult for various DNS-interested parties to get excited about it. Nonetheless if people are going to do DNSSEC I'd rather they do it with Twisted than BIND, so if you could help integrate DNSSEC work that is a definite goal for the project! So I hope somebody who disagrees with me about the utility of DNSSEC contributes to it.
:-D I am also not fond of DNSSEC being *the* thing; but apparently email servers complain otherwise in certain environments. Twisted supporting DNSSEC would indeed make things easier.
the other points appear to be somewhat documented in the open tickets: https://twistedmatrix.com/trac/query?status=assigned&status=new&status=reopened&component=names&group=priority&max=200&col=id&col=summary&col=status&col=owner&col=type&col=priority&col=milestone&order=priority
But I wonder if there is something like a roadmap that I haven't seen or a very specific way to start helping on this front.
Right now the main thing we need is a motivated, interested maintainer to advance these goals. This email sounds suspiciously like volunteering to be that :).
Ouch, I guess I'll have to invent a time-dilution bubble first :-D. I'll see what I can do about this (DNS, not time-dilution bubble).
Basically, I'd hate to start working on sth and it overlapping with someone else's work ;).
There's lots of other work in progress, but as you can see from most of them, most of this work is stalled. I'm 100% sure that if you started working on some of these tickets, the people whose work you might duplicate would be /overjoyed/ that someone had done that, so I don't think you need to worry about stepping on anyone's toes.
I checked a couple tickets, and see that there is definitely a need for some cleanup, e.g. this one appears to be ready for closing https://twistedmatrix.com/trac/ticket/5048 as it is marked as duplicate of a closed ticket.
Please go ahead and close it if you are reasonably sure of that!
I was hoping for one of the involved parties remembering and saying "oh yeah, that should be closed" otherwise it requires actual analysis, so I'll leave that for some-time-soon.
Also, I recall this PR from early summer, which appears to have been OK'd but is blocked by some failure in appveyor + buildbot: https://github.com/twisted/twisted/pull/954
Sadly we don't have a queue of "already approved" tickets (that I know of and check, anyway) so if this is stuck, it would be best to put it back into review so it shows up on https://twisted.reviews/ and gets attention.
Added the review keyword again and removed the owner as per the developer documentation. Thank you for the helpful reply, -- Evilham